Docs Menu
Docs Home
/
MongoDB Enterprise Kubernetes Operator
/

Enable Authentication

On this page

  • Example Deployment CRD
  • Example User CRD

The Kubernetes Operator supports X.509, LDAP, and SCRAM user authentication.

Note

You must create an additional CustomResourceDefinition for your MongoDB users and the MongoDB Agent instances. The Kubernetes Operator generates and distributes the certificate.

See the full X.509 certificates configuration examples in the x509 Authentication directory in the Authentication samples directory. This directory also contains sample LDAP and SCRAM configurations.

1apiVersion: mongodb.com/v1
2kind: MongoDB
3metadata:
4 name: my-tls-enabled-rs
5spec:
6 type: ReplicaSet
7 members: 3
8 version: "4.0.4-ent"
9 project: my-project
10 credentials: my-credentials
11 security:
12 tls:
13 enabled: true
14 authentication:
15 enabled: true
16 modes: ["X509"]
17 internalCluster: "X509"
1apiVersion: mongodb.com/v1
2kind: MongoDBUser
3metadata:
4 name: user-with-roles
5spec:
6 username: "CN=mms-user-1,OU=cloud,O=MongoDB,L=New York,ST=New York,C=US"
7 db: "$external"
8 project: my-project
9 roles:
10 - db: "admin"
11 name: "clusterAdmin"

Tip

See also:

Back

Configure Encryption at Rest