Enable Authentication
On this page
The Kubernetes Operator supports X.509, LDAP, and SCRAM user authentication.
Note
For LDAP configuration, see the
spec.security.authentication.agents.automationLdapGroupDN
setting.
You must create an additional CustomResourceDefinition for your MongoDB users and the MongoDB Agent instances. The Kubernetes Operator generates and distributes the certificate.
See the full X.509 certificates configuration examples in the x509 Authentication directory in the Authentication samples directory. This directory also contains sample LDAP and SCRAM configurations.
Example Deployment CRD
1 apiVersion: mongodb.com/v1 2 kind: MongoDB 3 metadata: 4 name: my-tls-enabled-rs 5 spec: 6 type: ReplicaSet 7 members: 3 8 version: "4.0.4-ent" 9 project: my-project 10 credentials: my-credentials 11 security: 12 tls: 13 enabled: true 14 authentication: 15 enabled: true 16 modes: ["X509"] 17 internalCluster: "X509"
Example User CRD
1 apiVersion: mongodb.com/v1 2 kind: MongoDBUser 3 metadata: 4 name: user-with-roles 5 spec: 6 username: "CN=mms-user-1,OU=cloud,O=MongoDB,L=New York,ST=New York,C=US" 7 db: "$external" 8 project: my-project 9 roles: 10 - db: "admin" 11 name: "clusterAdmin"