Enable Authentication

On this page

Example Deployment CRD

Example User CRD

The Kubernetes Operator supports X.509, LDAP, and SCRAM user authentication.

Note

For LDAP configuration, see the spec.security.authentication.agents.automationLdapGroupDN setting.

You must create an additional CustomResourceDefinition for your MongoDB users and the MongoDB Agent instances. The Kubernetes Operator generates and distributes the certificate.

See the full X.509 certificates configuration examples in the x509 Authentication directory in the Authentication samples directory. This directory also contains sample LDAP and SCRAM configurations.

Example Deployment CRD

1 apiVersion: mongodb.com/v1
2 kind: MongoDB
3 metadata:
4   name: my-tls-enabled-rs
5 spec:
6   type: ReplicaSet
7   members: 3
8   version: "4.0.4-ent"
9   project: my-project
10   credentials: my-credentials
11   security:
12     tls:
13       enabled: true
14     authentication:
15       enabled: true
16       modes: ["X509"]
17       internalCluster: "X509"

Example User CRD

1 apiVersion: mongodb.com/v1
2 kind: MongoDBUser
3 metadata:
4   name: user-with-roles
5 spec:
6   username: "CN=mms-user-1,OU=cloud,O=MongoDB,L=New York,ST=New York,C=US"
7   db: "$external"
8   project: my-project
9   roles:
10     - db: "admin"
11       name: "clusterAdmin"

Enable Authentication

Note

Example Deployment CRD

Example User CRD

Tip

See also:

1	apiVersion: mongodb.com/v1
2	kind: MongoDB
3	metadata:
4	name: my-tls-enabled-rs
5	spec:
6	type: ReplicaSet
7	members: 3
8	version: "4.0.4-ent"
9	project: my-project
10	credentials: my-credentials
11	security:
12	tls:
13	enabled: true
14	authentication:
15	enabled: true
16	modes: ["X509"]
17	internalCluster: "X509"

1	apiVersion: mongodb.com/v1
2	kind: MongoDBUser
3	metadata:
4	name: user-with-roles
5	spec:
6	username: "CN=mms-user-1,OU=cloud,O=MongoDB,L=New York,ST=New York,C=US"
7	db: "$external"
8	project: my-project
9	roles:
10	- db: "admin"
11	name: "clusterAdmin"