Docs Menu
Docs Home
/
MongoDB Enterprise Kubernetes Operator
/

MongoDB User Resource Specification

On this page

  • Example
  • Required MongoDBUser Resource Settings
  • Optional MongoDBUser Resource Settings

The MongoDBUser custom resource lets you configure the authentication and roles required for a user to access a MongoDB database.

The following example shows a resource specification for a MongoDBUser custom resource:

1---
2apiVersion: mongodb.com/v1
3kind: MongoDBUser
4metadata:
5 name: ldap-user-1
6spec:
7 username: "uid=mdb0,dc=example,dc=org"
8 db: "$external"
9 mongodbResourceRef:
10 name: ldap-replica-set
11 roles:
12 - db: "admin"
13 name: "clusterAdmin"
14 - db: "admin"
15 name: "readWriteAnyDatabase"
16 - db: "admin"
17 name: "dbAdminAnyDatabase"
18
19...

This section describes settings that you must use for all MongoDBUser resources.

apiVersion

Type: string

Version of the MongoDB Kubernetes resource schema.

kind

Type: string

Kind of MongoDB Kubernetes resource to create. Set this to MongoDBUser.

metadata.name

Type: string

Human-readable name so you can identify this particular MongoDBUser resource.

Resource names must be 44 characters or less.

spec.db

Type: string

Name of the MongoDB database that these users will access. The default is admin.

spec.username

Type: string

Human-readable label that identifies the user needed to authenticate to the MongoDB database or collection.

The MongoDBUser custom resource can use the following settings:

spec.connectionStringSecretName

Type: string

Name of the connection string secret that the Kubernetes Operator creates.

When you create a new MongoDB database user, Kubernetes Operator automatically creates a new Kubernetes secret. The Kubernetes secret contains the following information about the new database user:

  • username: Username for the database user

  • password: Password for the database user

  • connectionString.standard: Standard connection string that can connect you to the database as this database user.

  • connectionString.standardSrv: DNS seed list connection string that can connect you to the database as this database user.

spec.mongodbResourceRef.name

Type: string

Name of the MongoDB resource to which this user is associated. For example, my-resource.

spec.mongodbResourceRef.namespace

Type: string

The namespace that contains the secret for this user. If unspecified, the Kubernetes Operator keeps connection secrets in the same namespace as the MongoDBUser custom resource.

spec.passwordSecretKeyRef.name

Type: string

metadata.name value of the secret that stores the user's password. For example, my-secret-name.

spec.passwordSecretKeyRef.key

Type: string

Name of the field in the secret that contains the password for this MongoDB database user.

To learn more, see the Kubernetes documentation.

spec.roles.db

Type: string

MongoDB database on which the role can act. For example, admin.

spec.roles.name

Type: string

Name of the role to grant the database user.

Back

Ops Manager