Skip to content

Commit f877719

Browse files
mcmorisimcmorisi
committed
DOCSP-42014: Add OIDC Kubernetes support
1 parent 052b97b commit f877719

File tree

3 files changed

+56
-1
lines changed

3 files changed

+56
-1
lines changed

source/includes/authentication/kubernetes-connection-string.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
from pymongo import MongoClient
2+
3+
# start-kubernetes-connection-string
4+
uri = ("mongodb[+srv]://<hostname>:<port>/?"
5+
"authMechanism=MONGODB-OIDC"
6+
"&authMechanismProperties=ENVIRONMENT:k8s")
7+
client = MongoClient(uri)
8+
# end-kubernetes-connection-string

source/includes/authentication/kubernetes-mongoclient.py

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
from pymongo import MongoClient
2+
3+
# start-kubernetes-mongoclient
4+
properties = {"ENVIRONMENT": "k8s"}
5+
client = MongoClient(
6+
"mongodb[+srv]://<hostname>:<port>",
7+
authMechanism="MONGODB-OIDC",
8+
authMechanismProperties=properties
9+
)
10+
# end-kubernetes-mongoclient

source/security/authentication/oidc.txt

Lines changed: 38 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -293,4 +293,41 @@ constructor:
293293
.. literalinclude:: /includes/authentication/gcp-gke-mongoclient.py
294294
:language: python
295295
:copyable: true
296-
:emphasize-lines: 11-15
296+
:emphasize-lines: 11-15
297+
298+
.. _pymongo-mongodb-oidc-kubernetes:
299+
300+
Kubernetes
301+
~~~~~~~~~~
302+
303+
If your application runs on a Kubernetes cluster, you can authenticate to MongoDB by using
304+
{+driver-short+}'s built-in Kubernetes support.
305+
306+
You can configure OIDC for Kubernetes in two ways: by passing arguments to the
307+
``MongoClient`` constructor or through parameters in your connection string.
308+
309+
.. tabs::
310+
311+
.. tab:: MongoClient
312+
:tabid: mongoclient
313+
314+
The following example shows how to configure your ``MongoClient`` to authenticate
315+
to MongoDB by using Kubernetes:
316+
317+
.. literalinclude:: /includes/authentication/kubernetes-mongoclient.py
318+
:language: python
319+
:copyable: true
320+
:start-after: start-kubernetes-mongoclient
321+
:end-before: end-kubernetes-mongoclient
322+
323+
.. tab:: Connection String
324+
:tabid: connectionstring
325+
326+
The following example shows how to configure your connection string to authenticate
327+
to MongoDB by using Kubernetes:
328+
329+
.. literalinclude:: /includes/authentication/kubernetes-connection-string.py
330+
:language: python
331+
:copyable: true
332+
:start-after: start-kubernetes-connection-string
333+
:end-before: end-kubernetes-connection-string

0 commit comments

Comments
 (0)