diff --git a/source/includes/authentication/kubernetes-connection-string.py b/source/includes/authentication/kubernetes-connection-string.py new file mode 100644 index 00000000..14046f95 --- /dev/null +++ b/source/includes/authentication/kubernetes-connection-string.py @@ -0,0 +1,8 @@ +from pymongo import MongoClient + +# start-kubernetes-connection-string +uri = ("mongodb[+srv]://:/?" + "authMechanism=MONGODB-OIDC" + "&authMechanismProperties=ENVIRONMENT:k8s") +client = MongoClient(uri) +# end-kubernetes-connection-string \ No newline at end of file diff --git a/source/includes/authentication/kubernetes-mongoclient.py b/source/includes/authentication/kubernetes-mongoclient.py new file mode 100644 index 00000000..099d0aef --- /dev/null +++ b/source/includes/authentication/kubernetes-mongoclient.py @@ -0,0 +1,10 @@ +from pymongo import MongoClient + +# start-kubernetes-mongoclient +properties = {"ENVIRONMENT": "k8s"} +client = MongoClient( + "mongodb[+srv]://:", + authMechanism="MONGODB-OIDC", + authMechanismProperties=properties +) +# end-kubernetes-mongoclient \ No newline at end of file diff --git a/source/security/authentication/oidc.txt b/source/security/authentication/oidc.txt index 00a40cfc..c68e4c2b 100644 --- a/source/security/authentication/oidc.txt +++ b/source/security/authentication/oidc.txt @@ -293,4 +293,36 @@ constructor: .. literalinclude:: /includes/authentication/gcp-gke-mongoclient.py :language: python :copyable: true - :emphasize-lines: 11-15 \ No newline at end of file + :emphasize-lines: 11-15 + +.. _pymongo-mongodb-oidc-kubernetes: + +Kubernetes +~~~~~~~~~~ + +If your application runs on a Kubernetes cluster, you can authenticate to MongoDB by using +{+driver-short+}'s built-in Kubernetes support. + +You can configure OIDC for Kubernetes in two ways: by passing arguments to the +``MongoClient`` constructor or through parameters in your connection string. Select from +the following tabs to see how to enable Kubernetes authentication for your application: + +.. tabs:: + + .. tab:: MongoClient + :tabid: mongoclient + + .. literalinclude:: /includes/authentication/kubernetes-mongoclient.py + :language: python + :copyable: true + :start-after: start-kubernetes-mongoclient + :end-before: end-kubernetes-mongoclient + + .. tab:: Connection String + :tabid: connectionstring + + .. literalinclude:: /includes/authentication/kubernetes-connection-string.py + :language: python + :copyable: true + :start-after: start-kubernetes-connection-string + :end-before: end-kubernetes-connection-string