(DOCSP-16408): Expose connection string for deployments for easy of use (#559)

jwilliams-mongo · web-flow · commit f646ed19e778 · 2021-06-16T15:24:58.000+01:00
diff --git a/docs/deploy-configure.md b/docs/deploy-configure.md
@@ -24,12 +24,58 @@ To deploy your first replica set:
    ```
    kubectl get mongodbcommunity --namespace <my-namespace>
    ```
-4. Connect clients to the MongoDB replica set:
+
+4. The Community Kubernetes Operator creates secrets that contains users' connection strings and credentials.
+
+   The secrets follow this naming convention: `<metadata.name>-<auth-db>-<username>`, where:
+
+   | Variable | Description | Value in Sample |
+   |----|----|----|
+   | `<metadata.name>` | Name of the MongoDB database resource. | `example-mongodb` |
+   | `<auth-db>` | [Authentication database](https://docs.mongodb.com/manual/core/security-users/#std-label-user-authentication-database) where you defined the database user. | `admin` |
+   | `<username>` | Username of the database user. | `my-user` |
+
+   Update the variables in the following command, then run it to retrieve a user's connection strings to the replica set from the secret:
+
+   **NOTE**: The following command requires [jq](https://stedolan.github.io/jq/) version 1.6 or higher.</br></br>
+
+   ```sh
+   kubectl get secret <metadata.name>-<auth-db>-<username> -n mongodb -o json | \ 
+   jq -r '.data | with_entries(.value |= @base64d)'
+   ```
+
+   The command returns the replica set's standard and DNS seed list [connection strings](https://docs.mongodb.com/manual/reference/connection-string/#connection-string-formats) in addition to the user's name and password:
+
+   ```json
+   {
+     "connectionString.standard": "mongodb://<username>:<password>@example-mongodb-0.example-mongodb-svc.mongodb.svc.cluster.local:27017,example-mongodb-1.example-mongodb-svc.mongodb.svc.cluster.local:27017,example-mongodb-2.example-mongodb-svc.mongodb.svc.cluster.local:27017/admin?ssl=true",
+     "connectionString.standardSrv": "mongodb+srv://<username>:<password>@example-mongodb-svc.mongodb.svc.cluster.local/admin?ssl=true",
+     "password": "<password>",
+     "username": "<username>"
+   }
+   ```
+
+   **NOTE**: The Community Kubernetes Operator sets the [`ssl` connection option](https://docs.mongodb.com/manual/reference/connection-string/#connection-options) to `true` if you [Secure MongoDB Resource Connections using TLS](secure.md#secure-mongodb-resource-connections-using-tls).</br></br>
+
+   You can use the connection strings in this secret in your application:
+
+   ```yaml
+   containers:
+    - name: test-app
+      env:
+       - name: "CONNECTION_STRING"
+         valueFrom:
+           secretKeyRef:
+             name: <metadata.name>-<auth-db>-<username>
+             key: connectionString.standardSrv
+
+5. Use one of the connection strings returned in the previous step to connect to the replica set:
    ```
-   mongo "mongodb://<service-object-name>.<namespace>.svc.cluster.local:27017/?replicaSet=<replica-set-name>"
+   mongo "mongodb+srv://<username>:<password>@example-mongodb-svc.mongodb.svc.cluster.local/admin?ssl=true"
    ```
-**NOTE**: You can access each `mongod` process in the replica set only from within a pod
-running in the cluster.
+
+   **NOTE**: You can access each `mongod` process in the replica set only from within a pod running in the cluster.
+
 
 ## Scale a Replica Set
 
