DOCSP-47923 Kubernetes for OIDC (#640)

lindseymoore · web-flow · commit 5a3f648d1571 · 2025-03-10T15:15:35.000-04:00
* rebase and add

* spacing
diff --git a/source/security/auth/oidc.txt b/source/security/auth/oidc.txt
@@ -77,6 +77,12 @@ see the corresponding syntax:
 
    .. tab:: Connection String
       :tabid: mongodb-azure-imds-connection-string
+
+      To specify Azure IMDS OIDC as the authentication mechanism, set the following 
+      options in your connection string:
+
+      - ``authMechanism``: Set to ``MONGODB-OIDC``.
+      - ``authMechanismProperties``: Set to ``ENVIRONMENT:azure``.
     
       Replace the ``<percent-encoded audience>`` placeholder in the
       following code with the percent-encoded value of the audience server
@@ -134,6 +140,12 @@ see the corresponding syntax:
 
    .. tab:: Connection String
       :tabid: mongodb-gcp-imds-connection-string
+
+      To specify GCP IMDS OIDC as the authentication mechanism, set the following 
+      options in your connection string:
+
+      - ``authMechanism``: Set to ``MONGODB-OIDC``.
+      - ``authMechanismProperties``: Set to ``ENVIRONMENT:gcp``.
     
       Replace the ``<percent-encoded audience>`` placeholder in the
       following code with the percent-encoded value of the audience server
@@ -160,7 +172,7 @@ see the corresponding syntax:
       
       .. code-block:: java
 
-         MongoCredential credential = MongoCredential.createOidcCredential()
+         MongoCredential credential = MongoCredential.createOidcCredential(null)
             .withMechanismProperty("ENVIRONMENT", "gcp")
             .withMechanismProperty("TOKEN_RESOURCE", "<audience>");
    
@@ -171,6 +183,51 @@ see the corresponding syntax:
                  .credential(credential)
                  .build());
 
+Kubernetes
+~~~~~~~~~~
+
+If your application runs on a Kubernetes cluster, you can authenticate to MongoDB 
+by using the {+driver-short+}'s built-in Kubernetes support.
+
+Select from the :guilabel:`Connection String` or :guilabel:`MongoCredential` tabs to
+see the corresponding syntax.
+
+.. tabs::
+
+   .. tab:: Connection String
+      :tabid: mongodb-kubernetes-connection-string
+
+      To specify Kubernetes OIDC as the authentication mechanism, set the following 
+      options in your connection string:
+
+      - ``authMechanism``: Set to ``MONGODB-OIDC``.
+      - ``authMechanismProperties``: Set to ``ENVIRONMENT:k8s``. 
+
+      .. code-block:: java
+
+         MongoClient mongoClient = MongoClients.create(
+            "mongodb://<hostname>:<port>/" +
+            "?authMechanism=MONGODB-OIDC" +
+            "&authMechanismProperties=ENVIRONMENT:k8s");
+
+   .. tab:: MongoCredential
+      :tabid: mongodb-kubernetes-mongo-credential
+
+      Replace the ``hostname`` and ``port`` with the network address and port 
+      number of your MongoDB deployment.
+
+      .. code-block:: java
+
+         MongoCredential credential = MongoCredential.createOidcCredential(null)
+            .withMechanismProperty("ENVIRONMENT", "k8s");
+
+         MongoClient mongoClient = MongoClients.create(
+            MongoClientSettings.builder()
+               .applyToClusterSettings(builder ->
+                      builder.hosts(Arrays.asList(new ServerAddress("<hostname>", <port>))))
+               .credential(credential)
+               .build());
+
 Custom Callback
 ~~~~~~~~~~~~~~~
 
