DOCSP-44256 Add Kubernetes Support for OIDC (#950)

lindseymoore · web-flow · commit 3e0e04e43c36 · 2024-12-16T13:27:45.000-05:00
* DOCSP-44256 Add Kubernetes Support for OIDC

* edits and remove monospace from titles

* change depth to 2

* tech review fix for import
diff --git a/source/fundamentals/authentication/enterprise-mechanisms.txt b/source/fundamentals/authentication/enterprise-mechanisms.txt
@@ -7,7 +7,7 @@ Enterprise Authentication Mechanisms
 .. contents:: On this page
    :local:
    :backlinks: none
-   :depth: 1
+   :depth: 2
    :class: singlecol
 
 .. facet::
@@ -21,8 +21,8 @@ In this guide, you can find sample code for connection to MongoDB with each
 authentication mechanism available in the MongoDB Enterprise Edition:
 ``Kerberos (GSSAPI/SSPI)``, ``LDAP (PLAIN)``, and ``MONGODB-OIDC``.
 
-``Kerberos (GSSAPI/SSPI)``
---------------------------
+Kerberos (GSSAPI/SSPI)
+----------------------
 
 .. note::
    The Node.js driver supports Kerberos on UNIX using the MIT Kerberos library
@@ -102,8 +102,8 @@ The following code sample authenticates to Kerberos for UNIX using ``GSSAPI``.
    `GSSAPI RFC-4652 <https://tools.ietf.org/html/rfc4752>`_, the SASL
    mechanism.
 
-``LDAP (PLAIN)``
-----------------
+LDAP (PLAIN)
+------------
 
 The ``PLAIN`` authentication mechanism uses your username and password to
 authenticate to a Lightweight Directory Access Protocol (LDAP) server.
@@ -226,12 +226,35 @@ The following code example shows how to set the preceding connection options:
                + "&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:<audience>";
    const client = new MongoClient(uri);
 
+Kubernetes
+~~~~~~~~~~
+
+If your application runs on a Kubernetes cluster, you can authenticate to MongoDB by using
+the {+driver-short+}'s built-in Kubernetes support.
+
+To specify Kubernetes OIDC as the authentication mechanism, set the following 
+options in your connection string:
+
+- ``authMechanism``: Set to ``MONGODB-OIDC``.
+- ``authMechanismProperties``: Set to ``ENVIRONMENT:k8s``. 
+
+The following code example shows how to set the preceding connection options:
+
+.. code-block:: js
+  :emphasize-lines: 3-4
+  
+  import { MongoClient } from "mongodb";
+
+  const uri = "mongodb://<hostname>:<port>/?authMechanism=MONGODB-OIDC" 
+              + "&authMechanismProperties=ENVIRONMENT:k8s";
+  const client = new MongoClient(uri);
+
 Custom Callback
 ~~~~~~~~~~~~~~~
 
 The {+driver-short+} doesn't offer built-in support for all platforms, including
-Azure Functions and Azure Kubernetes Service (AKS). Instead, you
-must define a custom callback to use OIDC to authenticate from these platforms.
+Azure Functions. Instead, you must define a custom callback to use OIDC to 
+authenticate from these platforms.
 
 First, define a function that retrieves the access token to use for OIDC authentication.
 This function must have the following signature:
