Skip to content

Commit ebbb435

Browse files
mcmorisimcmorisi
committed
DOCSP-42014: Add OIDC Kubernetes support (#184)
(cherry picked from commit be97abd)
1 parent 4281bb3 commit ebbb435

File tree

3 files changed

+51
-1
lines changed

3 files changed

+51
-1
lines changed

source/includes/authentication/kubernetes-connection-string.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
from pymongo import MongoClient
2+
3+
# start-kubernetes-connection-string
4+
uri = ("mongodb[+srv]://<hostname>:<port>/?"
5+
"authMechanism=MONGODB-OIDC"
6+
"&authMechanismProperties=ENVIRONMENT:k8s")
7+
client = MongoClient(uri)
8+
# end-kubernetes-connection-string

source/includes/authentication/kubernetes-mongoclient.py

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
from pymongo import MongoClient
2+
3+
# start-kubernetes-mongoclient
4+
properties = {"ENVIRONMENT": "k8s"}
5+
client = MongoClient(
6+
"mongodb[+srv]://<hostname>:<port>",
7+
authMechanism="MONGODB-OIDC",
8+
authMechanismProperties=properties
9+
)
10+
# end-kubernetes-mongoclient

source/security/authentication/oidc.txt

Lines changed: 33 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -293,4 +293,36 @@ constructor:
293293
.. literalinclude:: /includes/authentication/gcp-gke-mongoclient.py
294294
:language: python
295295
:copyable: true
296-
:emphasize-lines: 11-15
296+
:emphasize-lines: 11-15
297+
298+
.. _pymongo-mongodb-oidc-kubernetes:
299+
300+
Kubernetes
301+
~~~~~~~~~~
302+
303+
If your application runs on a Kubernetes cluster, you can authenticate to MongoDB by using
304+
{+driver-short+}'s built-in Kubernetes support.
305+
306+
You can configure OIDC for Kubernetes in two ways: by passing arguments to the
307+
``MongoClient`` constructor or through parameters in your connection string. Select from
308+
the following tabs to see how to enable Kubernetes authentication for your application:
309+
310+
.. tabs::
311+
312+
.. tab:: MongoClient
313+
:tabid: mongoclient
314+
315+
.. literalinclude:: /includes/authentication/kubernetes-mongoclient.py
316+
:language: python
317+
:copyable: true
318+
:start-after: start-kubernetes-mongoclient
319+
:end-before: end-kubernetes-mongoclient
320+
321+
.. tab:: Connection String
322+
:tabid: connectionstring
323+
324+
.. literalinclude:: /includes/authentication/kubernetes-connection-string.py
325+
:language: python
326+
:copyable: true
327+
:start-after: start-kubernetes-connection-string
328+
:end-before: end-kubernetes-connection-string

0 commit comments

Comments
 (0)