mongodb
diff --git a/‎config/redirects
Lines changed: 1 addition & 0 deletions b/‎config/redirects
Lines changed: 1 addition & 0 deletions
diff --git a/‎source/includes/facts/fact-after-deploy-with-tls.rst
Lines changed: 6 additions & 0 deletions b/‎source/includes/facts/fact-after-deploy-with-tls.rst
Lines changed: 6 additions & 0 deletions
diff --git a/‎source/includes/facts/ldap-considerations.rst
Lines changed: 3 additions & 1 deletion b/‎source/includes/facts/ldap-considerations.rst
Lines changed: 3 additions & 1 deletion
diff --git a/‎source/includes/list-tables/ldap-settings.rst
Lines changed: 3 additions & 20 deletions b/‎source/includes/list-tables/ldap-settings.rst
Lines changed: 3 additions & 20 deletions
diff --git a/‎source/includes/steps-deploy-k8s-replica-set-ldap.yaml
Lines changed: 7 additions & 32 deletions b/‎source/includes/steps-deploy-k8s-replica-set-ldap.yaml
Lines changed: 7 additions & 32 deletions
diff --git a/‎source/includes/steps-deploy-k8s-replica-set-with-tls.yaml
Lines changed: 106 additions & 0 deletions b/‎source/includes/steps-deploy-k8s-replica-set-with-tls.yaml
Lines changed: 106 additions & 0 deletions
diff --git a/‎source/includes/steps-deploy-k8s-replica-set-x509-custom.yaml
Lines changed: 3 additions & 35 deletions b/‎source/includes/steps-deploy-k8s-replica-set-x509-custom.yaml
Lines changed: 3 additions & 35 deletions
@@ -91,3 +91,4 @@ raw: docs/kubernetes-operator/release-notes -> ${base}/stable/release-notes/
 # All Versions
 
 [*]: docs/kubernetes-operator/${version}/tutorial/secure-om-with-tls -> ${base}/${version}/tutorial/deploy-om-container
+[*]: docs/kubernetes-operator/${version}/tutorial/secure-tls -> ${base}/${version}/tutorial/deploy-replica-set
@@ -0,0 +1,6 @@
+After you encrypt your database resource with |tls|, you can secure the
+following:
+
+- :ref:`Client authentication with LDAP <secure-ldap-auth>`
+- :ref:`Client authentication with X.509 <secure-x509-auth>`
+- :ref:`Internal authentication with X.509 <secure-internal-auth>`
@@ -5,7 +5,9 @@
   The procedures in this section describe the required settings and
   provide examples of LDAP configuration.
 
-- To improve security, consider :ref:`configuring TLS <secure-tls>`.
+- To improve security, consider deploying a
+  :ref:`TLS-encrypted replica set <tls-for-replica-set>` or a 
+  :ref:`TLS-encrypted sharded cluster <tls-for-sharded-cluster>`.
   Encryption with |tls| is optional. By default, |ldap| traffic is sent
   as plain text. This means that username and password are exposed to
   network threats. Many modern directory services, such as Microsoft
 
@@ -59,8 +59,9 @@
        | :setting:`.authentication.ldap.transportSecurity<spec.security.authentication.ldap.transportSecurity>`
      - | string,
        | optional
-     - Set to ``tls`` to use LDAPS (LDAP over |tls|). Leave blank if your
-       LDAP server doesn't accept TLS.
+     - Set to ``tls`` to use LDAPS (LDAP over |tls|). Leave blank if
+       your LDAP server doesn't accept TLS. You must enable TLS when you
+       deploy the database resource to use this setting.
      - ``tls``
 
    * - | ``spec.security``
@@ -84,21 +85,3 @@
        | required
      - Set to ``LDAP`` to enable authentication through LDAP.
      - ``LDAP``
-
-   * - | ``spec.security``
-       | :setting:`.certsSecretPrefix<spec.security.certsSecretPrefix>`
-     - | string,
-       | optional
-     - Add the ``<prefix>`` of the secret name that contains your
-       MongoDB deployment's |tls| certificates.
-
-       .. include:: /includes/fact-example-secret-prefix-cluster-file.rst
-     - ``devDb``
-
-   * - | ``spec.security``
-       | :setting:`.tls.ca<spec.security.tls.ca>`
-     - | string,
-       | optional
-     - Add the |k8s-configmap|\'s name that stores the custom |certauth|
-       that you used to sign your deployment's |tls| certificates.
-     - ``<custom-ca>``
@@ -1,30 +1,5 @@
 ---
-ref: configure-kubectl-repl-ldap
 stepnum: 1
-inherit:
-  file: steps-configure-kubectl-namespace.yaml
-  ref: configure-kubectl-namespace
----
-stepnum: 2
-ref: create-k8s-rs-tls-secret
-source:
-  file: steps-source-deploy-k8s-resource.yaml
-  ref: create-rs-tls-secret
----
-stepnum: 3
-ref: create-k8s-rs-agent-secret
-source:
-  file: steps-source-deploy-k8s-resource.yaml
-  ref: create-agent-tls-secret
----
-stepnum: 4
-ref: create-k8s-rs-tls-configmap
-source:
-  file: steps-source-deploy-k8s-resource.yaml
-  ref: create-rs-tls-configmap
-
----
-stepnum: 5
 ref: copy-k8s-example-rs-ldap
 source:
   file: steps-source-deploy-k8s-resource.yaml
@@ -47,18 +22,18 @@ replacement:
       :linenos:
       :lineno-start: 16
       :start-after: START-tls-replset-lower-custom
-      :end-before: END-tls-replset-lower-custom
+      :end-before: tls
 
 ---
-stepnum: 6
+stepnum: 2
 ref: paste-k8s-example-rs-ldap
 source:
   file: steps-source-deploy-k8s-resource.yaml
   ref: paste-k8s-example-resource-section
 replacement:
   k8sResource: :term:`replica set`
 ---
-stepnum: 7
+stepnum: 3
 ref: k8s-add-rs-ldap
 source:
   file: steps-source-deploy-k8s-resource.yaml
@@ -67,7 +42,7 @@ replacement:
   k8sResource: :term:`replica set`
 
 ---
-stepnum: 8
+stepnum: 4
 ref: k8s-add-rs-ldap-agent
 source:
   file: steps-source-deploy-k8s-resource.yaml
@@ -76,15 +51,15 @@ replacement:
   k8sResource: :term:`replica set`
 
 ---
-stepnum: 9
+stepnum: 5
 ref: save-object-spec-rs-ldap
 source:
   file: steps-source-deploy-k8s-resource.yaml
   ref: save-object-spec-update
 replacement:
   k8sResource: :term:`replica set`
 ---
-stepnum: 10
+stepnum: 6
 ref: start-k8s-deployment-rs-ldap
 source:
   file: steps-source-deploy-k8s-resource.yaml
@@ -93,7 +68,7 @@ replacement:
   k8sResource: :term:`replica set`
   k8sResourceType: replica-set
 ---
-stepnum: 11
+stepnum: 7
 title: "Track the status of your deployment."
 level: 4
 ref: track-k8s-deployment-basic-rs-ldap
 
@@ -0,0 +1,106 @@
+---
+ref: configure-kubectl-repl
+stepnum: 1
+inherit:
+  file: steps-configure-kubectl-namespace.yaml
+  ref: configure-kubectl-namespace
+---
+stepnum: 2
+ref: create-k8s-rs-tls-secret
+source:
+  file: steps-source-deploy-k8s-resource.yaml
+  ref: create-rs-tls-secret
+---
+stepnum: 3
+ref: create-k8s-rs-agent-secret
+source:
+  file: steps-source-deploy-k8s-resource.yaml
+  ref: create-agent-tls-secret
+---
+stepnum: 4
+ref: create-k8s-rs-tls-configmap
+source:
+  file: steps-source-deploy-k8s-resource.yaml
+  ref: create-rs-tls-configmap
+---
+stepnum: 5
+ref: copy-k8s-example-rs
+source:
+  file: steps-source-deploy-k8s-resource.yaml
+  ref: copy-k8s-example-resource
+replacement:
+  k8sResource: :term:`replica set`
+  k8sExampleFileName: example-replica-set.yaml
+  k8sResourceType: replica-set
+  k8sExample: |
+
+   .. literalinclude:: /includes/code-examples/yaml-files/example-replica-set.yaml
+      :language: yaml
+      :linenos:
+      :start-after: START-regular-replset
+      :end-before: ...
+  
+   .. literalinclude:: /includes/code-examples/yaml-files/example-replica-set.yaml
+      :language: yaml
+      :linenos:
+      :lineno-start: 16
+      :start-after: START-tls-replset-lower-custom
+      :end-before: END-tls-replset-lower-custom
+---
+stepnum: 6
+ref: paste-k8s-example-rs
+source:
+  file: steps-source-deploy-k8s-resource.yaml
+  ref: paste-new-k8s-example-resource
+replacement:
+  k8sResource: :term:`replica set`
+---
+stepnum: 7
+ref: change-k8s-example-rs
+source:
+  file: steps-source-deploy-k8s-resource.yaml
+  ref: change-k8s-rs-values
+replacement:
+  k8sResource: :term:`replica set`
+---
+stepnum: 8
+ref: k8s-add-rs-tls
+source:
+  file: steps-source-deploy-k8s-resource.yaml
+  ref: add-tls-settings-custom-ca
+replacement:
+  k8sResource: :term:`replica set`
+---
+stepnum: 9
+ref: add-other-spec-rs
+source:
+  file: steps-source-deploy-k8s-resource.yaml
+  ref: add-k8s-rs-values
+replacement:
+  k8sResource: :term:`replica set`
+---
+stepnum: 10
+ref: save-object-spec-rs
+source:
+  file: steps-source-deploy-k8s-resource.yaml
+  ref: save-object-spec
+replacement:
+  k8sResource: :term:`replica set`
+---
+stepnum: 11
+ref: start-k8s-deployment-rs
+source:
+  file: steps-source-deploy-k8s-resource.yaml
+  ref: start-k8s-deployment
+replacement:
+  k8sResource: :term:`replica set`
+  k8sResourceType: replica-set
+---
+stepnum: 12
+ref: track-k8s-deployment-rs
+source:
+  file: steps-source-deploy-k8s-resource.yaml
+  ref: track-k8s-deployment-basic
+replacement:
+  k8sResource: :term:`replica set`
+...
@@ -1,28 +1,4 @@
 ---
-ref: configure-kubectl-repl-x509
-stepnum: 1
-inherit:
-  file: steps-configure-kubectl-namespace.yaml
-  ref: configure-kubectl-namespace
----
-stepnum: 2
-ref: create-k8s-rs-tls-secret
-source:
-  file: steps-source-deploy-k8s-resource.yaml
-  ref: create-rs-tls-secret
----
-stepnum: 3
-ref: create-k8s-rs-agent-secret
-source:
-  file: steps-source-deploy-k8s-resource.yaml
-  ref: create-agent-tls-secret
----
-stepnum: 4
-ref: create-k8s-rs-tls-configmap
-source:
-  file: steps-source-deploy-k8s-resource.yaml
-  ref: create-rs-tls-configmap
----
 stepnum: 5
 ref: copy-k8s-example-rs-x509
 source:
@@ -58,30 +34,22 @@ replacement:
   k8sResource: :term:`replica set`
 ---
 stepnum: 7
-ref: k8s-add-rs-tls
-source:
-  file: steps-source-deploy-k8s-resource.yaml
-  ref: add-tls-settings-custom-ca
-replacement:
-  k8sResource: :term:`replica set`
----
-stepnum: 8
 ref: k8s-add-rs-x509
 source:
   file: steps-source-deploy-k8s-resource.yaml
   ref: add-client-x509-settings
 replacement:
   k8sResource: :term:`replica set`
 ---
-stepnum: 9
+stepnum: 8
 ref: save-object-spec-rs-x509
 source:
   file: steps-source-deploy-k8s-resource.yaml
   ref: save-object-spec-update
 replacement:
   k8sResource: :term:`replica set`
 ---
-stepnum: 10
+stepnum: 9
 ref: start-k8s-deployment-rs-x509
 source:
   file: steps-source-deploy-k8s-resource.yaml
@@ -91,7 +59,7 @@ replacement:
   k8sResourceType: replica-set
 ---
 title: "Track the status of your deployment."
-stepnum: 11
+stepnum: 10
 level: 4
 ref: track-k8s-deployment-rs-x509
 content: |
Original file line number	Diff line number	Diff line change
`@@ -91,3 +91,4 @@ raw: docs/kubernetes-operator/release-notes -> ${base}/stable/release-notes/`
`91`	`91`	`# All Versions`
`92`	`92`
`93`	`93`	`[*]: docs/kubernetes-operator/${version}/tutorial/secure-om-with-tls -> ${base}/${version}/tutorial/deploy-om-container`
	`94`	`+[*]: docs/kubernetes-operator/${version}/tutorial/secure-tls -> ${base}/${version}/tutorial/deploy-replica-set`