Docs Menu
Docs Home
MongoDB Enterprise Kubernetes Operator

MongoDB User Resource Specification

On this page

  • Example
  • Required MongoDBUser Resource Settings
  • Optional MongoDBUser Resource Settings

The MongoDBUser custom resource lets you configure the authentication and roles required for a user to access a MongoDB database.

The following example shows a resource specification for a MongoDBUser custom resource:

3kind: MongoDBUser
5 name: ldap-user-1
7 username: "uid=mdb0,dc=example,dc=org"
8 db: "$external"
9 mongodbResourceRef:
10 name: ldap-replica-set
11 roles:
12 - db: "admin"
13 name: "clusterAdmin"
14 - db: "admin"
15 name: "readWriteAnyDatabase"
16 - db: "admin"
17 name: "dbAdminAnyDatabase"

This section describes settings that you must use for all MongoDBUser resources.


Type: string

Version of the MongoDB Kubernetes resource schema.


Type: string

Kind of MongoDB Kubernetes resource to create. Set this to MongoDBUser.

Type: string

Human-readable name so you can identify this particular MongoDBUser resource.

Resource names must be 44 characters or less.


Type: string

Name of the MongoDB database that these users will access. The default is admin.


Type: string

Human-readable label that identifies the user needed to authenticate to the MongoDB database or collection.

The MongoDBUser custom resource can use the following settings:


Type: string

Name of the connection string secret that the Kubernetes Operator creates.

When you create a new MongoDB database user, Kubernetes Operator automatically creates a new Kubernetes secret. The Kubernetes secret contains the following information about the new database user:

  • username: Username for the database user

  • password: Password for the database user

  • connectionString.standard: Standard connection string that can connect you to the database as this database user.

  • connectionString.standardSrv: DNS seed list connection string that can connect you to the database as this database user.

Type: string

Name of the MongoDB resource to which this user is associated. For example, my-resource.


Type: string

The namespace that contains the secret for this user. If unspecified, the Kubernetes Operator keeps connection secrets in the same namespace as the MongoDBUser custom resource.

Type: string value of the secret that stores the user's password. For example, my-secret-name.


Type: string

Name of the field in the secret that contains the password for this MongoDB database user.

To learn more, see the Kubernetes documentation.


Type: string

MongoDB database on which the role can act. For example, admin.

Type: string

Name of the role to grant the database user.


Ops Manager Resource Specification


MongoDB Database Resource Specification