The MongoDBUser custom resource lets you configure the authentication and roles required for a user to access a MongoDB database.
Example
The following example shows a resource specification for a MongoDBUser custom resource:
1 2 apiVersion: mongodb.com/v1 3 kind: MongoDBUser 4 metadata: 5 name: ldap-user-1 6 spec: 7 username: "uid=mdb0,dc=example,dc=org" 8 db: "$external" 9 mongodbResourceRef: 10 name: ldap-replica-set 11 roles: 12 - db: "admin" 13 name: "clusterAdmin" 14 - db: "admin" 15 name: "readWriteAnyDatabase" 16 - db: "admin" 17 name: "dbAdminAnyDatabase" 18 19 ...
Required MongoDBUser Resource Settings
This section describes settings that you must use for all MongoDBUser resources.
apiVersionType: string
Version of the MongoDB Kubernetes resource schema.
kindType: string
Kind of MongoDB Kubernetes resource to create. Set this to
MongoDBUser.
metadata.nameType: string
Human-readable name so you can identify this particular
MongoDBUserresource.Resource names must be 44 characters or less.
spec.dbType: string
Name of the MongoDB database that these users will access. The default is
admin.
spec.usernameType: string
Human-readable label that identifies the user needed to authenticate to the MongoDB database or collection.
Optional MongoDBUser Resource Settings
The MongoDBUser custom resource can use the following settings:
spec.connectionStringSecretNameType: string
Name of the connection string secret that the Kubernetes Operator creates.
When you create a new MongoDB database user, Kubernetes Operator automatically creates a new Kubernetes secret. The Kubernetes secret contains the following information about the new database user:
username: Username for the database userpassword: Password for the database userconnectionString.standard: Standard connection string that can connect you to the database as this database user.connectionString.standardSrv: DNS seed list connection string that can connect you to the database as this database user.
spec.mongodbResourceRef.nameType: string
Name of the MongoDB resource to which this user is associated. For example,
my-resource.spec.mongodbResourceRef.namespaceType: string
The namespace that contains the secret for this user. If unspecified, the Kubernetes Operator keeps connection secrets in the same namespace as the
MongoDBUsercustom resource.spec.passwordSecretKeyRef.nameType: string
metadata.namevalue of the secret that stores the user's password. For example,my-secret-name.spec.passwordSecretKeyRef.keyType: string
Name of the field in the secret that contains the password for this MongoDB database user.
To learn more, see the Kubernetes documentation.
spec.roles.dbType: string
MongoDB database on which the role can act. For example,
admin.spec.roles.nameType: string
Name of the role to grant the database user.