The MongoDB Enterprise Kubernetes Operator is deprecated. The new MongoDB Controllers for Kubernetes Operator replaces the MongoDB Enterprise Kubernetes Operator. The first version of the Controllers for Kubernetes Operator is functionally equivalent to v1.33 of the Enterprise Kubernetes Operator. For more information about this change, and guidance on migrating to the new Operator, see the release notes for the first new version. There will be no future releases of the MongoDB Enterprise Kubernetes Operator. Each version will reach end of life according to the existing one year support policy. Please migrate to the Controllers for Kubernetes Operator for continued support.
The Kubernetes Operator supports X.509, LDAP, and SCRAM user authentication.
Note
For LDAP configuration, see the
spec.security.authentication.agents.automationLdapGroupDN
setting.
You must create an additional CustomResourceDefinition for your MongoDB users and the MongoDB Agent instances. The Kubernetes Operator generates and distributes the certificate.
See the full X.509 certificates configuration examples in the x509 Authentication directory in the Authentication samples directory. This directory also contains sample LDAP and SCRAM configurations.
Example Deployment CRD
1 apiVersion: mongodb.com/v1 2 kind: MongoDB 3 metadata: 4 name: my-tls-enabled-rs 5 spec: 6 type: ReplicaSet 7 members: 3 8 version: "8.0.0" 9 opsManager: 10 configMapRef: 11 name: my-configmap-name 12 credentials: my-credentials 13 security: 14 tls: 15 enabled: true 16 authentication: 17 enabled: true 18 modes: ["X509"] 19 internalCluster: "X509"
Example User CRD
1 apiVersion: mongodb.com/v1 2 kind: MongoDBUser 3 metadata: 4 name: user-with-roles 5 spec: 6 username: "CN=mms-user-1,OU=cloud,O=MongoDB,L=New York,ST=New York,C=US" 7 db: "$external" 8 mongodbResourceRef: 9 name: my-resource 10 roles: 11 - db: "admin" 12 name: "clusterAdmin"