This version of the documentation is archived and no longer supported, and the MongoDB Enterprise Kubernetes Operator is deprecated. The new MongoDB Controllers for Kubernetes Operator replaces the MongoDB Enterprise Kubernetes Operator. The first version of the Controllers for Kubernetes Operator is functionally equivalent to the last version of the Enterprise Kubernetes Operator, v1.33. For more information about this change, and guidance on migrating to the new Operator, see the release notes for the first new version. There will be no future releases of the MongoDB Enterprise Kubernetes Operator. Each version will reach end of life according to the existing one year support policy. Please migrate to the Controllers for Kubernetes Operator for continued support.
Kubernetes 연산자는 X.509, LDAP 및 SCRAM 사용자 인증을 지원합니다.
참고
LDAP 구성은 spec.security.authentication.agents.automationLdapGroupDN 설정을 참조하세요.
MongoDB 사용자 및 MongoDB Agent 인스턴스에 대해 추가 CustomResourceDefinition 을(를) 생성해야 합니다. Kubernetes Operator는 인증서를 생성하고 배포합니다.
인증 샘플 디렉토리 의 x509 인증 디렉토리 에서 전체 X. 인증서 구성 예시를 참조하세요.509 이 디렉토리 에는 샘플 LDAP 및 SCRAM 구성도 포함되어 있습니다.
배포 CRD 예시
1 apiVersion: mongodb.com/v1 2 kind: MongoDB 3 metadata: 4 name: my-tls-enabled-rs 5 spec: 6 type: ReplicaSet 7 members: 3 8 version: "4.0.4-ent" 9 opsManager: 10 configMapRef: 11 name: my-configmap-name 12 credentials: my-credentials 13 security: 14 tls: 15 enabled: true 16 authentication: 17 enabled: true 18 modes: ["X509"] 19 internalCluster: "X509"
사용자 CRD 예시
1 apiVersion: mongodb.com/v1 2 kind: MongoDBUser 3 metadata: 4 name: user-with-roles 5 spec: 6 username: "CN=mms-user-1,OU=cloud,O=MongoDB,L=New York,ST=New York,C=US" 7 db: "$external" 8 mongodbResourceRef: 9 name: my-resource 10 roles: 11 - db: "admin" 12 name: "clusterAdmin"