启用身份验证

在本页

示例部署CRD

示例用户CRD

的Kubernetes Operator支持X.509、LDAP和SCRAM用户身份验证。

注意

关于LDAP配置，请参阅spec.security.authentication.agents.automationLdapGroupDN设置。

您必须为MongoDB用户和MongoDB Agent实例创建一个额外的CustomResourceDefinition。该Kubernetes Operator生成并分发证书。

请参阅完整X.509证书配置示例目录中的身份验证示例目录。此目录还包含示例LDAP和SCRAM配置。

示例部署CRD

1 apiVersion: mongodb.com/v1
2 kind: MongoDB
3 metadata:
4   name: my-tls-enabled-rs
5 spec:
6   type: ReplicaSet
7   members: 3
8   version: "4.0.4-ent"
9   project: my-project
10   credentials: my-credentials
11   security:
12     tls:
13       enabled: true
14     authentication:
15       enabled: true
16       modes: ["X509"]
17       internalCluster: "X509"

示例用户CRD

1 apiVersion: mongodb.com/v1
2 kind: MongoDBUser
3 metadata:
4   name: user-with-roles
5 spec:
6   username: "CN=mms-user-1,OU=cloud,O=MongoDB,L=New York,ST=New York,C=US"
7   db: "$external"
8   project: my-project
9   roles:
10     - db: "admin"
11       name: "clusterAdmin"

提示

另请参阅

配置静态加密

配置密钥存储

1	apiVersion: mongodb.com/v1
2	kind: MongoDB
3	metadata:
4	name: my-tls-enabled-rs
5	spec:
6	type: ReplicaSet
7	members: 3
8	version: "4.0.4-ent"
9	project: my-project
10	credentials: my-credentials
11	security:
12	tls:
13	enabled: true
14	authentication:
15	enabled: true
16	modes: ["X509"]
17	internalCluster: "X509"

1	apiVersion: mongodb.com/v1
2	kind: MongoDBUser
3	metadata:
4	name: user-with-roles
5	spec:
6	username: "CN=mms-user-1,OU=cloud,O=MongoDB,L=New York,ST=New York,C=US"
7	db: "$external"
8	project: my-project
9	roles:
10	- db: "admin"
11	name: "clusterAdmin"