DOCSP-48312 Kubernetes Auth Support

lindseymoore · lindseymoore · commit 3e977efa09f9 · 2025-03-13T16:18:32.000-04:00
diff --git a/source/fundamentals/enterprise-auth.txt b/source/fundamentals/enterprise-auth.txt
@@ -478,6 +478,71 @@ callback function that you defined:
    :end-before: end-credential-callback
    :emphasize-lines: 6
 
+Kubernetes
+~~~~~~~~~~
+
+If your application runs on a Kubernetes cluster, you can authenticate to MongoDB 
+by using the {+driver-short+}'s built-in Kubernetes support.
+
+You can configure OIDC for Kubernetes in the following ways:
+
+- By creating a ``Credential`` struct and passing it to the
+  ``SetAuth()`` method when creating a client
+- By setting parameters in your connection string
+
+.. include:: /includes/authentication/auth-properties-commas.rst
+   
+.. tabs::
+
+   .. tab:: Credential
+      :tabid: credential struct
+
+      First, create a map to store your authentication
+      mechanism properties, as shown in the following example.
+
+      .. code-block:: go
+
+         props := map[string]string{
+         	"ENVIRONMENT":    "k8s",
+         }
+
+      Then, set the following ``Credential`` struct fields:
+ 
+      - ``AuthMechanism``: Set to ``"MONGODB-OIDC"``.
+      - ``AuthMechanismProperties``: Set to the ``props`` map that you
+        previously created.
+
+      The following code example shows how to set these options when creating a
+      ``Client``:
+
+      .. literalinclude:: /includes/authentication/kubernetes.go
+            :language: go
+            :dedent:
+            :copyable: true
+            :start-after: start-kubernetes
+            :end-before: end-kubernetes
+
+   .. tab:: Connection String
+      :tabid: connectionstring
+
+      Include the following connection options in your connection string:
+
+      - ``authMechanism``: Set to ``MONGODB-OIDC``.
+      - ``authMechanismProperties``: Set to``ENVIRONMENT:k8s``.
+
+      The following code example shows how to set these options in your connection string:
+      
+      .. code-block:: go
+
+	      uri := "mongodb://<hostname>:<port>/?" +
+	      	   "&authMechanism=MONGODB-OIDC" +
+	      	   "&authMechanismProperties=ENVIRONMENT:k8s"
+      
+	      client, err := mongo.Connect(options.Client().ApplyURI(uri))
+	      if err != nil {
+	      	panic(err)
+	      }
+
 Additional Information
 ----------------------
 
diff --git a/source/includes/authentication/kubernetes.go b/source/includes/authentication/kubernetes.go
@@ -0,0 +1,27 @@
+package main
+
+import (
+	"go.mongodb.org/mongo-driver/v2/mongo"
+	"go.mongodb.org/mongo-driver/v2/mongo/options"
+)
+
+func main() {
+	// start-kubernetes
+	uri := "mongodb://<hostname>:<port>"
+	props := map[string]string{
+		"ENVIRONMENT": "k8s",
+	}
+	opts := options.Client().ApplyURI(uri)
+	opts.SetAuth(
+		options.Credential{
+			Username:                null,
+			AuthMechanism:           "MONGODB-OIDC",
+			AuthMechanismProperties: props,
+		},
+	)
+	client, err := mongo.Connect(opts)
+	if err != nil {
+		panic(err)
+	}
+	// end-kubernetes
+}
