diff --git a/source/fundamentals/enterprise-auth.txt b/source/fundamentals/enterprise-auth.txt index 1d7065fa..82a2459a 100644 --- a/source/fundamentals/enterprise-auth.txt +++ b/source/fundamentals/enterprise-auth.txt @@ -192,6 +192,27 @@ The following code example shows how to set these options when creating a :end-before: end-gcp-imds :emphasize-lines: 2-4 +Kubernetes +~~~~~~~~~~ + +If your application runs on a Kubernetes cluster, you can authenticate to MongoDB by using +the {+driver-short+}'s built-in Kubernetes support. + +You can configure OIDC for Kubernetes by setting the ``mechanism`` field of your +``Credential`` struct to ``AuthMechanism::MongoDbOidc``. Then, specify the +authentication mechanism by setting the ``ENVIRONMENT`` property to ``k8s`` in the +``mechanism_properties`` field. + +The following code example shows how to set these options when creating a +``Client``: + +.. literalinclude:: /includes/fundamentals/code-snippets/enterprise-auth.rs + :language: rust + :dedent: + :start-after: start-kubernetes + :end-before: end-kubernetes + :emphasize-lines: 2-4 + .. _rust-mongodb-oidc-custom-callback: Custom Callback diff --git a/source/includes/fundamentals/code-snippets/enterprise-auth.rs b/source/includes/fundamentals/code-snippets/enterprise-auth.rs index ae0373da..43b8e848 100644 --- a/source/includes/fundamentals/code-snippets/enterprise-auth.rs +++ b/source/includes/fundamentals/code-snippets/enterprise-auth.rs @@ -60,6 +60,23 @@ async fn main() -> mongodb::error::Result<()> { .await?; // end-gcp-imds + // start-kubernetes + let credential = Credential::builder() + .mechanism(AuthMechanism::MongoDbOidc) + .mechanism_properties( + doc! { "ENVIRONMENT": "k8s" } + ) + .build(); + + client_options.credential = Some(credential); + let client = Client::with_options(client_options)?; + let res = client + .database("test") + .collection::("test") + .find_one(doc! {}) + .await?; + // end-kubernetes + // start-custom-callback-machine let credential = Credential::builder() .mechanism(AuthMechanism::MongoDbOidc)