(DOCSP-32647): Added X509 procedure. #1415
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
corryroot
requested review from
irajdeep,
mircea-cosbuc,
lsierant,
slaskawi and
nammn
as code owners
corryroot
force-pushed
the
DOCSP-32647
branch
from
e197e24 to
64bd231
Compare
nammn
reviewed
Nov 3, 2023
docs/x509-auth.md
Outdated
| ``` | ||
|
|
||
| 1. To deploy the MongoDB Community Kubernetes Operator, copy and paste | ||
| the following command and replaces the `<namespace>` variable with the |
There was a problem hiding this comment.
Suggested change
| the following command and replaces the `<namespace>` variable with the | |
| the following command and replace the `<namespace>` variable with the |
There was a problem hiding this comment.
why do we have this command 2 times here?
|
|
||
| **Note:** | ||
|
|
||
| - For the `spec.security.tls.certificateKeySecretRef.name` parameter, |
There was a problem hiding this comment.
You can also instead link to this doc explaining the structure and more:
its a certificate that the server not generates but uses I think
docs/x509-auth.md
Outdated
|
|
||
| **Example:** | ||
|
|
||
| ``` |
There was a problem hiding this comment.
do we have an example we ccan link to instead? otherwise we will have 2 places to keep them up 2 date
| Operator with X.509 Authentication enabled for the MongoDB Agent and | ||
| client. To learn more, see [Install the Operator using Helm](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/install-upgrade.md#install-the-operator-using-helm). | ||
|
|
||
| 1. To deploy the MongoDB Community Kubernetes Operator, copy and paste |
There was a problem hiding this comment.
Since this command does a bit more than install the operator, I think it's worth mentioning here that this will deploy a sample resource with X509 enabled for both client and agent authentication and that it will also create a sample X509 user and the certificate the user can use to authenticate.
sarahsimpers
approved these changes
Nov 3, 2023
docs/x509-auth.md
Outdated
| client. | ||
|
|
||
| 1. To install the MongoDB Community Kubernetes Operator, see | ||
| [Install the Operator using kubectl](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/install-upgrade.md#install-the-operator-using-kubectl) |
There was a problem hiding this comment.
Suggested change
| [Install the Operator using kubectl](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/install-upgrade.md#install-the-operator-using-kubectl) | |
| [Install the Operator using kubectl](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/install-upgrade.md#install-the-operator-using-kubectl). |
docs/x509-auth.md
Outdated
| [Install the Operator using kubectl](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/install-upgrade.md#install-the-operator-using-kubectl) | ||
|
|
||
| 1. To create a CA, ConfigMap, secrets, issuer, and certificate, see | ||
| [Enable External Access to a MongoDB Deployment](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/external_access.md) |
There was a problem hiding this comment.
Suggested change
| [Enable External Access to a MongoDB Deployment](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/external_access.md) | |
| [Enable External Access to a MongoDB Deployment](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/external_access.md). |
docs/x509-auth.md
Outdated
| - For the `spec.security.tls.certificateKeySecretRef.name` parameter, | ||
| specify a reference to the secret that contains the private key and | ||
| certificate to use for TLS. The operator expects the PEM encoded key | ||
| and certidicate available at "tls.key" and "tls.crt". Use the same |
There was a problem hiding this comment.
Fix: typo
Suggested change
| and certidicate available at "tls.key" and "tls.crt". Use the same | |
| and certificate available at "tls.key" and "tls.crt". Use the same |
docs/x509-auth.md
Outdated
| ``` | ||
|
|
||
| 1. Create a YAML file for the client certificate. For an example, see | ||
| [cert-x509.yaml](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/config/samples/external_access/certy_x509.yaml). |
There was a problem hiding this comment.
Fix: typo
Suggested change
| [cert-x509.yaml](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/config/samples/external_access/certy_x509.yaml). | |
| [cert-x509.yaml](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/config/samples/external_access/cert_x509.yaml). |
nammn
approved these changes
Nov 7, 2023
corryroot
force-pushed
the
DOCSP-32647
branch
from
7ad484d to
3d17117
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@mircea-cosbuc and @nammn, I added the steps to enable X.509 authentication.
JIRA
All Submissions:
closes #XXXXin your comment to auto-close the issue that your PR fixes (if such).