DOCSP-45890 - OIDC Kubernetes (#368)

mongoKart · norareidy · web-flow · commit 4c46ca06f71b · 2024-12-16T11:33:30.000-06:00
Co-authored-by: Nora Reidy &lt;nora.reidy@mongodb.com&gt;
diff --git a/source/fundamentals/authentication/oidc.txt b/source/fundamentals/authentication/oidc.txt
@@ -79,8 +79,6 @@ using a ``MongoCredential`` object or as part of the connection string. Select t
 :guilabel:`Connection String` or :guilabel:`MongoCredential` tab to
 see the corresponding syntax.
 
-.. include:: /includes/comma-auth-options.rst
-
 .. tabs::
 
    .. tab:: Connection String
@@ -127,8 +125,6 @@ using a ``MongoCredential`` object or as part of the connection string. Select t
 :guilabel:`Connection String` or :guilabel:`MongoCredential` tab to
 see the corresponding syntax.
 
-.. include:: /includes/comma-auth-options.rst
-      
 .. tabs::
 
    .. tab:: Connection String
@@ -159,11 +155,51 @@ see the corresponding syntax.
             .WithMechanismProperty("TOKEN_RESOURCE", "<audience>"); 
          var client = new MongoClient(mongoClientSettings);
 
+Kubernetes
+~~~~~~~~~~
+
+If your application runs on a Kubernetes cluster, you can authenticate to MongoDB by using
+the {+driver-short+}'s built-in Kubernetes support.
+
+You can specify Kubernetes OIDC authentication on a ``MongoClientSettings`` object either by
+using a ``MongoCredential`` object or as part of the connection string. Select the
+:guilabel:`Connection String` or :guilabel:`MongoCredential` tab to
+see the corresponding syntax.
+
+.. tabs::
+
+   .. tab:: Connection String
+      :tabid: oidc-kubernetes-connection-string
+    
+      The following code example shows how to specify Kubernetes OIDC authentication as
+      part of the connection string:
+
+      .. code-block:: csharp
+
+         var connectionString = "mongodb://<hostname>[:<port>]/?authMechanism=MONGODB-OIDC" +
+            "&authMechanismProperties=ENVIRONMENT:k8s";
+         var mongoClientSettings = MongoClientSettings.FromConnectionString(connectionString);
+         var client = new MongoClient(mongoClientSettings);
+
+   .. tab:: MongoCredential
+      :tabid: oidc-kubernetes-mongo-credential
+
+      The following code example shows how to specify Kubernetes OIDC authentication by using
+      a ``MongoCredential`` object:
+
+      .. code-block:: csharp
+
+         var mongoClientSettings = MongoClientSettings.FromConnectionString(
+            "mongodb://<hostname>[:<port>]");
+         mongoClientSettings.Credential = MongoCredential
+            .CreateOidcCredential("k8s")
+         var client = new MongoClient(mongoClientSettings);
+
 Custom Callback
 ~~~~~~~~~~~~~~~
 
 The {+driver-short+} doesn't offer built-in support for all platforms, including
-Azure Functions and Azure Kubernetes Service (AKS). Instead, you
+Azure Functions. Instead, you
 must define a custom callback to use OIDC to authenticate from these platforms.
 
 First, define a class that implements the ``IOidcCallback`` interface. This interface
diff --git a/source/includes/comma-auth-options.rst b/source/includes/comma-auth-options.rst
@@ -1,6 +1,5 @@
 .. note::
 
-   You cannot pass values containing the comma (``,``) character to the
-   ``authMechanismProperties`` connection string parameter. 
-   You must specify values that contain commas in a ``MongoCredential`` object, 
-   as demonstrated in the :guilabel:`MongoCredential` tab.
+   If you pass a value containing the comma (``,``) character to the
+   ``authMechanismProperties`` connection string parameter, you must
+   percent-encode the comma character as ``%2C``.
