MCK 1.2.0 Release Notes
New Features
OpenID Connect (OIDC) user authentication
Adds support for OpenID Connect (OIDC) user authentication.
- You can configure OIDC authentication with the
spec.security.authentication.modes=OIDCandspec.security.authentication.oidcProviderConfigs. - Minimum MongoDB version requirements:
7.0.11,8.0.0- Only supported with MongoDB Enterprise Server
- For more information please see:
New ClusterMongoDBRole CRD
Adds new ClusterMongoDBRole CRD to support reusable roles across multiple MongoDB clusters. This allows users to define roles once and reuse them in multiple MongoDB or MongoDBMultiCluster resources.
- You can reference this role using the
.spec.security.roleRefsfield. Note that only one of.spec.security.rolesand.spec.security.roleRefscan be used at a time. - ClusterMongoDBRole resources are treated by the operator as a custom role templates that are only used when referenced by the database resources.
- The operator watches the new resource by default. This means that the operator requires you to create a new ClusterRole and ClusterRoleBinding. The helm chart or the kubectl mongodb plugin create these ClusterRole and ClusterRoleBindingby default. You must create them manually if you use a different installation method.
- The new ClusterMongoDBRole resource is designed to be read-only, meaning it can be used by MongoDB deployments managed by different operators.
- You can delete the ClusterMongoDBRole resource at any time, but the operator will not delete any roles that were created using this resource. To properly remove access, you must manually remove the reference to the ClusterMongoDBRole in the MongoDB or MongoDBMultiCluster resources.
- The reference documentation for this resource can be found here
Bug Fixes
- Fixed an issue where moving a MongoDBMultiCluster resource to a new project (or a new OM instance) would leave the deployment in a failed state.