chatton · November 6, 2019 11:49
diff --git a/scram-replicaset.yaml b/scram-replicaset.yaml
 ---
 apiVersion: mongodb.com/v1
 kind: MongoDB
 metadata:
  name: my-scram-enabled-replica-set
 spec:
  type: ReplicaSet
  members: 3

  # Using a version >= 4.0 will enable SCRAM-SHA-256 authentication
  # setting a version < 4.0 will enable SCRAM-SHA-1/MONGODB-CR authentication
  version: 4.0.4

  opsManager:
    configMapRef:
      name: my-project
  credentials: my-credentials

  security:
    authentication:
      enabled: true
      modes: ["SCRAM"] # Valid authentication modes are "SCRAM' and "X509"

      # Optional field - ignoreUnknownUsers
      # A value of true means that any users not configured via the Operator or the Ops Manager or Cloud Manager UI
      # will not be altered in any way

      # If you need to manage MongoDB users directly via the mongods, set this value to true
      ignoreUnknownUsers: true # default value false

 ---
 apiVersion: mongodb.com/v1
 kind: MongoDBUser
 metadata:
  name: my-scram-user
 spec:
  passwordSecretKeyRef:
    name: my-scram-secret # the name of the secret that stores this user's password
    key: password # the key in the secret that stores the password
  username: my-scram-user
  db: admin
  mongodbResourceRef:
    name: my-scram-enabled-replica-set # The name of the MongoDB resource this user will be added to
  roles:
    - db: admin
      name: clusterAdmin
    - db: admin
      name: userAdminAnyDatabase
    - db: admin
      name: readWrite
    - db: admin
      name: userAdminAnyDatabase

 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: my-scram-secret
 type: Opaque
 stringData:
  password: my-scram-password
	---
	apiVersion: mongodb.com/v1
	kind: MongoDB
	metadata:
	name: my-scram-enabled-replica-set
	spec:
	type: ReplicaSet
	members: 3

	# Using a version >= 4.0 will enable SCRAM-SHA-256 authentication
	# setting a version < 4.0 will enable SCRAM-SHA-1/MONGODB-CR authentication
	version: 4.0.4

	opsManager:
	configMapRef:
	name: my-project
	credentials: my-credentials

	security:
	authentication:
	enabled: true
	modes: ["SCRAM"] # Valid authentication modes are "SCRAM' and "X509"

	# Optional field - ignoreUnknownUsers
	# A value of true means that any users not configured via the Operator or the Ops Manager or Cloud Manager UI
	# will not be altered in any way

	# If you need to manage MongoDB users directly via the mongods, set this value to true
	ignoreUnknownUsers: true # default value false

	---
	apiVersion: mongodb.com/v1
	kind: MongoDBUser
	metadata:
	name: my-scram-user
	spec:
	passwordSecretKeyRef:
	name: my-scram-secret # the name of the secret that stores this user's password
	key: password # the key in the secret that stores the password
	username: my-scram-user
	db: admin
	mongodbResourceRef:
	name: my-scram-enabled-replica-set # The name of the MongoDB resource this user will be added to
	roles:
	- db: admin
	name: clusterAdmin
	- db: admin
	name: userAdminAnyDatabase
	- db: admin
	name: readWrite
	- db: admin
	name: userAdminAnyDatabase

	---
	apiVersion: v1
	kind: Secret
	metadata:
	name: my-scram-secret
	type: Opaque
	stringData:
	password: my-scram-password