-
Notifications
You must be signed in to change notification settings - Fork 16
Deploying the Conjur v5 cluster
Ensure that you have git installed and fetch the repository:
$ git clone https://github.com/cyberark/kubernetes-conjur-deploy
Cloning into 'kubernetes-conjur-deploy'...
remote: Enumerating objects: 100, done.
remote: Counting objects: 100% (100/100), done.
remote: Compressing objects: 100% (70/70), done.
remote: Total 325 (delta 56), reused 39 (delta 30), pack-reused 225
Receiving objects: 100% (325/325), 73.18 KiB | 2.29 MiB/s, done.
Resolving deltas: 100% (191/191), done.
$ cd kubernetes-conjur-deploy
[kubernetes-conjur-deploy] $
Prepare your terminal environment as described in the kubernetes-conjur-deploy README.md. An example is below.
export OSHIFT_CLUSTER_ADMIN_USERNAME=superadmin # must match your configuration
export OSHIFT_CONJUR_ADMIN_USERNAME=superadmin # must match your configuration
export CONJUR_NAMESPACE_NAME=conjur-cluster-5-1-2 # can be set to anything
export CONJUR_APPLIANCE_IMAGE=registry2.itci.conjur.net/conjur-appliance:5.1.2 # must match your local appliance image
export CONJUR_ACCOUNT=conjur-account # can be set to anything
export CONJUR_ADMIN_PASSWORD=SuperSecret # can be set to anything
export CONJUR_VERSION=5 # this version must match the version of the CONJUR_APPLIANCE_IMAGE
export DOCKER_REGISTRY_PATH=openshift-39.itci.conjur.net # must point to your openshift docker registry
export PLATFORM=openshift
There are a series of scripts in the root of the repository numbered 0-8 and each performs a step as described in the filename. We recommend that you run the scripts individually in order; once you are familiar enough with the individual step scripts to diagnose issues, you may choose to run the start script instead. Once you have run all of the scripts you will have created a Conjur cluster comprised of one master, two standbys, and two followers. The final script will print out info needed for interacting with Conjur.
Log in to the OC console (port 8443 by default) and select the namespace you chose for your Conjur cluster. From there you will be alerted to any errors running any of the images, and can view the logs for each pod.
Following the instructions at Using the Conjur UI you can access Conjur's web UI. You can also confirm the health of the cluster at /health.
After following the instructions for accessing the web UI, you can use the same domain and credentials to control the cluster via the Conjur CLI. YOu can use the CLI locally, or use the CLI pod in the cluster.