This repository has been archived by the owner on Jan 9, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
application.yaml
107 lines (84 loc) · 8.45 KB
/
application.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
---
apiVersion: app.k8s.io/v1beta1
kind: Application
metadata:
name: "{{ .Release.Name }}"
namespace: "{{ .Release.Namespace }}"
annotations:
kubernetes-engine.cloud.google.com/icon: >-
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIMAAACDCAYAAACunahmAAAACXBIWXMAAAsSAAALEgHS3X78AAAON0lEQVR4Ae2dT2hbyR3HR04cObEbyY66Xm8Klqho6ckyOfTSruX2UOhBVqD0avnSSw+rgGgpgdhOSenBsAqU0p4sL+nu3iKll0KhkSgUylbd59JdaCsqOWSTzdpJJLvx39gu4/xmGE/m/ZH09Oc9/T4gsJ+e3pv33nd+85uZ32+e5/j4mCAIpa8LyoB0CSgGhINiQDgoBoSDYkA4KAaEg2JAOCgGhINiQDgoBoSDYkA4KAaE07NiePvm/fEuKEZX0ZOzlrF0MbG7t/erL9bXNwghSW1pJtsFxeo4PSWGWLoYJYSkCSETu3t75Iv1dfZVAUShdbaEnaUnxBBLF4Mgghm2TRIDYwVEUe1EOTuNq8UQSxf99OHCxyd+pyMGSo0QsqAtzaTbVtAuwbVioH4BfaiEEKWjaCAGxhohJKEtzeRbWc5uwnViiKWLEWgSpoz2syAGRgFEUbGznN2Ia8QATQIVwayV/esQA+M2NB+u9SdcMc4QSxdpc1CxKoQGeYeeI5LKJVp6MR3E0ZYhli7GwRrUPYDUgGUQWYVeh6v8CUeKAbqKGTO/wIgmxcDIgShc4U84SgzgFyyAyW4Km8RAoCtKrVPa6f6EY3yGWLqYBL+gaSHYDB2/mCeEaE73J7reMohDyHYe10bLIFOAXofj/ImutgzRn+c/PDo6um+3ECj9h9uk33No92EJ+DH3I6lcvBUHbyVdLYZqrfbmZ48f72xube3aedz+x8Xdi5+8t/e9oX/Xgv3Pd+w8NoxcTjtxJvRsF5TBkOPj4/PVWo1sbm3VApcu+Qa83oaPdWbzIfGWfl/zvNw9mafo9xx6J89/Rr7qffpkdXdsdOPlYDNFdfycRteLgXF0dOSjbfy5/v6NwKVLgbNnrRfds7dJBv5zb6Nvez0gT1hRLvbtjn77Qpk8fnnxyT923xzdPjpXb/FcMdvpGDEw9g8OAo8+/5wMDQ5u+H2+QF+ffkvnOdwj/Y8+qvU//ogKIGB27LGzm6OjQ1vbpb3AwSd7o6+JRoGr4iAcJwbG/168CLzY3t4d9vuPhwYHz8vfn13/54638icPOT608lA5feT4wte86yR07lnt77uX+x8dXLyg2G3NjRFSjhUDeeVPDDx7/pzUNjc3Lo2MBKg/ceIX/PcPG579LVNLYES/59D3zfMPyKZ34Mnfdr4yWjscIGyASVuaWWj1tXUCR4uBcXh4GKD+xOj+g0cjG399y0qTYBXqT3xnsET+tfflP366N/ojN09luys6eufpQasO/XXv+l/cHtOAeRMIB8WAcFAMCAfFgHBQDC0gksr5I6lcxGnl7lkx9PX1/QaGkW0FZivpiKTjZi1dMc5QJyeh77+7895JN3Hx5q0MRE81HEJHXonAUoh+N9NLYjgZQv7g/TunhpDnb1ynQSjRxZu3EvAw6xq+pk1CPSH63UwvNBN0CHnxg/fvBGUhiMzfuE4tBA20XbR64Egql2xDiH7bcLtlWAFrYGlqef7GdbrfAjQdpxJ1RSKpXBSis121xoNbxVAAETQ0tTx/4zqt7fHFm7dOxV9GUrmmQ/S7GVeJ4fCcjxzvD/74w5Xf/tqO44E/Ebm++MuflfdHpiEK2rW4Qgwej2f7S0NDBwNvfWt8u+/tn8TSxe17ySsZO479Kvz9Gz+t17F0Io4Xw4DXuzEyPCyGwdF2fBlS8pP3klcaairAL7A9RL+bcawYzpw5wwJa9GIXaLv+cSxdXAFRWHIiwS/QdR7djOO6lh6PZ3dkeHjn8thYwGKkNO32VSBTWxcYQqb7lHtRCMRpYqBBsJfHxgZUMY8mnKTAxdLFCmRunwLS4jS3O4hmOKKZEMLjmw1no/7E3Vi6eNL1fPDwod+OoWi30NVi8J47t+/z+YiBX9AoJ/5E+67EGXR1MzH6xhs/HPB6F2FI2SnQsl5zYgS1I9ZngMU5FuyeA3jw8KGdhyNOz6xy2mIdtvb9bRSDKzKrnLqMT0PTzTI2iMFVmVWOXeBLWP214e5gE2JwZWaV49eBVK0LbZUGxbACqfeuS6hx06KgdfsTdYrBscvzWMWNywUnoedh6k9YFEMN/AJbZkG7GdeFvd1LXklD+NptGw5HxziCvSAE0gOvGDCMTDKwDK5a7NMqvfLyEWXMokIMPfdaAZFeey3RKX9CEEPPvnBEpKcyqgR/Qsykug1+QU8LgfTq2+so3/3Fn7//9NmzT3vNLzCiZ8WAvA5mYSMcFAPCQTEgHBQDwkExIBwUA8JBMfQAdGkhWFTEEBSDyxHWksibCQLF4H4SsLoM/USNrtZyEk04GEpAzKEcSUSne9OlSjkP+2WEkPZptl06Fi3Uffb7UqUch+15g+ymAlzQQqlSPjWEHA6GFizGQk4L5RTLoHc+el2Gwa5Q8+TjhPSGuSGfU6+sa3CNGVUMRSSVOzVcrC3NeAzKkNOWZuLwzOg1ZM0Cd00tQzgY8oeDIRoCvqwTUkZjD++Hg6Ek/J8Ukl5euyB6PGF7Dfa3whSITAsHQ+1YY5Ge7y4IzQhV+Rt9peE4nHc5ksppVtp5yBqXH/IaKwPN4dCWZqJWAnSsNBNZQQS0tlwlhAwTQiYJIXNwYspJ4kipUq4KN2NccTOTQlxBUq7lAH298LT0YZlVPpiGVqH6nfjRy2uQ97sKx6LMh4OhoOpH8CBUgbhJKw/ShAmzigLnyEohfvQexRtJ5DFsJqBpYGb7dqlSFgunQS2lhYmK5pT+HQ6GcnCj6M3M0IcONZqZSNo86Km1qmhe8mBV3jFo+1S/M0WnKcuDyfaBuFUC1BOlDxYFtRIud00QqRyAkzQ4B9EJAI43msxjZhlYDS9IQuBQS6DTriYUzYXYPBiZUjNVtzx9DSyc7k2FWimm969Ku1jNqdBoZBVEV8WlvFKzoF453XCumSgtMweSWYW6A0LpzQTLcpceB/wOpuIE3Gw9/IrmJSKYZL3y+MEx1CuT5RsFVsjIN0lKDysNFos9oHHav68z2yrRRJbY7WYDd632JhoKAIHmogCiYkLImXnosL9er2K1VCnr1boJkx6CR7VRISC/FG6vusmiZatB2y0vEJpUOHcy6UgqV4Vzyia/YPJbxqq2NGPVEdelHeszsFVRfBaaBwa9CWIt9kOtozdrAnwQ1XFqRqbdACMBzclOLqz0IrbtWXDY6MDOmvDdFF1T2qQN10v6qaenNUHL1GrLwC4sLj0cy4DjqEFNT5s0D4y8qvZD9/VdWvtoM6LoiWilStlwYEUHVgODwoM8NX4iIT+k2Ugqp7dcQLKBrmYBorTrsci0O0qaEYSZA8luRALa0I5SqpTFoFVld68RqIBARBHBEYyqmkcY4KlnSYBZ6ILqcQ0+p05j8diy07rczHsuzMTAaqcPunavnYjW1nAwVG3HQBCMbrYMsFpxYTwjq6gEjbTNRpZBg8jsnLDt5NwWxirk3geBpqqhZ2HYTICJnxNGHz8GhzAP6o0IZjVrY21NKJw60aFc1THftNdiFOGrHB4XgWuOwjVOQCWglqOqGGSq6bxkJAj3jEEHodImA0HMt2L3cwJ6KLpCos0IWKq84Oz6QBDBegeeTEcgYWDoqqDAKRg4mhEKXjCbBKmTcaFHIfcsCk0M91qiVClrwjkmhN6E7Mdk2RiB9MkII7NEGITSBR6cfF2z4Kwa/U5TWCuflVlKGUu9CegK0j58XNGeZeHmGZGEHoGZQ8T206OiM3ydsejgatLf00bXHA6GJll5aHMx9IN0WupmGl13VLKUrJbKZeXHoIKKpHKT0j0Qa7eyvFR8dC7D5N6ZgnkTCAfjGRAOigHhoBgQDooB4aAYEA6KAeGgGBAOigHhdOx9E4rRTM0o6AWCUuPCKFsVRj+Vo5oQKVWVZjpV++SN5itgn4oYr6naJv2GDiEHxWl4tk2xuwZl6PhK9G0XA4ggowrvCgdDaxASlxe2Gb1r+t1wMLQCUdbyzZxnvzeIjGLBuUZD2fMwH5Ix2SbCAokXFNtU1GAyrKOr0re1mRBiIgmEvg+XKmUaihaC//3iZA0IIQ9CoA99ku4Pv5mEbbNC5LSKeaO4yA4gh+XPQRGMrqEttM0ywANZhtnPU7UATP0CC6kXfpaBWcM52SSzmUUIaV82me6lk07BbjDFOmH5FQi9Y69O6AjttAzMZMb1zKEoBPAR6DT5ikF+BZtiX4FQOLlNLkDQiM9CYGrHEATSUcvQFjGA+ZsyCEpRwWq5lfwDto/KMrD8jSkLqXIdQRBxRy1XuywD6zXUXTv1egtW9xFC2UgX+g9MCFkh3L5j9MQ4A1ijRfhXFdfYNmhYnviBN+wGDfJO20a7xMAu0jD0S4Ve0quIlX2ge1noAv9hUfiw0Li4kV/ULtoiBlD8KiTAWDXT7IHV4zOYPWQ7/Qcj66L7HRUl+5j4Om2nE72JjF5NFrdDjyMHvQTdmwXfzULanuGgDYiSHct0cQ+hPLL51hU2bJuQAmL1ysMCZ1U9obbTNjHAUPMKRD7TVH6emENvBNRUTcqNSMCNX6bbxRsGv0nDGMOq1doF5VC+pYYuLyCdhwlY7gExC5QVhQp/s++smn1eSSzu3zLaHhBrsuRODYajs8L+bEGKKWEfIgxnF6DNPdUtA+esoJduJ2SFL7LhailTnCXS8GWGpDLlDTKrVmFgrSr85mSJIhg9lctSgUpimtfRSto+N0FvPNT+OISTsxD6PEw8VaX96f9RyNgSJ7c0kzD9gkkoO5sj4U1AqVKOQO1mAsqrHDtYbiCqM2eiN1dilAaQhE+00ZxWO8BQ+SaR1nHQy+twBCgGhIPBLQgHxYBwUAwIB8WAcFAMCAfFgHBQDAgHxYBwUAwIB8WAcFAMCAfFgHBQDMgrCCH/B72jI0AbGfj3AAAAAElFTkSuQmCC
marketplace.cloud.google.com/deploy-info: '{"partner_id": "cyberark", "product_id": "conjur-open-source", "partner_name": "CyberArk"}'
labels:
app.kubernetes.io/name: "{{ .Release.Name }}"
spec:
descriptor:
type: Conjur
version: "{{ .Values.conjur.application.version }}"
description: |-
CyberArk Conjur automatically secures secrets used by privileged users and machine identities.
# Support
Community support is available on
[GitHub](https://github.com/cyberark/conjur/issues).
maintainers:
- name: CyberArk
url: https://www.cyberark.com
links:
- description: Getting Started
url: https://www.conjur.org/get-started/
notes: |-
# Access Conjur
Get the external IP of the Conjur service and visit
the URL printed below in your browser to see the status page.
```
SERVICE_IP=$(kubectl get \
--namespace {{ .Release.Namespace }} \
svc {{ .Release.Name }}-conjur-oss-ingress \
-o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo "https://${SERVICE_IP}"
```
Note that it might take some time for the external IP to be provisioned.
Once provisioned, create an A record mapping this IP to the common name:
```
{{ index .Values "conjur-oss" "ssl" "hostname" }}
```
that was specified in the `Certificate Common Name` field during configuration.
NOTE: This `Certificate Common Name` should not have a trailing `/` character.
# Configure Conjur
To create an initial account and login, follow the instructions here:
<https://www.conjur.org/get-started/install-conjur.html#install-and-configure>
```
export POD_NAME=$(kubectl get pods --namespace "{{ .Release.Namespace }}" \
-l "app=conjur-oss,release={{ .Release.Name }}" \
-o jsonpath="{.items[0].metadata.name}")
kubectl exec -n {{ .Release.Namespace }} $POD_NAME --container=conjur-oss conjurctl account create {{ index .Values "conjur-oss" "account" | quote }}
```
Note that the conjurctl account create command gives you the
public key and admin API key for the account administrator you created.
Back them up in a safe location.
# Connect to Conjur
Start a container with Conjur CLI and authenticate with the new user:
```
docker run --rm -it --entrypoint bash cyberark/conjur-cli:5
# Initialize a connection to the Conjur server. (This assumes that
# you've created a DNS A Record for the Certificate common name
# {{ index .Values "conjur-oss" "ssl" "hostname" }}
# as described above).
conjur init -u https://{{ index .Values "conjur-oss" "ssl" "hostname" }} -a {{ index .Values "conjur-oss" "account" | quote }}
# API key here is the key that creation of the account provided you in step #2
conjur authn login -u admin -p <API_KEY>
# Check that you are identified as the admin user
conjur authn whoami
```
# Next Steps
- Go through the Conjur Tutorials: https://www.conjur.org/tutorials/
- View Conjur’s API Documentation: https://www.conjur.org/api.html
selector:
matchLabels:
app.kubernetes.io/name: "{{ .Release.Name }}"
componentKinds:
- group: apps/v1beta2
kind: Deployment
- group: v1
kind: Secret
- group: v1
kind: Service