Difficulty: beginner
Estimated Time: 60 minutes

This tutorial will guide you how to install your own Conjur Open Source on OpenShift

Conjur is an open source security service that integrates with popular tools to provide data encryption, identity management for humans and machines, and role-based access control for sensitive secrets like passwords, SSH keys, and web services

architecture ga

Deploying Conjur Open Source on OpenShift

OpenShift Playground

Client installation (helm)

oc adm policy add-cluster-role-to-user cluster-admin admin --as=system:admin oc adm policy add-cluster-role-to-user cluster-admin developer --as=system:admin oc adm policy add-scc-to-user anyuid -z default curl -ks https://storage.googleapis.com/kubernetes-helm/helm-v2.13.1-linux-amd64.tar.gz | tar xz sudo mv linux-amd64/helm /usr/local/bin sudo chmod a+x /usr/local/bin/helm helm init --client-only

Server installation (tiller)

With helm being the client only, Helm needs an agent named "tiller" on the kubernetes cluster. Therefore we create a project (namespace) for this agent an install it with "oc create"

export TILLER_NAMESPACE=tiller oc new-project tiller oc project tiller oc policy add-role-to-user edit "system:serviceaccount:${TILLER_NAMESPACE}:tiller" oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:tiller:tiller --as=system:admin oc process -f https://quincycheng.github.io/tiller-template.yaml -p TILLER_NAMESPACE="${TILLER_NAMESPACE}" | oc create -f - oc rollout status deployment tiller

Let's verify the helm installation is okay. Please wait for a while for server up & running if an error is shown:

helm version

Add CyberArk Chart

helm repo add cyberark https://cyberark.github.io/helm-charts helm repo update

Preparing your projects (namespaces)

Finally you have to give tiller access to each of the namespaces you want someone to manage using helm:

Prepare the Conjur project export TILLER_NAMESPACE=tiller oc new-project conjur oc project conjur oc policy add-role-to-user edit "system:serviceaccount:${TILLER_NAMESPACE}:tiller" oc adm policy add-scc-to-user anyuid -z conjur

Install Conjur

helm install \ --set dataKey="$(docker run --rm cyberark/conjur data-key generate)" \ cyberark/conjur-oss

Create an Account for Conjur, please wait for a while to retry if an error is shown

export POD_NAME=$(oc get pods --namespace conjur \
    -l "app=conjur-oss" \
    -o jsonpath="{.items[0].metadata.name}")
oc exec $POD_NAME --container=conjur-oss conjurctl account create "default"


This tab will not be visible to users and provides only information to help authors when creating content.

Creating Katacoda Scenarios

Thanks for creating Katacoda scenarios. This tab is designed to help you as an author have quick access the information you need when creating scenarios.

Here are some useful links to get you started.

Running Katacoda Workshops

If you are planning to use Katacoda for workshops, please contact [email protected] to arrange capacity.

Debugging Scenarios

Below is the response from any background scripts run or files uploaded. This stream can aid debugging scenarios.

If you still need assistance, please contact [email protected]