Set up Conjur - OpenShift/Kubernetes integration

This topic describes the options for setting up the integration between Conjur and your Kubernetes environment.

The Conjur cluster is deployed outside of your Kubernetes environment. Conjur Followers can run inside or outside the Kubernetes environment.

To leverage Conjur in Enterprise Kubernetes environments and to allow your applications to leverage Conjur's native Kubernetes authentication, we recommend that you deploy the Follower inside your Kubernetes cluster.

Assuming a healthy Conjur cluster is up and running, the Conjur admin configures and enables the Kubernetes Authenticator, using Kubernetes resources that the Kubernetes cluster admin sets up for Conjur in Kubernetes.

The Kubernetes admin can then set up a Follower inside Kubernetes that syncs to the Conjur cluster outside of Kubernetes.

Click to link to the relevant section:

Click to link to the relevant section:

Assuming a healthy Conjur cluster is up and running, the Conjur admin sets up the Follower outside of Kubernetes.

The Conjur admin then configures and enables the Kubernetes Authenticator, using Kubernetes resources (namespace and service account) that the Kubernetes cluster admin sets up for Conjur in Kubernetes.

Click to link to the relevant section:

Once Kubernetes can authenticate to Conjur, application developers can set their applications up to retrieve secrets from Conjur.