OpenShift/Kubernetes
Integration of Conjur with supported Kubernetes-based implementations, such as Red Hat OpenShift, GKE, and EKS enables applications running on your Kubernetes platform to retrieve secrets stored in Conjur securely, without ever exposing the secrets to third parties.
|
Supported Kubernetes-based environments
Vendor |
Cert-based |
JWT-based |
---|---|---|
OpenShift |
v4.11-4.13 |
v4.11-4.13 |
Google Kubernetes Engine (GKE) |
1.26,1.27 |
|
Other Kubernetes environments (EKS, AKS) |
1.26,1.27 |
1.26,1.27 |
Rancher |
2.x |
Not supported |
What does the integration provide?
The Conjur - Kubernetes integration provides the following:
-
End-to-end encryption of secrets through mutual TLS (certificate-based authentication only)
-
Robust authentication and authorization incorporating security policy, signed certificates (certificate-based authentication only), and native Conjur authenticators:
-
Kubernetes Authenticator for certificate -based authentication
-
JWT Authenticator for JWT-based authentication
-
-
Security policy provides separation of duties, letting your security teams control container access while development teams define application requirements
-
Deployment of applications across environments and Pods
-
Secret rotation and centralized auditing
-
Scalability and performance advantages of the Conjur Leader-Follower architecture: Followers provide read-only activity for clients; automatic scale-up by the auto-enrollment of Followers as needed