Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conjur Helm Chart supports configuring Conjur with TLS #11

Closed
jvanderhoof opened this issue Nov 29, 2018 · 2 comments
Closed

Conjur Helm Chart supports configuring Conjur with TLS #11

jvanderhoof opened this issue Nov 29, 2018 · 2 comments
Assignees
@sgnn7 @dsbyrne
Labels
component/conjur component/k8s kind/enhancement

Comments

@jvanderhoof
Copy link
Contributor

jvanderhoof commented Nov 29, 2018
edited by sgnn7
Loading

As a Conjur operator, I want to be able to configure OS Conjur to support TLS, so that I can use authn-k8s, which requires mTLS.

GIVEN a Kubernetes environment
WHEN I deploy OS Conjur using the Helm chart
THEN Conjur is configured with nginx to support TLS

mTLS is needed to support authn-k8s authentication within the same cluster between the Conjur OSS (master) instance and clients (conjur-authn-k8s-client) sidecar or init container using service accounts.

Estimate: 2 weeks
Confidence: low
@ismarc ismarc mentioned this issue Nov 30, 2018
Closed
4 tasks
@ismarc ismarc added defined and removed selected labels Nov 30, 2018
@ismarc ismarc mentioned this issue Dec 3, 2018
Closed
@sgnn7 sgnn7 added implementing and removed defined labels Dec 3, 2018
@sgnn7 sgnn7 self-assigned this Dec 3, 2018
@sgnn7
Copy link
Contributor

sgnn7 commented Dec 3, 2018

More info: "it's a single instance of OSS that can communicate with a k8s authn client deployed to a pod"

Expectation (from the info we have right now) is that this mTLS is intra-cluster rather than the larger inter-cluster setup.

@brikelly brikelly removed the blocked label Jan 3, 2019
@sgnn7
Copy link
Contributor

sgnn7 commented Jan 3, 2019

Finally can get back to this. I will be trying to implement something like https://github.com/conjurinc/openshift-conjur-oss-deploy or https://github.com/conjurinc/container-appliance in the helm chart to move us forward with internal mTLS.

The story size is definitely not 2 days so I will update the estimate as well.

CC: @garkler

@dsbyrne dsbyrne self-assigned this Jan 4, 2019
This was referenced Jan 8, 2019
Closed
Merged
@ghost ghost added the in progress label Jan 14, 2019
@sgnn7 sgnn7 removed the in progress label Jan 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sgnn7 sgnn7

@dsbyrne dsbyrne

Labels
component/conjur component/k8s kind/enhancement
Milestone
No milestone
Development

No branches or pull requests
7 participants
@ismarc @jvanderhoof @sgnn7 @brikelly @dustinmm80 @dsbyrne @garkler-zz