Application containers running in Rancher-managed Kubernetes environments can authenticate to Conjur and securely retrieve secrets.
This section specifically relates to the case where Kubernetes must be accessed through the Rancher API.
If your organization does not require access through the Rancher API, then the integration setup is identical to the setup for any other supported Kubernetes-based environment. In this case, see OpenShift/Kubernetes.
Supported Rancher versions
This integration supports Rancher v2.x.
Supported Kubernetes-based environments
Integration with Rancher supports all Kubernetes-based environments supported by Conjur. For details, see Supported Kubernetes-based environments.
Before you start
Before you start setting up the integration between Conjur and Rancher:
Make sure that Rancher is set up and is managing any number of Kubernetes clusters that contain workloads that need to authenticate to Conjur.
Make sure that you have a healthy, running Conjur
Server. For details, see Setup.
Make sure you have access to the Conjur CLI and the Rancher CLI.
The section describes the workflows for setting up the Rancher integration, depending on whether you are deploying
Integration with Rancher supports certificate-based authentication only.
For multi-cluster support, a separate Kubernetes Authenticator must be defined for each Kubernetes cluster.
The Conjur admin sets up a Kubernetes Authenticator for each Kubernetes cluster in Rancher that has workloads need to retrieve secrets from Conjur. This task requires information from the Rancher admin about resources in Rancher and connection details.
The app owner can then set up workloads in the application namespace to authenticate to Conjur and retrieve secrets.