OpenShift/Kubernetes

Integration of Conjur with supported Kubernetes-based implementations, such as Red Hat OpenShift, GKE, and EKS enables applications running on your Kubernetes platform to retrieve secrets stored in Conjur securely, without ever exposing the secrets to third parties.

 
  • If you are integrating a Rancher-managed Kubernetes environment, see Rancher.
    • Unless specifically noted otherwise, all references to Kubernetes apply to Self-hosted Kubernetes as well as Red Hat OpenShift and other supported Kubernetes-based implementations.
    • All references to Kubernetes namespaces intentionally include the OpenShift concept of project.

Supported Kubernetes-based environments

The following Kubernetes-based environments are supported:

Vendor

Cert-based

JWT-based

OpenShift

v4.6 EUS, v4.8, v4.9, 4.10 with an internal Docker registry

Support for OpenShift v3.11 and v4.7 has been officially deprecated and is no longer validated by CyberArk.

v4.8, v4.9, v4.10 with an internal Docker registry

Google Kubernetes Engine (GKE)

All GKE supported versions

1.21

Other Kubernetes environments

 

1.21

What does the integration provide?

The Conjur - Kubernetes integration provides the following:

  • End-to-end encryption of secrets through mutual TLS (certificate-based authentication only)

  • Robust authentication and authorization incorporating security policy, signed certificates (certificate-based authentication only), and native Conjur authenticators:

    • Kubernetes Authenticator for certificate -based authentication

    • JWT Authenticator for JWT-based authentication

  • Security policy provides separation of duties, letting your security teams control container access while development teams define application requirements

  • Deployment of applications across environments and Pods

  • Secret rotation and centralized auditing