OpenShift, Kubernetes

Overview

Integration with Kubernetes or OpenShift enables you to securely pass secrets stored in Conjur to applications running in RedHat OpenShift, Google Kubernetes Engine (GKE), or other Kubernetes implementations. By configuring your environment to integrate with Conjur, secrets are never exposed to third parties.

The Conjur integration provides the following features for your Kubernetes or OpenShift environment:

  • End-to-end encryption of secrets through mutual TLS.

  • Robust authentication and authorization incorporating Conjur policy, signed certificates, and an internal Kubernetes authenticator.

  • Conjur policy provides separation of duties, letting your security teams control container access while development teams define application requirements.

  • Easy deployment of applications across environments and pods.

  • Secret rotation and centralized auditing.

 
  • Unless otherwise noted, all references to Kubernetes applies to native Kubernetes as well as the OpenShift and GKE implementations of Kubernetes.
  • All references to Kubernetes namespaces intentionally includes the OpenShift concept of Project.

Requirements

You must have access to a supported Kubernetes-based environment. The following are supported:

  • OpenShift (v3.11, v4.6, v4.7) with an internal Docker registry

    Support for OpenShift v4.5 has been officially deprecated and is no longer validated by CyberArk

  • Google Kubernetes Engine (GKE)

  • Other Kubernetes environment (v1.5 or later)

In this section: