Skip to content

Latest commit

 

History

History
173 lines (110 loc) · 6.47 KB

CONTRIBUTING.md

File metadata and controls

173 lines (110 loc) · 6.47 KB
Raw

Contributing

For general contribution and community guidelines, please see the community repo.

Contributing

  1. Fork the project
  2. Clone your fork
  3. Make local changes to your fork by editing files
  4. Commit your changes
  5. Push your local changes to the remote server
  6. Create new Pull Request

From here your pull request will be reviewed and once you've responded to all feedback it will be merged into the project. Congratulations, you're a contributor!

Deploying Conjur Master and Followers (Test and Demo Only)

Master Cluster configuration

Please note that running master cluster in OpenShift and Kubernetes environments is not recommended and should be only done for test and demo setups.

As mentioned before if you are using these scripts to deploy a full cluster, you will need to set in dev-bootstrap.env:

export DEPLOY_MASTER_CLUSTER=true

You will also need to set a few environment variable that are only used when configuring the Conjur master. You must provide an account name and password for the Conjur admin account:

export CONJUR_ACCOUNT=<my_account_name>
export CONJUR_ADMIN_PASSWORD=<my_admin_password>

Finally, run ./start to execute the scripts necessary for deploying Conjur.

Data persistence

The Conjur master and standbys are deployed as a Stateful Set on supported target platforms (Kubernetes 1.5+ / OpenShift 3.5+). Database and configuration data is symlinked and mounted to persistent volumes. These manifests assume a default Storage Class is set up for the cluster so persistent volume claims will be fulfilled.

Volumes:

  • /opt/conjur/dbdata - 2GB, database persistence
  • /opt/conjur/data - 1GB, seed file persistence

Setup

To configure the Conjur master to persist data, run these commands in the Conjur master container before running evoke configure master ....

# mv /var/lib/postgresql/9.3 /opt/conjur/dbdata/
# ln -sf /opt/conjur/dbdata/9.3 /var/lib/postgresql/9.3

# evoke seed standby > /opt/conjur/data/standby-seed.tar

Note that setup is done as part of script 6_configure_master.sh.

Restore

If the Conjur master pod is rescheduled the persistent volumes will be reattached. Once the pod is running again, run these commands to restore the master.

# rm -rf /var/lib/postgresql/9.3
# ln -sf /opt/conjur/dbdata/9.3 /var/lib/postgresql/9.3

# cp /opt/conjur/data/standby-seed.tar /opt/conjur/data/standby-seed.tar-bkup
# evoke unpack seed /opt/conjur/data/standby-seed.tar
# cp /opt/conjur/data/standby-seed.tar-bkup /opt/conjur/data/standby-seed.tar
# rm /etc/chef/solo.json

# evoke configure master ...  # using the same arguments as the first launch

Standbys must also be reconfigured since the Conjur master pod IP changes.

Run relaunch_master.sh to try this out in your cluster, after running the deploy. Our plan is to automate this process with a Kubernetes operator.

Conjur CLI

The deploy scripts include a manifest for creating a Conjur CLI container within the Kubernetes environment that can then be used to interact with Conjur. Deploy the CLI pod and SSH into it:

# Kubernetes
kubectl create -f ./kubernetes/conjur-cli.yaml
kubectl exec -it [cli-pod-name] -- sh

# OpenShift
oc create -f ./openshift/conjur-cli.yaml
oc exec -it <cli-pod-name> -- sh

Once inside the CLI container, use the admin credentials to connect to Conjur:

conjur init -h conjur-master

Follow our CLI usage instructions to get started with the Conjur CLI.

Conjur UI

Visit the Conjur UI URL in your browser and login with the admin credentials to access the Conjur UI.

Deploying Conjur Master and Followers (Local Environment)

You can now deploy a local development environment for Kubernetes using Docker Desktop. Docker Desktop provides a convenient way to deploy and develop from your machine against a locally deployed cluster.

Prerequisites

  1. Docker Desktop installed

  2. Kubernetes enabled in Docker Desktop

    1. Navigate to Docker Preferences

    2. Click on the Kubernetes tab and "Enable Kubernetes"

  3. By default, 2.0 Gib of memory is allocated to Docker on your computer.

    To successfully deploy a Conjur Enterprise cluster (Master + Followers + Standbys), you will need to increase the memory limit to 6 Gib. To do so, perform the following:

    1. Navigate to Docker preferences

    2. Click on "Advanced" under "Resources" and slide the "Memory" bar to 6

Deploy

To deploy locally, perform the following:

  1. Ensure you are in the proper local context. Otherwise, the deployment will not run successfully

    Run kubectl config current-context to verify which context you are currently in so if needed, you can switch back to it easily

    Run kubectl config use-context docker-desktop to switch to a local context. This is the context you will need to run locally

  2. In dev-bootstrap.env uncomment the LOCAL DEV CONFIG section and adjust the configurations in dev-bootstrap.env as needed

  3. Run source dev-bootstrap.env

  4. Run ./start appending --oss or --dap according to the environment that needs to be deployed (the default is dap)

Clean-up

To remove K8s resources from your local environment perform the following:

Run kubectl get all --all-namespaces to list all resources across all namespaces in your cluster

Run kubectl delete <resource-type> <name-of-resource> --namespace <namespace>

or kubectl delete all --all -n <namespace> to delete the whole namespace.

Note that for Deployments, you must first delete the Deployment and then the Pod. Otherwise the Pod will terminate and another will start it its place.