I have deployed conjur open source and Kubernetes Authenticator as well. While deploying below yaml in cluster i get Authenticator Client Error Logs (mentioned below).
While setting up the Authenticator using below helm install command, the the CM conjur-configmap data “conjurSslCertificate and conjurSslCertificateBase64” shows empty. I injected the conjurSslCertificate manually so
This looks with certification issue. Is there anyway to know we are giving the right conjur.certificateFilePath one while helm install cluster-prep or anything other steps to do for configurations.
Hi @somitnirmata
Are you seeing any Helm errors? Were you seeing Helm errors to begin with that required setting theconjurSslCertificate manually? When Helm installing with the remote helm repo cyberark/conjur-config-cluster-prep the cert needs to be B64 encoded, and I would expect Helm to give this error - “If you are using helm install with a (remote) chart reference, please use conjur.certficateBase64 instead of conjur.certificateFilePath.”
Are you seeing that error?
Yes. I see error when i do below helm install, when conjur-configmap has no conjurSslCertificate data. So inorder to avoid this we manullay injected ssl into this
Is it possible for you tell why the conjurSslCertificate: kept empty?
apiVersion: v1
data:
authnK8sAuthenticatorID: dev-cluster
authnK8sClusterRole: conjur-clusterrole
authnK8sNamespace: cyberark-conjur
authnK8sServiceAccount: authn-k8s-sa
conjurAccount: myConjurAccount
conjurApplianceUrl: https://conjur123.lab.nirmata.co
conjurSslCertificate: “”
conjurSslCertificateBase64: “”
helm install cluster-prep cyberark/conjur-config-cluster-prep
–namespace cyberark-conjur
–create-namespace
–set conjur.account=“myConjurAccount”
–set conjur.applianceUrl=“https://url”
–set conjur.certificateFilePath=“/Users/somitsebastian/conjur/authenticator-setup-2/pem/conjur.pem”
–set conjur.certificateBase64=“$(base64 -w0 /Users/somitsebastian/conjur/authenticator-setup-2/pem/conjur.pem)”
–set authnK8s.authenticatorID=“dev-cluster”
–set authnK8s.serviceAccount.name=“authn-k8s-sa” base64: invalid option – w
Usage: base64 [-hvDd] [-b num] [-i in_file] [-o out_file]
-h, --help display this message
-Dd, --decode decodes input
-b, --break break encoded string into num character lines
-i, --input input file (default: “-” for stdin)
-o, --output output file (default: “-” for stdout)
Error: INSTALLATION FAILED: values don’t meet the specifications of the schema(s) in the following chart(s):
conjur-config-cluster-prep:
conjur.certificateBase64: String length must be greater than or equal to 1
Its saying base64: invalid option – w and specification error. By any chance you meant base64 -d. In that case I have tried that also and getting specification error:
helm install cluster-prep cyberark/conjur-config-cluster-prep
–namespace cyberark-conjur
–create-namespace
–set conjur.account=“myConjurAccount”
–set conjur.applianceUrl=“https://url”
–set conjur.certificateFilePath=“/Users/somitsebastian/conjur/authenticator-setup-2/pem/conjur.pem”
–set conjur.certificateBase64=“$(base64 -d /Users/somitsebastian/conjur/authenticator-setup-2/pem/conjur.pem)”
–set authnK8s.authenticatorID=“dev-cluster”
–set authnK8s.serviceAccount.name=“authn-k8s-sa”
Error: INSTALLATION FAILED: values don’t meet the specifications of the schema(s) in the following chart(s):
conjur-config-cluster-prep:
conjur.certificateBase64: Does not match pattern ‘^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$’