Hi @nathan.whipple, thanks for your help and sticking with this (your guidance have been important in the details I am missing, sorry about that). I think the resources from last week might not have been alright. I have re-created and re-configured the master from scratch of them reviewing each and every step, so the latest goes more accurate with the observations from your previous posts.
I have used the following to add the ca-cert:
conjur variable values add \
conjur/authn-k8s/conjur-authenticator/kubernetes/ca-cert \
"$(oc get secret -n conjur-follower $TOKEN_SECRET_NAME -o json \
| jq -r '.data["ca.crt"]' \
| base64 --decode)"
The conjur/authn-k8s/conjur-authenticator/kubernetes/api-url variable was added with the API server’s taken from:
oc config view --minify -o json \
> | jq -r '.clusters[0].cluster.server'
The service-account-token was taken from:
TOKEN_SECRET_NAME="$(oc get secrets -n conjur-follower \
| grep 'conjur.*service-account-token' \
| head -n1 \
| awk '{print $1}')"
TOKEN_SECRET_VALUE="$(oc get secret -n conjur-follower $TOKEN_SECRET_NAME -o json \
| jq -r .data.token \
| base64 --decode)"
