Dears,
In our ecosystem, we want to run the Conjur Followers on an OpenShift infrastructure (V3 or V4), for this we have created a “service account”, as per the recommendations we requested to add “ClusterRole” and “ClusterRoleBinding” for the service account, however it was also mentioned to add the below to the cluster as an admin, would like to know why it is required to provide Conjur appliance image “anyuid” privileges. This provides root access for the images and could you please provide your experiences and inputs, as this is currently blocking us in implementation.
“oc adm policy add-scc-to-user anyuid “system:serviceaccount::”
Kr,
Gautam.
Hi @gautamkanithi ,
The appliance follower requires access to the kernel key ring for handling of the encyrption keys and private keys used for the various components within. We recognize that this is a common pain point for customers though and will be releasing shortly a new version of the follower that removes this requirement.
Regards,
Nathan
Hi @nathan.whipple
Thank you for your response, would like to know what is the road map and when it will be release.
As this blocks Conjur implementation in our organization and project is on hold.
Kr,
Gautam.
@gautamkanithi, apologies for the delay. To get an answer for this, we’d need PM to comment. The easiest way to make sure that happens is to reach out to your AE to discuss options and to engage PM. I hope that helps.
Regards,
Nathan