Hi everyone,

Found different topics regarding the same issue but they are quite outdated so I will ask it again.
Is there any straight forward way now to deploy conjur OSS on openshift 4.x without the need to alter any Security Contexts due to permissions issue on the containers not running with root priv?

We are trying to make a POC to test the solution before considering the EE/DAP version.

Thank you

Hi @amanz,

We are aware of the shortcomings in deploying Conjur OSS in OpenShift. An updated deployment is in development and we hope to be able to share that within the next couple of months.
If you need this sooner, a POC of DAP can be easily arranged. Note that DAP deployments are fundamentally different than Conjur OSS. DAP is deployed as a high availability server cluster at the core, with a distributed architecture of auto scaled “Followers” at the edges. The server cluster itself is deployed outside of Openshift, the real interaction is facing the Follower. In addition, DAP’s secrets backend is CyberArk Vault.
The REST API’s are identical so you can absolutely POC application aspects in OSS but if you are also interested in the operational and secret management aspects, it may be beneficial to POC DAP instead.

Thanks,
Boaz

@amanz As Boaz noted, we’re in the process of updating the Conjur OSS helm chart deployment for OCP support. You might in particular find the conversation on this draft PR useful: https://github.com/cyberark/conjur-oss-helm-chart/pull/71 - if you want to watch to see when the relevant changes officially land, keep an eye out on the helm chart project and in particular on https://github.com/cyberark/conjur-oss-helm-chart/issues/60.

Hope this helps

Thanks @izgerij and @boazmichaely for the response, I will check the relevant PR you mentioned and monitor it once its merged. I can see few images are already available so might be able to test them right now and let you know.

Thank you