Not able to setup conjur with helm chart with kubernetes authenticator clients

I am trying to setup my conjur using helm chart using the command below but I am getting error:
helm install conjur-cluster cyberark/conjur-oss \ --set ,dataKey="$DATA_KEY", authenticators="authn-k8s/dev" \ --set postgres.persistentVolume.create=false \ --set service.external.enabled=false \ --namespace conjur
Error: expected at most two arguments, unexpected arguments: ,dataKey=ARi5JN/***********,, authenticators=authn-k8s/dev

In authenticators="authn-k8s/dev" “dev” would be my kubernetes authenticator client.

I tried passing the commands in separate lines as well below:
helm install conjur-cluster cyberark/conjur-oss \ --set,\ --set dataKey="$DATA_KEY",\ --set authenticators="authn-k8s/dev" \ --set postgres.persistentVolume.create=false \ --set service.external.enabled=false \ --namespace conjur
but then I got this error:
Error: expected at most two arguments, unexpected arguments: authenticators=authn-k8s/dev

How do I specify the authenticator parameter while creating the conjur cluster.

Also, should I have my kubernetes authenticator client running before I get to this step?

Hi @agawali ,

Thank you for trying out the Conjur OSS Helm chart! Let’s see if we can get your Conjur OSS cluster deployed.

Just for future reference, when you post here in CyberArk Commons Community, things are displayed in Markdown format, so you can display an entire code block by surrounding it with triple backticks (```) on a line by itself both immediately before and immediately after the block.

I think what you have is very close. What I would change is:

  • For the single-line command, remove the commas and the backslashes between command line settings.
  • For the multiple-line command, remove the commas between command line settings.
  • Set the authenticators with:
    --set authenticators="authn\,authn-k8s/dev"
    This includes the default authn authenticator as well as the authn-k8s authenticator with an authn ID of dev. It also escapes the comma separator with a backslash so that the shell passes it to Helm.
  • For convenience, you can add a wait and a timeout for the helm install ....

Here’s what I end up with for a multiline command:

helm install conjur-cluster cyberark/conjur-oss \
    --set \
    --set dataKey="$DATA_KEY" \
    --set authenticators="authn\,authn-k8s/dev" \
    --set postgres.persistentVolume.create=false \
    --set service.external.enabled=false \
    --namespace conjur \
    --wait \
    --timeout 300s

If you cut-and-paste that, it should work. If you want a reference to compare against, you can look at this example:

Also, if you’d like to run a demo locally as a comparison or reference, here’s a script that uses Kubernetes-in-Docker (KinD) and is very easy to run:

Let us know how this works out for you, and if you have any more questions about using Kubernetes authentication with Conjur OSS.



@agawali ,

Apologies, I forgot to answer your last question:

The answer is no, you don’t need to have the authenticator client running before deploying Conjur OSS.


1 Like

Thanks @dane for providing the solution. It worked on my end.

I have another question about the parameter service.external.enabled if it is set to false then how can conjur-cli which is running on my local machine connect with it? I can create a new post if you would prefer to answer it there.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.