Problem deploying conjur follower in k8s cluster

Hello

We got errors, from k8s site:
CONJ00048I Authentication Error: #<Errors::Authentication::Security::AuthenticatorNotWhitelisted: CONJ00004E ‘authn-k8s/dev-cluster’ is not enabled>

conjur-follower failed to inject client certificate with authenticator authn-k8s service :webservice:conjur/authn-k8s/dev-cluster: CONJ00004E ‘authn-k8s/dev-cluster’ is not enabled

  • Cert-based authn
    Documentation Deploy Conjur Kubernetes Follower
    We have no idea what we might be missing? what is the client certificate in this error? I don’t see any mention of a client certificate in this documentation

KR

It looks like you’re trying to authenticate using an authenticator called “authn-k8s/dev-cluster” but it’s not enabled on the Conjur side. Are you using Conjur OSS or Enterprise? If OSS, what is the value of the CONJUR_AUTHENTICATORS environment variable?
See point number 5 in these docs for more info.

hello

We are using enterprise version, we used this documentation and created Webservices conjur/authn-k8s/dev-cluster and all variables but maybe we got something wrong in points 4 and 5.
should the CA certificate from point 3 should land in the k8s cluster? and does the conjur master’s cluster CA have to be the same as the k8s API? Do they just have to be added as trusted?

KR

From the fact that the error you’re receiving is “Errors::Authentication::Security::AuthenticatorNotWhitelisted: CONJ00004E”, this is probably a configuration issue not related to certificates. Have you verified that the authenticator has been enabled? You can check using the webservice described here and in step 5 here.

We are using cert-based auth
“enabled”: [
“authn”,
“authn-k8s/dev-cluster”,
“authn-ldap/integer-ldap-server”
]
}

Ok i find solution I also had to add “authn-k8s/dev-cluster” /opt/conjur/etc/conjur.conf to the file.
Adding to “/etc/conjur/config/conjur.yml” wasn’t enough.

@Jakub I’m glad it’s working for you now. Please let us know if we can help with anything else.