Demo supports Conjur OSS and annotation-based authn-k8s

[diverdane]

This change includes:

• Adds support for running demo scripts directly on a Conjur OSS cluster that has been deployed via Conjur OSS Helm chart.
• Adds support for creating a Conjur CLI pod for scripts to use if it doesn't exist (needed e.g. for running with Conjur OSS).
• Selectable operation for annotation-based authn-k8s vs. host-ID-based authn-k8s.
• Reorders and reorganizes scripts to separate the steps normally done by a security admin vs. steps that are done to deploy the application.
• Significant re-write of the README.md to differentiate security admin steps vs. app deploy steps to reconcile this documentation with our other community repos.
• CI for testing annotation-based authn-k8s on GKE.

Addresses Issue #106, Issue #92, and Issue #108

[diverdane]

@Kumbi, thanks for the review!

• I made the change that you suggested for using CONJUR_OSS_HELM_DEPLOYED directly.
• I also made an additional small change:
  • I moved the configure_conjur_cli function so that it's always run
  • I changed the name of this function to ensure_conjur_cli_initialized I did this to make things more robust. There were times when I had environment variables messed up, and the Conjur CLI pod got created but initialization failed at first. Fixing the env variable and re-running the script didn't work with the prior code, because the initialization was getting called conditionally: only when the Conjur CLI pod was created. Now it's always run, and it's okay if this gets called when the pod is already initialized.
• I filed and issue for replacing sed with either Yaml.sh or Helm charts (wherever that's possible): https://github.com/conjurdemos/kubernetes-conjur-demo/issues/113

[diverdane]

For some reason the build is currently failing...

For the life of me, I can't figure out why this failed. Just before the point of failure, the conjur-master-ext service is created:

[2020-10-20T19:49:01.750Z] ++++++++++++++++++++++++++++++++++++++
[2020-10-20T19:49:01.750Z] 
[2020-10-20T19:49:01.750Z] Creating load balancer for master and standbys.
[2020-10-20T19:49:01.750Z] 
[2020-10-20T19:49:01.750Z] ++++++++++++++++++++++++++++++++++++++
[2020-10-20T19:49:02.696Z] service/conjur-master-ext created

But then moments later, there's an error revolving around this service not existing:

[2020-10-20T19:49:03.723Z] ++++++++++++++++++++++++++++++++++++++
[2020-10-20T19:49:03.723Z] 
[2020-10-20T19:49:03.723Z] Configuring master pod.
[2020-10-20T19:49:03.723Z] 
[2020-10-20T19:49:03.723Z] ++++++++++++++++++++++++++++++++++++++
[2020-10-20T19:49:03.981Z] pod/conjur-cluster-569f787bdb-86kxd labeled
[2020-10-20T19:49:04.241Z] error: you need to provide a route port via --port when exposing a non-existent service

I looked to see that all of the parallel OpenShift CI tests that are happening are using their own projects (namespaces), and they definitely are, so it's not being caused by deletion of a project/namespace by another parallel test.

I'm going to re-run the tests.

[diverdane]

@kumbi, I made a stab at making sure that these scripts are backwards-compatible with other repos that use these scripts and make use of the DEPLOY_MASTER_CLUSTER env variable. Details are in my comments above. Please take a look and let me know if there's a better way.