There are reusable scripts for development environments and automated testing

Summary

Create scripts for development environment and CI testing:

To generate and load authn-k8s-specific Conjur policy
To generate and load application-specific Conjur policy
To do Helm install for cluster prep and app Namespace prep
Use the Helm chart from #238 to deploy example application(s) with a selectable list of authenticator types to deploy
To verify secrets access for example application

Example Use Cases

The scripts described here can be used for:

Automated CI for testing Kubernetes authentication on for various Conjur OSS/Enterprise configurations
A quick-start guide for Kubernetes authentication
Katacoda tutorials for Kubernetes authentication

Out of Scope

For purposes of splitting out tasks into more manageable chunks, a couple of other issues have been created to implement some aspects of this feature separately:

This issue does not include the addition of support for Secrets Provider init/app containers. Support for Secrets Provider authenticators will be added incrementally using Issue #247.
This issue does not include testing the script workflow on OpenShift platform. This testing will be done incrementally, using Issue #248.

Implementation details

This issue involves basically making a copy or fork of conjurdemos/kubernetes-conjur-demo scripts and modifying these scripts to use invocations of helm install ... with the following Helm charts, rather than using bash/sed/kubectl to do deployments:

Kubernetes cluster prep Helm chart (Issue #227)
Namespace prep Helm chart (Issue #236)
Sample application Helm chart (Issue #238)

The scripts for this workflow can be developed as follows:

Start with a clone/fork of the conjurdemos/kubernetes-conjur-demo script repository
The set_env_vars.sh script can probably be deleted. Most chart values for the above Helm charts will likely be required settings. (Remove its invocation from start).
Modify the 0_prep_check_dependencies.sh file to require the existence of environment variable settings that correspond to every required chart value for all 3 Helm charts. For example, for the cluster prep Helm chart, add a check for an environment variable CONJUR_ACCOUNT corresponding to the conjur.account chart value. NOTE: These environment variable settings will be used on the helm install .... command line to set the corresponding chart value. For example, for conjur.account, the following command line setting will be included for helm install ...:
```
           --set conjur.account="$CONJUR_ACCOUNT"
```
Passing in settings to these scripts as environment variables is more convenient than creating a custom values.yaml file (and we can use Summon in CI).

Note that the checks for required environment variable settings are being added here, even though the charts will check for required values settings themselves, so that we fail quickly. For example, if we're missing env variable setting for the application deployment, we won't have to wait run helm install of the other Helm charts before discovering the missing setting.
Modify the 4_app_create_namespace.sh to:
- Eliminate the creation of the RoleBinding
- Add invocation of helm install ... for cluster prep helm chart (could be a separate bash script)
- Add invocation of helm install ... for Namespace prep helm chart (could be a separate bash script)
Delete the 5_app_store_conjur_cert.sh script and remove its invocation from start
Modify the 7_app_deploy.sh to use new sample Application deploy Helm chart

DoD

[ ] The conjur-authn-k8s-client project includes utility scripts for policy loading to be used in the e2e tests and in the "quick start" demo

Note: in both cases (automated tests & demo), we are deploying Conjur so that we have access to the Conjur OSS server / Conjur Enterprise leader to load policy.

cyberark / conjur-authn-k8s-client