Open izgeri opened 5 years ago
I am also trying to run this guide but getting a version incompatibility at the moment (I've cleaned up all previous docker images as well):
joalmaraz:conjur:conjur-oss-helm-chart joalmaraz$ helm install --set dataKey="$(docker run --rm cyberark/conjur data-key generate)" ./conjur-oss Unable to find image 'cyberark/conjur:latest' locally latest: Pulling from cyberark/conjur 9ff7e2e5f967: Pulling fs layer 59856638ac9f: Pulling fs layer ....
Status: Downloaded newer image for cyberark/conjur:latest Error: incompatible versions client[v2.14.0] server[v2.13.1] joalmaraz:conjur-oss-helm-chart joalmaraz$
@jralmaraz While the docs definitely need more work, your error indicates that the Tiller server (part of Helm) on your cluster does not match the client version and isn't really a bug in the Helm chart itself. You can use this to update it: helm init --upgrade
(you might want to read in details about this command if you have other apps deployed on it though).
See here for more info.
I think what I meant was more about that, the base versioning of it that might need to be more generic maybe, in the documentation, but thanks for pointing it out and I will be extra careful on any coming comment :)
In trying to use this recently, I noticed a few small things that we could update to make it easier to use:
[ ] Do you actually have to put “authn” in the authenticators list? I thought by default that authenticator was always on - using it this way here seems inconsistent with the rest of our documentation.
[ ] A lot of the instructions for how to configure Conjur are displayed in the terminal when I install the helm chart, but the README doesn't tell me that's going to happen so it was really confusing until I ran the install command how I was going to configure Conjur.
[ ] I know the helm chart installs Conjur, but (as described in the previous bullet) I don't know how Conjur gets configured (or that it needs to be configured). But in the [README]() it says:
At this point in the README, I have no idea how the initial Conjur account gets created. Do I set it? Is it a configuration variable? How do I know what to set this to when using the K8s authenticator? Even having run through this once, I think I'd have to run through it all again to figure out how to set the account to something other than
default
.[ ] There is a reference in the chart instructions (once you install) to set up your /etc/hosts, so I did that locally. Later I spun up a CLI container, though, and I had to set up /etc/hosts there too - that could be clearer in the instructions.
I hope these comments make sense - please feel free to get in touch if they don't. Basically a lot of the confusion stemmed from a lack of clarity around exactly what steps the helm chart covered vs what steps I would cover myself by following the instructions after install. It would be great to clarify this at some point.