Open tzheleznyak opened 4 years ago
doodlesbykumbi
commented
3 years ago Hi @tzheleznyak. Thanks for adding this issue. The motivation behind this issue isn't immediately obvious for me. Would you mind adding it to the description please ? I think doing so would allow anyone else who might come across the issue to better understand the issue.
tzheleznyak
commented
3 years ago Hi @tzheleznyak. Thanks for adding this issue. The motivation behind this issue isn't immediately obvious for me. Would you mind adding it to the description please ? I think doing so would allow anyone else who might come across the issue to better understand the issue.
Added motivation section
doodlesbykumbi
commented
3 years ago @tzheleznyak Thank you
All the part here of adding secrets from the k8s/openshift to DAP master https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/Latest/en/Content/Integrations/ConjurDeployFollowers.htm?tocpath=Setup%7CConfigure%20DAP%20Followers%7C_____2#ConfigureDAPforautoenrollmentofFollowers
Should be done as part of the script and not manually by the user
Motivation : Currently the user who runs the KCD in order to deploy just a follower to an existing DAP master should store K8S/OCP tokens in the master node in order the master and follower can authenticate each other and start replicating. Even it is the the commands the user need to run. I think adding them to the script could be a good idea so a user will just clone the repo configure in bootstrap his env variables and run it.
In addition if
STOP_RUNNING_ENV =TRUEand the user runs the script for a second time on or cluster with k8s namespace same as the user gave it will override the secrets in k8s/OCP and the secret in the DAP master will be diffrent from the followers k8s secret so the communication will fail. So if after the script will create new secret it will store it in the DAP master the script users won't need to face this problem .