Deploy DAP by default for backwards compatibility

[orenbm]

We changed the default behaviour that this repo deploys OSS by default. That change was reverted and we need to do it again. We have the deploy-oss restored and we can continue the work from there.

We need to:

• [ ] Deploy DAP by default and OSS with the --oss flag
• [ ] Decide what the default value will be in kubernetes-conjur-demo & secrets-provider-for-k8s
• [ ] Challenge the way we deploy the OSS cluster. It may be different than the way described in the docs
• [ ] Challenge the way we handle different deployments
  • Currently both deployments are handled in the same scripts where the differences are handled by if [[CONJUR_DEPLOYMENT == "oss" ]] clauses. It may be more readable to have 2 sets of scripts with duplications.
• [ ] Uniform the way we update files with text. We have some sed and some sh.yml replacements.
• [ ] Wait for Conjur server to be ready when configuring Conjur CLI. At this point we just sleep for 45 seconds. We should wait for it properly.
• [ ] Add tests for OSS - at this point we have tests in this repo for DAP. We should have the same for OSS so we don't catch errors only in the consuming projects
• [ ] Update kubernetes-conjur-demo & secrets-provider-for-k8s to consume kubernetes-conjur-deploy properly and run both OSS & DAP tests.

[jvanderhoof]

@orenbm, this is a great set of items. It feels like we need to be a bit more explicit about the stated purpose of each of these key project:

1. kubernetes-conjur-deloy
2. kubernetes-conjur-demo
3. secrets-provider-for-k8s That's outside the scope of the work you're describing here.

[jvanderhoof]

Challenge the way we deploy the OSS cluster. It may be different than the way described in the docs

The kubernetes-conjur-deloy project references Helm. With this shift, we'll need to provide two sets of documented options for OSS Conjur.

[jvanderhoof]

Are we deploying tests into OpenShift as well as Kubernetes?

[orenbm]

Are we deploying tests into OpenShift as well as Kubernetes? Yes

[Tovli]

@izgeri @jasongarabedian - Please see if and how you want to promote this task and give it the needed priority

@orenbm - Thanks for putting all this information together

[orenbm]

When this effort is done - also continue working on this PR: https://github.com/conjurdemos/kubernetes-conjur-demo/pull/78

It uses the changes in deploy to run tests in demo

[izgeri]

@Tovli I think you meant @jvanderhoof

We should use a separate repo for deploying OSS. Can you ask in Slack which would be appropriate? We have the helm chart, the docker-compose for the quick start, I think a few people (in the field? devs?) have their own repos they use for deploying it, @doodlesbykumbi one time created this POC in Secretless (not merged) - having a single canonical repo for OSS deploys (like we have this repo for deploying DAP followers) makes sense. I suspect you could just use the helm chart in your automation and call it a day.

I don't think OSS deploy tools belong in this repo.

[Tovli]

Thanks @izgeri, I am really want to raise the lack of OSS test in k8s and trying to understand who should be assigned such task. We did try to deploy using the helm chart but found the kubernetes-conjur-deploy repo easier to work with @jvanderhoof - Please consider if you want to progress this task, I'll be happy to assist

[izgeri]

for Secretless OSS support, we tested manually and left automated tests for a future effort. since our group owns the OSS, I would really love for this group to be able to define what appropriate automated e2e tests are for OSS and own that going forward - it is just a little tricky right now because we are staffed on other projects.

I will wait for @jvanderhoof to weigh in further before saying more, but I really don't think OSS deploy tools belong in this repo.