This is a tutorial on how to secure secrets of OpenShift applications by CyberArk Dynamic Access Provider (DAP).
We will cover deploying DAP follower instances manually, and by follower seed fetcher.
Secretless Broker & inital container will also be covered in this tutorial.
Extra tech challenges will be included in each sections for quick learners.
OKD is used as the OpenShift platform to host the demo app The application will connect to a MySQL database to retreive data, and during authenication, secrets will be used by the application.
Dynamic Access Provider (DAP) is used in this tutorial to secure & manage the secrets.
- Access to Smartfile
- FTP client
- 7zip or Winzip installed on your workstation
- VMware Workstation 12 or greater installed on your workstation
- CyberArk CorePAS installed on VMWare workstation,
CGD-2020-0101-GAprefered - Sufficient disk space for additional 2 virtual machines (5.6GB for compressed VM and/or 24GB for extracted VM)
- Setup CyberArk CorePAS based on CGD
- Setup 2 Extra VM (DAP Master & OKD)
- Onboard MySQL Account to CorePAS
- Setup DAP Master
- Configure Vault Synchronizer
- Login to OKD
- Create projects
- Push image
- Deploy app
- Create secret & route
- Create project
- Create serviceaccount
- Push image
- Deploy follower
- Copy seed and config follower
- Verify status
- Clean-up
- Load Policy
- Initialize CA
- Enable authenicator
- Create role
- Load variables
- Push images
- Add Master certificate
- Deploy followers
- Push image
- Load policy for app
- Prepare and load cert
- Re-deploy app
- Push image
- Prepare and apply config
- Re-deploy app