Skip to content

Venafi/kubernetes-demos

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

312 Commits
archives
archives
 
 
images
images
 
 
main
main
 
 
projects
projects
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Kubernetes Demos

This repository contains demos that show how to secure Kubernetes workloads with CyberArk Certificate Manager

⚠️ These are demos for learning. They are simplified and not production-ready.

Assumptions

  • You have access to CyberArk Certificate Manager and have the entitlements to use Workload Identity Manager and Kubernetes add-on
  • If you do not, sign up for an account at https://ui.venafi.cloud .

Comprehensive Use Cases

The main/ directory contains full, end-to-end scenarios, such as:

  • SaaS quick path
  • Certificate Discovery
  • Istio service mesh with mTLS and cert issuance
  • Workload Identity Manager for SPIFFE compliant certs with enterprise PKI for service mesh
  • Cyberark CLI based mechanism (venctl) to install and manage Kubernetes components
  • Redhat Operator based mechanism (as an alternate path to venctl) to manage Kubernetes components in OpenShift

Refer to the README to get started with configurations in the SaaS and runtime instructions provided here

If you prefer to use a ready-to-use EC2 machine with a cluster along with all the dependencies, just reach out.

Projects

The projects/ directory contains smaller, focused demos.
Each project folder has its own README with setup instructions (or will have one soon).

Project (folder) Description README
awspca AWS Private CA integration README
ccm-agent Discover and inventory Kubernetes certificates using Federated Identity README
ccm-idp Issue TLS certs with service accounts using Org Identity Provider without APIKEY README
ccm-vault Certificate Manager Integration with HashiCorp Vault README
kong-mesh Cyberark Workload Identity Manager + Kong Mesh README
nginx-plus Cyberark Certificate Manager with F5 NGINX Plus README
secrets-hub Discover Hashicorp Vault secrets from Cyberark Secrets Hub README
secrets-manager Issue certs from CyberArk Secrets Manager with Certificate Manager Integration README

Clusters

The scripts/ directory contains cloud provider specific scripts to stand up a cluster.

Scripts (folder) Description README
EKS (AWS) Full end to end EKS cluster build and destroy README
AKS (Azure) Full end to end AKS cluster build and destroy README
GKE (Google Cloud) Full end to end GKE cluster build and destroy README
OpenShift (RedHat) Full end to end OpenShift (ROSA) cluster build and destroy README
Kind (for local) Kind cluster for quick testing README

Misc

The scripts/ directory miscellaeous work for supporting usecases.

Scripts (folder) Description README
HashiCorp Vault TLS Enabled Hashicorp Vault Instance on EC2 using CloudFormation README
registry Full setup and configuration for Harbor Registry README
ccm-mirror Scripts to mirror charts and images to target regisry README

Contributing

  • Keep demos simple and reproducible.
  • Add/update README.md files in each projects/<name>/ directory.
  • Update this table when new projects are added.

License

Apache 2.0

About

No description or website provided.

Topics

kubernetes security policy service-mesh cyberark mtls spiffe cert-manager venafi csi-driver cyberark-automation

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

11 stars

Watchers

7 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages