Managing Kubernetes Storage Groups

Create, view, edit, and delete Kubernetes (K8s) storage groups on the K8s Storage Groups page of the CipherTrust Manager GUI.

The terms storage group, CSI storage group, Kubernetes storage group, and K8s storage group refer to the same resource and can be used interchangeably.

Creating Kubernetes Storage Groups

All the K8s clients that you want to attach to a storage group must have the same K8s Namespace and K8s StorageClass.

To create a storage group:

1. Open the Transparent Encryption application.

2. In the left pane, click Clients > K8s Storage Groups. The K8s Storage Groups page is displayed.

3. Click Create K8s Storage Group. The General Info screen of the Create K8s Storage Group wizard is displayed.

4. Specify a unique Name for the group.

5. Enter the K8s Namespace.

6. Enter the K8s StorageClass.

7. (Optional) Select a Client Profile for the storage group. The default profile is DefaultClientProfile.

8. (Optional) Provide a Description for the storage group.

9. Click Next. The Review screen is displayed.

10. Review the provided details. The Review screen displays general information about the storage group you specified. If the details are incorrect or you want to modify them, click Back and update the details.

11. Click Save.

The newly created storage group appears in the K8s Storage Groups list.

You can change the client profile linked to the storage group later. Refer to Changing the Client Profile for details.

Viewing Details of Kubernetes Storage Groups

To view the details K8s storage groups:

1. Open the Transparent Encryption application.

2. In the left pane, click Clients > K8s Storage Groups. The list of K8s storage groups is displayed. The following details are displayed:

   Column	Description
   Name	Name of the K8s storage group.
   StorageClass	K8s StorageClass linked to the storage group.
   Namespace	K8s Namespace linked to the storage group.
   Created At	Date and time when the storage group is created.
   Updated At	Date and time when the storage group is updated the last.
   Description	Description of the storage group.

The K8s Storage Groups page also provides options to view the client profile and K8s clients linked to the storage groups. To view these details, click the expand icon corresponding to the desired storage group.

The K8s clients attached to a storage group are also visible on the Membership tab of the storage group. Refer to Viewing Attached K8s Clients for details.

Changing the Client Profile

To change the linked client profile:

1. Open the Transparent Encryption application.

2. In the left pane, click Clients > K8s Storage Groups.

3. Click the expand icon corresponding to the desired storage group.

   Alternatively, click the Name link corresponding to the desired storage group.

4. Next to Client Profile, click the profile link (for example, DefaultClientProfile). The Select Profile dialog box shows the current client profile and Rekey Option, Rekey Rate, and Schedule of the selected profile.

5. From the Profile drop-down list, select the desired profile.

6. Click OK. The selected profile is linked successfully.

Updating Description of a Kubernetes Storage Group

To add or edit the description of a K8s storage group:

1. Open the Transparent Encryption application.

2. In the left pane, click Clients > K8s Storage Groups. The list of K8s storage groups is displayed.

3. Click the overflow icon () corresponding to the desired K8s storage group.

4. Click Edit.

5. Add or update the Description field.

6. Click Update.

The storage group description is updated.

Viewing GuardPolicies Applied to a Storage Group

To view GuardPolicies applied to a storage group:

1. Open the Transparent Encryption application.

2. In the left pane, click Clients > K8s Storage Groups. The list of K8s storage groups is displayed.

3. Under Name, click the desired storage group. The GuardPolicies tab shows the following details:

   Column	Description
   Policy Name	Name of the applied policy.
   Type	Type of the GuardPolicy - csi_manual.
   Enabled	Whether the GuardPolicy is enabled - Yes or No.

To remove/disable a GuardPolicy, click the overflow icon () corresponding to the GuardPolicy and click Remove/Disable.

If a GuardPolicy is active on a K8s client, the policy cannot be removed or disabled from the storage group associated with that client.

Viewing Attached Kubernetes Clients

The Membership tab of a storage group displays the attached K8s clients.

To view the K8s clients attached to a storage group:

1. Open the Transparent Encryption application.

2. In the left pane, click Clients > K8s Storage Groups. The list of K8s storage groups is displayed.

3. Under Name, click the desired storage group.

4. Click the Membership tab. The tab displays the K8s clients attached to the storage group. The following details are displayed:

   Column	Description
   Status	Health status of the K8s client.
   Name	Name of the K8s client. The name is a combination of: • The node on which the K8s client is running • The linked StorageClass • The namespace where the K8s client pod runs • A random string
   Description	Description of the K8s client.

Deleting a Kubernetes Storage Group

A storage group can only be deleted if no K8s clients are attached to it. As K8s clients are automatically attached to a storage group, they cannot be detached explicitly. K8s clients are detached from the linked storage groups only when the clients crash.

When a storage group is deleted, any attached GuardPolicies are removed automatically.

To delete a K8s storage group:

1. Open the Transparent Encryption application.

2. In the left pane, click Clients > K8s Storage Groups. The list of K8s storage groups is displayed.

3. Click the overflow icon () corresponding to the K8s storage group you want to delete.

4. Click Delete. A dialog box appears prompting to confirm the action.

5. Click Delete.

The K8s storage group is deleted.