Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Preparing a CTE for Kubernetes Volume for Deployment

Deploying Pods/Services in a Kubernetes Cluster

search

Deploying Pods/Services in a Kubernetes Cluster

The CTE for Kubernetesimages are distributed through the Thales Docker Hub.

  • All of the pods/services are deployed using yaml files. The yaml files are executed using the provided deploy.sh scripts.

  • CTE for Kubernetes only supports homogeneous Kubernetes clusters, i.e., all nodes of the Kubernetes clusters must be x86_64, or all nodes must be arm64.

Pod Types Created

The installation of CTE for Kubernetes creates two types of pods:

  • cte-csi-controller-XXXXXXXXXX-XXXXX

    • Kind: Pod Deployment Type

    A Deployment manages a set of Pods to run an application workload. After you describe a desired state in a Deployment, and the Deployment Controller changes to that actual state at a controlled rate, you can define Deployments to create new ReplicaSets, or to remove existing Deployments, and adopt all of their resources with new Deployments. See Kubernetes Deployments for more information.

    • One Pod, started by default, may be scaled up post installation

  • cte-csi-node-XXXXX

    • Kind: Pod DaemonSet Type

    A DaemonSet defines Pods that provide node-local facilities. It ensures that all, or a subset of, nodes run a copy of a specified Pod. As nodes are added to the cluster, Pods are added to them. As nodes are removed from the cluster, those Pods are garbage collected. Deleting a DaemonSet will clean up the Pods it created. See DaemonSet for more information.

    • One Pod for each Kubernetes node in the cluster

Options for Deploy Scripts for Pods

Deploy all of the pods by using the following command and needed arguments from the following table:

Short Option Long Option Description
-r --remove Remove all the running pods, services and secrets.
-t --tag Tag of the image on the server. Default is the latest.
-o --operator Deploy the CTE for Kubernetes Operator and CSI driver.
--operator-ns= The namespace in which to deploy the Operator.
--cte-ns= The namespace in which to deploy the CSI driver.
--cri-sock= Container Runtime Interface socket path.

For CTE for Kubernetes v1.3.0 and subsequent versions, the deployment script uses the repository image index as the image name, instead of the individual platform image names. The manifest (cte_csi : <tag>) points to an image.

Note

The default image name is: cte_csi. You do not need to specify the image name if you use the default name.

Terminating Pods

To terminate all of the pods and delete all of the services and secrets:

  1. Change to the CTE for Kubernetes directory, type:

    cd ciphertrust-transparent-encryption-kubernetes

  2. For Operator deployment, type:

    ./deploy.sh --remove --operator-ns=my-ns1 --cte-ns=my-ns2

  3. For Helm deployment, type:

    ./deploy.sh --remove --helm

Verify CTE for Kubernetes

Verify that CTE for Kubernetes is running, type: 

kubectl get pods --namespace=kube-system -o wide | grep cte-csi

RESPONSE

NAME                                                                   READY   STATUS    RESTARTS        AGE     IP              Node
kube-system    cte-csi-controller-5db888d6cb-tn6lr                     4/4     Running   0               6m59s   10.244.1.5      ubuntu20-02-kubcluster-worker    <none>           <none>
kube-system    cte-csi-node-lz7t9                                      4/4     Running   0               6m59s   10.244.0.26     ubuntu20-02-kubcluster-master    <none>           <none>
kube-system    cte-csi-node-pzvwb                                      4/4     Running   0               6m59s   10.244.2.2      ubuntu20-02-kubcluster-worker2   <none>           <none>
kube-system    cte-csi-node-wmhhl                                      4/4     Running   0               6m59s   10.244.1.4      ubuntu20-02-kubcluster-worker    <none>           <none>

On this page