Deploy CRDP as a Standalone Container
This article covers the steps involved in deploying CRDP as a standalone container in Docker. Refer to Alternative Deployment Methods for other methods of deploying CRDP.
Prerequisites
This deployment scenario assumes that:
Docker Container runtime environment (CRE) is ready.
Docker version 24.0.1 or higher should be installed.
CipherTrust Manager 2.14 or higher is up and running. Refer to CipherTrust Manager Deployment for details.
Your Kubernetes environment and orchestrator have access to the ciphertrust-restful-data-protection repository.
CRDP image repository
The thalesciphertrust/ciphertrust-restful-data-protection repository contains the following image for CRDP:
CRDP (with 1.0.0 tag): thalesciphertrust/ciphertrust-restful-data-protection:1.0.0
CRDP (with latest tag): thalesciphertrust/ciphertrust-restful-data-protection:latest
The image path with the latest tag always points to the latest release.
Steps to deploy CRDP as standalone container
On CipherTrust Manager, define an Application and generate a registration token. Keep this registration token for a future step. Refer to Defining applications in the Application Data Protection Administration Guide for details.
Pull the CRDP image to the container environment as shown below:
docker pull thalesciphertrust/ciphertrust-restful-data-protection:latest
Read and understand the parameters used by the CRDP described here. This will help perform the next step.
Run the CRDP in container environment. The deployment command will slightly vary based on the type server mode selected by the user. The default server mode for CRDP is
tls-cert-opt
.docker run -e KEY_MANAGER_HOST=<IP_address/host_name> -e REGISTRATION_TOKEN=<registration_token> -p <host-port>:<CRDP_port> -e SERVER_MODE=no-tls <crdp_image_name>
Here,
host-port
: The port of the host machine.crdp_image_name
: Path including the name of the CRDP image.
docker run -e KEY_MANAGER_HOST=<IP_address/host_name> -e REGISTRATION_TOKEN=<registration_token> -p <host-port>:<CRDP_port> -e SERVER_MODE=tls-cert-opt -e CERT_VALUE=<> -e KEY_VALUE=<> <crdp_image_name>
Here,
host-port
: The port of the host machine.crdp_image_name
: Path including the name of the CRDP image.
docker run -e KEY_MANAGER_HOST=<IP_address/host_name> -e REGISTRATION_TOKEN=<registration_token> -p <host-port>:<CRDP_port> -e SERVER_MODE=tls-cert -e CERT_VALUE=<> -e KEY_VALUE=<> -e TRUSTED_CA=<> <crdp_image_name>
Here,
host-port
: The port of the host machine.crdp_image_name
: Path including the name of the CRDP image.Note
The client must have the certificate and key signed by the
TRUSTED_CA
.
Verify your deployment
Call the following APIs to verify your deployment:
curl http://localhost:<CRDP_PORT>/liveness -H 'Content-Type: application/json' -X GET
curl http://localhost:<CRDP_PORT>/healthz -H 'Content-Type: application/json' -X GET
curl -k https://localhost:<CRDP_PORT>/liveness -H 'Content-Type: application/json' -X GET
curl -k https://localhost:<CRDP_PORT>/healthz -H 'Content-Type: application/json' -X GET
curl --key <key.pem> --cert <cert.pem> -k https://localhost:<CRDP_PORT>/liveness -H 'Content-Type: application/json' -X GET
curl --key <key.pem> --cert <cert.pem> -k https://localhost:<CRDP_PORT>/healthz -H 'Content-Type: application/json' -X GET
Next steps
After the CRDP container is up and running, you can explore any of the following topics: