Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Release Notes

Release Note for CTE for Kubernetes

search

Please Note:

Release Note for CTE for Kubernetes

Release Note Version Date
1.0.0.71 2022-06-28

Container Image Fingerprint

Verify that the Container Image Fingerprint matches the version that you are installing.

Known Issues

  • AGT-39000: CipherTrust Manager may not report all pods using the same CTE PVC on the same node

    Work-around:

    CTE PVCs with the following access modes: ReadWriteOnce, ReadWriteMany or ReadOnlyMany, may fail to report to CipherTrust Manager all of the pods using the same volume on the same node. This anomaly is due to how Kubernetes handles a single volume used across multiple pods in the same node. This reporting anomaly in CipherTrust Manager does not mean that the CTE PVC is not attached to the pod. It is recommended that the user describe the CTE PVC (# kubectl describe pvc) to find the list of all of the pods that are using a particular CTE PVC.

  • AGT-39143: EBS volumes are not attaching to the Kubernetes cluster when using dynamic provisioning for a second time

    Work-around:

    While CTE for Kubernetes is compatible with multi-zone Persistent Volumes, CTE for Kubernetes does not automatically copy topology information from the source PVC. Users can run into situations where a CTE volume may fail to mount if the CTE staging pod, for the source PVC, is started on a node not covered under the topology in that PVC. In order to guarantee that pods and volumes are scheduled in the correct nodes, a user must modify the CTE PVC, or PV with matching topology infomation, from the source PV.

    For more information about Topology-Aware Volume Provisioning, see Compatibility with Topology-Aware Volume Provisioning

  • AGT-39951: Signature sets supported in CM policies but not in CTE for Kubernetes

    Signature sets are not supported in release 1.0.0 of CTE for Kubernetes. However CipherTrust Manager does not restrict adding a signature set to a process set, and then using that process set in a CSI policy. If this scenario occurs, the signature set does not match, and the rule breaks.

    Work-around:

    Do not use signature sets in your CTE for Kubernetes policy.

On this page