Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Deploy a CTE for Kubernetes Volume

Create a CTE-CSI protected Persistent Storage Claim by deploying an Application/Staging pod

search

Create a CTE-CSI protected Persistent Storage Claim by deploying an Application/Staging pod

To create a CTE-CSI protected Persistent Storage Claim by deploying an application pod:

  1. Create the yaml file to deploy a pod and protect the contents of the Persistent Volume.

    apiVersion: v1
kind: Pod
metadata:
    name: cte-csi-demo
spec:
  volumes:
    - name: test-vol
      persistentVolumeClaim:
        claimName: cte-test-claim1
  containers:
  - name: ubuntu
    image: ubuntu
    volumeMounts:
      - mountPath: "/data"
        name: test-vol
    command:
     - "sleep"
     - "604800"
    imagePullPolicy: IfNotPresent
  restartPolicy: Always

  2. Deploy the pod, type:

    kubectl apply -f cte-csi-demo.yaml

    After the pod is successfully deployed and it running, you can see the client registered in K8s client.

  3. To check the status of the pod, type:

    root@ip-172-30-1-55:~# kubectl get all

    NAME                                                READY   STATUS    RESTARTS        AGE
pod/cte-csi-demo                                    1/1     Running   0               116m
pod/cte-csi-user-demo                               1/1     Running   0               134m
pod/cte-staging-pod9jhtn                            1/1     Running   0               133m
pod/cte-staging-podt8jxs                            1/1     Running   0               116m

NAME                                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
service/kubernetes                     ClusterIP   10.96.0.1        <none>        443/TCP    224d

    After the pod is successfully deployed and running, you can see the clients registered in the Kubernetes client.

  4. Login to the pod and check if the files are encrypted:

    root@ip-172-30-1-55:# kubectl exec -it cte-csi-demo /bin/bash

    kubectl exec [POD] -- [COMMAND]
root@cte-csi-demo:/# cd /data/
root@cte-csi-demo:/data# mkdir sub_dir
root@cte-csi-demo:/data# cd sub_dir/
root@cte-csi-demo:/data/sub_dir# echo "testfile" >> test
root@cte-csi-demo:/data/sub_dir#
root@cte-csi-demo:/data/sub_dir# cat test
testfile

  5. Check the same file on the Server side:

    root@aws-thales-dockerregistry:~# cd /nfs-share/sub_dir/
root@aws-thales-dockerregistry:/nfs-share/sub_dir# ls -l
total 8
-rw-r--r-- 1 root root 4102 Dec 13 20:04 test
root@aws-thales-dockerregistry:/nfs-share/sub_dir# cat test
EROV▒▒▒▒=▒bu▒▒4㢙▒▒4▒▒▒1kCroot@aws-thales-dockerregistry:/nfs-share/sub_dir#

On this page