Patch Note for CTE for Kubernetes

Container Image Digest

Verify that the Container Image Digest matches the version that you are installing.

Resolved Issues

• This release of CTE for Kubernetes adds fixes for known defects and addresses known vulnerabilities.

Known Issues

• AGT-39000: CipherTrust Manager may not report all pods using the same CTE PVC on the same node

  AFFECTED VERSIONS: 1.4.0.37 — 1.6.0.49

  Work-around:

  CTE PVCs with the following access modes: ReadWriteOnce, ReadWriteMany or ReadOnlyMany, may fail to report to CipherTrust Manager all of the pods using the same volume on the same node. This anomaly is due to how Kubernetes handles a single volume used across multiple pods in the same node. This reporting anomaly in CipherTrust Manager does not mean that the CTE PVC is not attached to the pod. It is recommended that the user describe the CTE PVC (# kubectl describe pvc) to find the list of all of the pods that are using a particular CTE PVC.

• AGT-61578: Getting permission denied while creating files in pod

  AFFECTED VERSIONS: 1.5.0.27 — 1.6.0.49

  CTE does not support the use case where Key rule is "clear_key" and the security rule is "apply_key".

• AGT-61761 [CS1580017] [Debian12+CRI-O] CTE for Kubernetes pods throwing error MountDevice failed for volume

  AFFECTED VERSIONS: 1.3.0.33 — 1.6.0.49

  The combination of Debian 12 Linux OS with Kubernetes CRI-O container runtime interface, is not supported in CTE for Kubernetes.

• AGT-62766: AgentInfo EKS ARM

  AFFECTED VERSIONS: 1.5.0.27 — 1.6.0.49

  Agentinfo is unable to get Kubernetes cluster information on ARM-based nodes.