Create a CTE-CSI protected Persistent Storage Claim by deploying an Application/Staging pod
To create a CTE-CSI protected Persistent Storage Claim by deploying an application pod:
-
Create the yaml file to deploy a pod and protect the contents of the Persistent Volume.
apiVersion: v1 kind: Pod metadata: name: cte-csi-demo spec: volumes: - name: test-vol persistentVolumeClaim: claimName: cte-test-claim1 containers: - name: ubuntu image: ubuntu volumeMounts: - mountPath: "/data" name: test-vol command: - "sleep" - "604800" imagePullPolicy: IfNotPresent restartPolicy: Always -
Deploy the pod, type:
kubectl apply -f cte-csi-demo.yamlAfter the pod is successfully deployed and it running, you can see the client registered in K8s client.
-
To check the status of the pod, type:
root@ip-172-30-1-55:~# kubectl get allNAME READY STATUS RESTARTS AGE pod/cte-csi-demo 1/1 Running 0 116m pod/cte-csi-user-demo 1/1 Running 0 134m pod/cte-staging-pod9jhtn 1/1 Running 0 133m pod/cte-staging-podt8jxs 1/1 Running 0 116m NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 224dAfter the pod is successfully deployed and running, you can see the clients registered in the Kubernetes client.
-
Login to the pod and check if the files are encrypted:
root@ip-172-30-1-55:# kubectl exec -it cte-csi-demo /bin/bashkubectl exec [POD] -- [COMMAND] root@cte-csi-demo:/# cd /data/ root@cte-csi-demo:/data# mkdir sub_dir root@cte-csi-demo:/data# cd sub_dir/ root@cte-csi-demo:/data/sub_dir# echo "testfile" >> test root@cte-csi-demo:/data/sub_dir# root@cte-csi-demo:/data/sub_dir# cat test testfile -
Check the same file on the Server side:
root@aws-thales-dockerregistry:~# cd /nfs-share/sub_dir/ root@aws-thales-dockerregistry:/nfs-share/sub_dir# ls -l total 8 -rw-r--r-- 1 root root 4102 Dec 13 20:04 test root@aws-thales-dockerregistry:/nfs-share/sub_dir# cat test EROV▒▒▒▒=▒bu▒▒4㢙▒▒4▒▒▒1kCroot@aws-thales-dockerregistry:/nfs-share/sub_dir#
