Applying Data Transformation Key Rotation to CTE for Kubernetes
-
Delete all of the application pods which are using the
cte-claim
:kubectl delete -f <applicationPodName>.yaml
-
Modify the CipherTrust Manager policies rules for key rotation.
-
Update the Dataxform Policy key rules on CM K8s Storage Groups
-
Update the Production Policy key rules on CM K8s Storage Groups
-
-
Add the "dataxform_cleanup" annotation to the NFS source PV from
nfs-pv.yaml
. See Create a Persistent Storage (PV) YAML file description for more information.# kubectl annotate pv <PV_NAME> csi.cte.cpl.thalesgroup.com/dataxform_cleanup='require'
**<PV_NAME>**
: PersistentVolume name fromnfs-pv.yaml
file -
Add the "dataxform_policy" annotation to the cte-claim from cte-csi-claim.yaml
# kubectl annotate pvc <CTE_CLAIM_NAME> -n <CLAIM_NAMESPACE> csi.cte.cpl.thalesgroup.com/dataxform_policy='<DATAXFORM_POLICY_NAME>'
**<CTE_CLAIM_NAME>**
: PersistentVolumeClaim name fromcte-csi-claim.yaml
file.**<CLAIM_NAMESPACE>**
: Namespace where CTE_CLAIM_NAME is deployed.**<DATAXFORM_POLICY_NAME>**
: Dataxform policy name from CipherTrust Manager. -
Apply the App Pod which has the cte-claim.
# kubectl apply -f pod.yaml
Note
-
When Data Transformation is running, the Guard Policy does not display as active on CipherTrust Manager, because it does not send any Guard Policy details to CipherTrust Manager. Only after the production policy is applied to the GuardPoint do the details populate CipherTrust Manager.
-
The Data Transformation will start as soon as policy is applied. Check that the logs are updated.