Installing and Deploying with Helm
How to Deploy pods/services in Kubernetes Cluster
The CTE for Kubernetes images are distributed through the Thales Docker Hub.
-
All of the pods/services are deployed using
yamlfiles. Theyamlfiles are executed using the provideddeploy.shscripts. -
CTE for Kubernetes only supports homogeneous Kubernetes clusters, i.e. all nodes of the Kubernetes clusters must be x86_64 or all nodes must be arm64.
Options for Deploy Scripts
Deploy all of the pods by using the following command and needed arguments from the following table:
| Option | Function | Description |
|---|---|---|
| -r | remove | Remove all the running pods, services and secrets. |
| -t | tag | Tag of the image on the server. Default is the latest. |
| --helm | Deploy CTE for Kubernetes using Helm. | |
| --operator-ns= | The namespace in which to deploy the Operator. | |
| --cte-ns= | The namespace in which to deploy the CSI driver. | |
| --cri-sock= | Container Runtime Interface socket path. |
For CTE for Kubernetes v1.3.0 and subsequent versions, the deployment script uses the repository image index as the image name, instead of the individual platform image names. The manifest (cte_csi : <tag>) points to an image.
Note
The default image name is: cte_csi. You do not need to specify the image name if you use the default name.
Install Helm
Helm is a package manager for Kubernetes.
-
Download Helm CLI, type:
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 \ | bash -
Check for the version, type:
helm version --client -
Validate the connection, type:
helm ls --all-namespaces
Installing using Helm
-
Change to the CTE for Kubernetes directory, type:
cd ciphertrust-transparent-encryption-kubernetes -
Deploy with Helm:
./deploy.sh --helm
Terminating Pods
To terminate all of the pods and delete all of the services and secrets:
-
Change to the CTE for Kubernetes directory, type:
cd ciphertrust-transparent-encryption-kubernetes -
For Helm deployment, type:
./deploy.sh --remove --helm
Verify CTE for Kubernetes
Verify that CTE for Kubernetes is running, type:
kubectl get pods --namespace=kube-system -o wide | grep cte-csi
RESPONSE
NAME READY STATUS RESTARTS AGE IP Node
kube-system cte-csi-controller-5db888d6cb-tn6lr 4/4 Running 0 6m59s 10.244.1.5 ubuntu20-02-kubcluster-worker <none> <none>
kube-system cte-csi-node-lz7t9 4/4 Running 0 6m59s 10.244.0.26 ubuntu20-02-kubcluster-master <none> <none>
kube-system cte-csi-node-pzvwb 4/4 Running 0 6m59s 10.244.2.2 ubuntu20-02-kubcluster-worker2 <none> <none>
kube-system cte-csi-node-wmhhl 4/4 Running 0 6m59s 10.244.1.4 ubuntu20-02-kubcluster-worker <none> <none>
Helm Charts Deployment
Helm offers a straightforward method for deploying CTE for Kubernetes. However, it places the responsibility on the user to manage node upgrades. Before upgrading, users must ensure that no applications on the node are actively using a CTE Persistent Volume Claim (PVC). Manual draining of the node is required to complete the upgrade process.
Specify the desired installation method using command-line arguments in the deploy.sh script. When using the Operator method, you must install the Operator Lifecycle Manager (OLM) prior to deployment.
Migrating Helm to Operator
You can migrate Helm to Operator if you choose to move from manual to automatic management:
Upgrading Helm
Helm must be upgraded manually by the administrator:
