Install CTE for Kubernetes
Installation Dependencies
When installing CTE for Kubernetes, CTE requires the following dependencies:
-
helm
-
kubectl
Getting CTE for Kubernetes deployment files
Install CTE for Kubernetes through the yaml files available in the cte-csi-deploy Git repository at:
git clone https://github.com/thalescpl-io/ciphertrust-transparent-encryption-kubernetes.git
How to Deploy pods/services in Kubernetes Cluster
The CTE for Kubernetes images are distributed through the Thales Docker Hub.
-
All of the pods/services are deployed using
yamlfiles. Theyamlfiles are executed using the provideddeploy.shscripts. -
CTE for Kubernetes only supports homogeneous Kubernetes clusters, i.e. all nodes of the Kubernetes clusters must be x86_64 or all nodes must be arm64.
Options for Deploy Scripts
Deploy all of the pods by using the following command and needed arguments from the following table:
| Option | Function | Description |
|---|---|---|
| -r | remove | Remove all the running pods, services and secrets. |
| -t | tag | Tag of the image on the server. Default is the latest. |
| -o | --operator | Deploy the CTE for Kubernetes Operator and CSI driver. |
| --operator-ns= | The namespace in which to deploy the Operator. | |
| --cte-ns= | The namespace in which to deploy the CSI driver. | |
| --cri-sock= | Container Runtime Interface socket path. |
For CTE for Kubernetes v1.3.0 and subsequent versions, the deployment script uses the repository image index as the image name, instead of the individual platform image names. The manifest (cte_csi : <tag>) points to an image.
Note
The default image name is: cte_csi. You do not need to specify the image name if you use the default name.
Installing the default image
-
Change to the CTE for Kubernetes directory, type:
cd ciphertrust-transparent-encryption-kubernetes -
Deploy the image:
./deploy.sh
Installing a specific image
-
Change to the CTE for Kubernetes directory, type:
cd ciphertrust-transparent-encryption-kubernetes -
Deploy the specific image:
./deploy.sh -t 1.3.0.33
Installing using an Operator
-
Change to the CTE for Kubernetes directory, type:
cd ciphertrust-transparent-encryption-kubernetes -
Deploy with an operator:
./deploy.sh --operator --operator-ns=my-ns1 --cte-ns=my-ns2Note
If either of the namespace options is not specified, the script sets kube-system as the default namespace for deployment.
For more details, see Introduction to the Kubernetes Operator
Terminating Pods
To terminate all of the pods and delete all of the services and secrets:
cd ciphertrust-transparent-encryption-kubernetes
./deploy.sh --remove
Verify CTE for Kubernetes
Verify that CTE for Kubernetes is running, type:
kubectl get pods --namespace=kube-system -o wide | grep cte-csi
RESPONSE
NAME READY STATUS RESTARTS AGE IP Node
kube-system cte-csi-controller-5db888d6cb-tn6lr 3/3 Running 0 6m59s 10.244.1.5 ubuntu20-02-kubcluster-worker <none> <none>
kube-system cte-csi-node-lz7t9 4/4 Running 0 6m59s 10.244.0.26 ubuntu20-02-kubcluster-master <none> <none>
kube-system cte-csi-node-pzvwb 4/4 Running 0 6m59s 10.244.2.2 ubuntu20-02-kubcluster-worker2 <none> <none>
kube-system cte-csi-node-wmhhl 4/4 Running 0 6m59s 10.244.1.4 ubuntu20-02-kubcluster-worker <none> <none>
