Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Release Notes

Release Note for CTE for Kubernetes

search

Release Note for CTE for Kubernetes

Release Note Version Date
1.5.0.27 2024-12-10

Container Image Digest

Verify that the Container Image Digest matches the version that you are installing.

New Kubernetes Distribution

CTE for Kubernetes now qualified with SUSE Rancher RKE 2.

New Features and Enhancements

Kubernetes Operator Improvements

You can deploy CTE for Kubernetes using a Custom Resource Definition (CRD).

Kubernetes Operator is now the default installation method.

Support added for validating Persistent Volume Snapshot, and Restore Volume from Snapshot Support

Kubernetes volume snapshots provide Kubernetes users with the ability to copy a volume at a specific point in time. You can use this copy to restore a volume back to a prior state, or to provision a new volume. Use snapshots to protect your workloads and achieve business-critical recovery point objectives in your disaster recovery plan, or if you have compliance needs to periodically save data.

Single Pod Access Mode for Persistent Volumes now supported

Kubernetes allows you to restrict volume access to a single pod in the cluster.

Validating Persistent volume cloning now supported

A clone is an exact duplicate of an existing Kubernetes Volume. It can be consumed as any standard Volume would be consumed. A Volume clone allows for specifying existing PVCs in the dataSource field of the .yaml file to indicate that you want to clone a volume.

Individual Guard Policy Tuning

Each Guard Policy uses different functionality by default with default settings. Each CTE-PVC creation results in a Guard Policy creation, when the CTE-PVC is consumed by an application pod. This feature allows you to configure Guard Policy parameters. Guard Policy tuning can be configured at the individual Guard Policy level for each CTE-PVC.

Added support for deployment of CTE for Kubernetes in an Airgapped Kubernetes Cluster

You can now deploy CTE for Kubernetes in an Airgapped Kubernetes Cluster environment.

CTE for Kubernetes Containers Admin Requirements Explained

CTE for Kubernetes containers need System Administrator privileges.

CTE for Kubernetes messages logged directly to a file instead of syslog

Syslog dependency is now removed from CTE for Kubernetes containers.

Resolved Issues

  • AGT-41592: CTE for Kubernetes client does not display the active Data Transformation Guard Policy during Data Transformation

    When Data Transformation is running, the Guard Policy did not display as active on CipherTrust Manager, because it did not send any Guard Policy details to CipherTrust Manager. Only after the production policy was applied to the Guard Policy did the details populate in CipherTrust Manager. This has been fixed.

  • AGT-48209: Operators do not appear to delete

    Some resources created by the Operator were not being cleaned up properly. This has been fixed.

  • AGT-48396: Container Attestation Issue with CipherTrust Manager 2.13 and CipherTrust Manager 2.14

    The Trusted Pods feature now works with all supported versions of CipherTrust Manager.

  • AGT-55332: Agentinfo script fails to execute if CTE for Kubernetes is deployed using Operator v1.4.13

    Executing the agentinfo command on the API playground failed on CTE-K8s nodes. The issue occurred because of missing permissions on the cte-csi-node-ca Cluster Role created by the Operator. These permissions are required by the agentinfo command to get cluster-wide information. This has been fixed.

Known Issues

  • AGT-39000: CipherTrust Manager may not report all pods using the same CTE PVC on the same node

    Work-around:

    CTE PVCs with the following access modes: ReadWriteOnce, ReadWriteMany or ReadOnlyMany, may fail to report to CipherTrust Manager all of the pods using the same volume on the same node. This anomaly is due to how Kubernetes handles a single volume used across multiple pods in the same node. This reporting anomaly in CipherTrust Manager does not mean that the CTE PVC is not attached to the pod. It is recommended that the user describe the CTE PVC (# kubectl describe pvc) to find the list of all of the pods that are using a particular CTE PVC.

  • AGT-61578: Getting permission denied while creating files in pod

    CTE does not support the use case where Key rule is "clear_key" and the security rule is "apply_key".

  • AGT-61761 [CS1580017] [Debian12+CRI-O] CTE for Kubernetes pods throwing error MountDevice failed for volume

    The combination of Debian 12 Linux OS with Kubernetes CRI-O container runtime interface, is not supported in CTE for Kubernetes.

  • AGT-62766: AgentInfo EKS ARM

    Agentinfo is unable to get Kubernetes cluster information on ARM-based nodes.

On this page