Managing Kubernetes Registration Groups

On the Enrollment Configuration page of the CipherTrust Manager GUI, use the Persistent Volume tab to create, view, edit, or delete Kubernetes (K8s) registration groups.

Creating Kubernetes Registration Groups

To create a registration group:

1. Open the Transparent Encryption application.

2. In the left pane, select Kubernetes (K8s) > Enrollment Configuration.

3. Click the Cloud Object Storage tab.

4. Click Create Registration Group. The Create Registration Group wizard appears.

5. Specify a unique Name for the group.

6. Enter the K8s Namespace.

7. Enter the K8s Registration Class.

8. (Optional) Select a Client Profile for the registration group. The default profile is DefaultClientProfile.

9. (Optional) Provide a Description for the registration group.

10. Click Create.

The newly created registration group appears in the K8s Registration Groups list.

You can change the client profile linked to the registration group later. Refer to Changing the Client Profile for details.

Viewing Details of Kubernetes Registration Groups

To view the details of a K8s registration group:

1. Open the Transparent Encryption application.

2. In the left pane, select Kubernetes (K8s) > Enrollment Configuration.

3. Click the Cloud Object Storage tab. A list of K8s registration groups appears, showing the following details:

   Column	Description
   Name	Name of the K8s registration group.
   Registration Class	K8s Registration Class linked to the registration group.
   Namespace	K8s Namespace linked to the registration group.
   Created At	Date and time when the registration group is created.
   Updated At	Date and time when the registration group is updated the last.
   Description	Description of the registration group.

The Cloud Object Storage tab of the Enrollment Configuration page also provides options to view the client profile and K8s clients linked to the registration groups. To view these details, select the expand icon next to the desired registration group.

The K8s clients attached to a registration group are also visible on the Membership tab of the registration group. Refer to Viewing Attached K8s Clients for details.

Changing the Client Profile

To change the linked client profile:

1. Open the Transparent Encryption application.

2. In the left pane, select Kubernetes (K8s) > Enrollment Configuration.

3. Click the Cloud Object Storage tab.

4. Click the expand icon corresponding to the desired registration group.

   Alternatively, click the Name link corresponding to the desired registration group.

5. Next to Client Profile, click the profile link (for example, DefaultClientProfile). The Select Profile dialog box shows the current client profile and Log Level, Rekey Option, Rekey Rate, and Schedule of the selected profile.

6. From the Profile drop-down list, select the desired profile.

7. Click OK. The selected profile is linked successfully.

Updating Description of a Kubernetes Registration Group

To add or edit the description of a K8s registration group:

1. Open the Transparent Encryption application.

2. In the left pane, select Kubernetes (K8s) > Enrollment Configuration.

3. Click the Cloud Object Storage tab. A list of K8s registration groups appears.

4. Click the overflow icon () corresponding to the desired K8s registration group.

5. Click Edit.

6. Add or update the Description field.

7. Click Update.

The registration group description is updated.

Viewing GuardPoints Applied to a Registration Group

To view GuardPoints applied to a registration group:

1. Open the Transparent Encryption application.

2. In the left pane, select Kubernetes (K8s) > Enrollment Configuration.

3. Click the Cloud Object Storage tab. A list of K8s registration groups appears.

4. Under Name, click the desired registration group. The GuardPoints tab shows the following details:

   Column	Description
   Policy Name	Name of the applied policy.
   Protected Path	Path of the protected directory.
   Type	Type of the GuardPoint - Manual Cloud Storage and Auto Cloud Storage.
   Enabled	Whether the GuardPoint is enabled - Yes or No.

To remove/disable a GuardPoint, click the overflow icon () corresponding to the GuardPoint and click Remove/Disable.

Viewing Attached Kubernetes Clients

The Membership tab of a registration group displays the attached K8s clients.

To view the K8s clients attached to a registration group:

1. Open the Transparent Encryption application.

2. In the left pane, select Kubernetes (K8s) > Enrollment Configuration.

3. Click the Cloud Object Storage tab. A list of K8s registration groups appears.

4. Under Name, click the desired registration group.

5. Click the Membership tab. The tab displays the K8s clients attached to the registration group. The following details are displayed:

   Column	Description
   Status	Health status of the K8s client.
   Name	Name of the K8s client. The name is a combination of: • The node on which the K8s client is running • The linked Registration Class • The namespace where the K8s client pod runs • A random string.
   Type	Cloud object storage will be the client type.
   Description	Description of the K8s client.

Deleting a Kubernetes Registration Group

A registration group can only be deleted if no K8s clients are attached to it. As K8s clients are automatically attached to a registration group, they cannot be detached explicitly. K8s clients are detached from the linked registration groups only when the clients crash.

When a registration group is deleted, any attached GuardPoints are removed automatically.

To delete a K8s registration group:

1. Open the Transparent Encryption application.

2. In the left pane, select Kubernetes (K8s) > Enrollment Configuration.

3. Click the Cloud Object Storage tab. A list of K8s registration groups appears.

4. Click the overflow icon () corresponding to the K8s registration group you want to delete.

5. Click Delete. A dialog box appears prompting to confirm the action.

6. Click Delete.

The K8s registration group is deleted.