Deploying into Containers

The commercial cryptographic module TA can be deployed into a container to meet specific customer requirements.

Components such as the SDF API library and agentd (SDK) are integrated into a container image, so that Kubernetes can access the intrinsic cryptographic module TA through an SDF API when starting the container.

The components in a container share the same key space with the host. You need to perform key operations using the key management tool on the host to implement encryption and decryption based on the standard SDF APIs.

The key management tool cannot be executed in containers.

Figure 1 Container-based deployment