Prerequisites for Kubernetes Deployment

Overview

This article outlines the prerequisites required before deploying Virtru Client-Side Encryption (CSE) using Helm in a Kubernetes environment. Ensuring these requirements are completed ahead of time will help streamline the deployment process and prevent common configuration issues.

Prerequisites

Before proceeding with the Virtru CSE Helm deployment, confirm that the following requirements have been met.

• Virtru provisioned organization with licenses for your email users.
• Kubernetes cluster provisioned in the environment of your choosing. Links to common cloud provider documentation below.
  • AWS cluster creation
  • GCP cluster creation
  • Azure cluster creation
• Helm is installed on your terminal.
• Your terminal is connected to your Kubernetes cluster and ready to use kubectl
• Access to our Github repo

Google Workspace Configuration Completed

All required configuration steps in the Google Admin Console for Client-Side Encryption have been completed. This includes enabling CSE and applying the necessary organizational and security settings.

Helm Installed and Configured

Helm (version 3 or later) must be installed and configured on your host server. Helm will be used to deploy and manage the CSE application within your Kubernetes environment.

Kubernetes Cluster Access

You must have access to a Kubernetes cluster where the CSE service will be deployed.

Ensure:

• kubectl is installed
• Your local environment is authenticated to the cluster
• You have sufficient permissions to create and manage Kubernetes resources

DNS Configuration

You must have the ability to create and manage DNS records for your domain.

Requirements:

• A fully qualified domain name (FQDN) for your CSE service (e.g., cse.yourdomain.com)
• Access to your domain registrar or DNS provider (e.g., GoDaddy, Cloudflare, Route53)
• Ability to create an A record that points your domain to the external IP address of your Kubernetes ingress or load balancer

Note:
If using Kubernetes Ingress with a static IP, the DNS record should point to the reserved static IP associated with your ingress.

TLS Certificate and Private Key

A valid SSL/TLS certificate and corresponding private key are required for your CSE service domain.

Requirements:

• The certificate must match your fully qualified domain name (FQDN)
• Both certificate and key must be in PEM format
• These will be used to create a Kubernetes TLS secret for secure HTTPS communication

Virtru HMAC Credentials

You must have valid HMAC credentials provided by Virtru. Reach out to your Virtru CSM or Solutions Architect.

These include:

• Token ID
• Token Secret

These credentials are required for authentication between your CSE deployment and Virtru services.

Identity Provider (IdP) Configuration

A third-party Identity Provider (IdP) must be configured and integrated with Google Workspace to support Client-Side Encryption.

Ensure:

• The IdP is properly set up for authentication
• Google Workspace is configured to trust the IdP
• The integration aligns with your organization’s security policies

Next step proceed to: Helm Deployment Guide for Virtru CSE