Step 1: Enable security in Portworx
This document guides you through enabling PX-Security in your cluster by adding a single flag to your StorageCluster object.
Prerequisites
- You must have Portworx Operator 1.4 or greater
Overview
The Operator includes first-class support for PX-Security in the StorageCluster spec. This means that the operator will auto-generate the following for you if security is enabled:
- Shared Secret stored under the secret
px-shared-secret - Admin token stored under the secret
px-admin-token - User token stored under the secret
px-user-token
Enabling Security in your cluster
Enable security under
spec.securityof your StorageCluster:apiVersion: core.libopenstorage.org/v1 kind: StorageCluster metadata: name: portworx namespace: kube-system spec: image: portworx/oci-monitor:2.6.0.1 security: enabled: trueYou can now apply the StorageCluster spec and wait until Portworx is ready.
Once you’ve enabled security in Portworx, continue to the next section.
Note:
To use
pxctl in this context, see use pxctl with security enabled. Otherwise, all pxctl commands will fail with an access denied error.
Last edited: Friday, Apr 7, 2023
Questions? Visit the Portworx forum.