Use pxctl with security enabled
Once a storage cluster with security enabled is running, a cluster admin must set up a pxctl context on each node in order to interact with the system.
The following steps will guide an operator-based storage admin to setup pxctl contexts on each node:
Retrieve the admin token from the namespace in which Portworx was installed and store it in a variable
ADMIN_TOKEN=$(kubectl -n kube-system get \ secret px-admin-token -o json \ | jq -r '.data."auth-token"' \ | base64 -d)
Find the portworx pod which is running on the node in which the admin wants to interact with:
kubectl -n kube-system get pods -l name=portworx -o wide
Copy the desired portworx pod for the next command.
Save the admin token in the
pxctlcontext for that pod:
kubectl -n kube-system exec -ti <portworx_pod> -- /opt/pwx/bin/pxctl context create admin --token=$ADMIN_TOKEN
Exec into the portworx container to perform any pxctl commands:
kubectl -n kube-system exec -ti <portworx_pod> /bin/bashNote: This pxctl context will need to be refreshed every time the token expires. This is 24 hours by default, but can be extended. See the customizing security page for more information.