Advanced security and configuration features in PDS

The following sections explain key security tasks in Kubernetes, including Pod Security Admission, Namespace Isolation, Custom Registry Support, and Proxy Support.

📄️ Manage Portworx updates

Learn how to handle rolling updates in Portworx deployments, including using annotations to control application reconciliation. Discover when to use the force reconcile annotation if maximum retries are exceeded.

📄️ Custom registry support for PDS components

Learn how custom image registries give organizations more control over PDS and the software it is allowed to run.

📄️ Tolerations and resource sizing in PDS

Learn how to configure taints, tolerations, and resource settings for Kubernetes nodes to optimize workload scheduling and resource utilization in PDS.

📄️ Pod Security Admission

Pod Security Admission (PSA) is a feature in Kubernetes that enforces security policies on pod creation and deployment in a target cluster. PSA replaces the Pod Security Policies feature in Kubernetes, which was deprecated in Kubernetes version 1.21 and removed in 1.25 version. For more information, see PSA in Kubernetes documentation.

📄️ PostgreSQL provisioning with PDS

Learn how to provision PostgreSQL with Transport Security Layer (TLS) in Kubernetes using PDS.

📄️ Proxy server support for target clusters in PDS

Discover how proxy server support in PDS enhances security, optimizes performance, and provides control over network communication for target clusters.

📄️ Recover Cassandra pods

After deploying the Cassandra data service, when you reboot the worker nodes, the Cassandra pods do not come up to form the cluster. The pods do not come up due to the corrupt logs:

📄️ Troubleshoot diverged GTIDs in MySQL

The MySQL data service in PDS handles (in most cases) pod crashes and outages. For example, instances can failover and rejoin the cluster automatically on reboot. In some cases, a pod, after an outage will be unable to reboot the cluster and keeps failing with the following error:

📄️ Update Kubernetes secret

If you change the password for the pds user, you need to also update the corresponding Kubernetes secret for the deployment. To base64 encode a string and update the Kubernetes secret:

📄️ Service Account

Learn more about the service account and how to create one in PDS.

📄️ Update pds password

If you change the password for the pds user, you need to also update the cqlshrc file located on all Cassandra pods: