Skip to main content
Version: 3.1

Enable security in airgapped EKS for Portworx

This document guides you through enabling PX-Security in your cluster by adding a single flag to your StorageCluster object.

Overview

The Operator includes first-class support for PX-Security in the StorageCluster spec. This means that the operator will auto-generate the following for you if security is enabled:

  • Shared Secret stored under the secret px-shared-secret
  • Admin token stored under the secret px-admin-token
  • User token stored under the secret px-user-token

Enabling Security in your cluster

  1. Enable security under spec.security of your StorageCluster:

    apiVersion: core.libopenstorage.org/v1
    kind: StorageCluster
    metadata:
    name: portworx
    namespace: <px-namespace>
    spec:
    image: portworx/oci-monitor:2.6.0.1
    security:
    enabled: true
  2. You can now apply the StorageCluster spec and wait until Portworx is ready.

Once you've enabled security in Portworx, continue to the next section.

note

To use pxctl in this context, see use pxctl with security enabled. Otherwise, all pxctl commands will fail with an access denied error.

Was this page helpful?