Step 1: Enable security for OKE
This document guides you through enabling PX-Security in your cluster by adding a single flag to your StorageCluster object.
Overview
The Operator includes first-class support for PX-Security in the StorageCluster spec. This means that the operator will auto-generate the following for you if security is enabled:
- Shared Secret stored under the secret
px-shared-secret - Admin token stored under the secret
px-admin-token - User token stored under the secret
px-user-token
Enabling Security in your cluster
-
Enable security under
spec.securityof your StorageCluster:apiVersion: core.libopenstorage.org/v1
kind: StorageCluster
metadata:
name: portworx
namespace: <px-namespace>
spec:
image: portworx/oci-monitor:2.6.0.1
security:
enabled: true -
You can now apply the StorageCluster spec and wait until Portworx is ready.
Once you've enabled security in Portworx, continue to the next section.