Secure your storage with the Operator in ROSA
Summary and Key concepts
Summary
This article provides an overview of PX-Security and how it enhances the security of Kubernetes storage systems. While Kubernetes has built-in authentication models, storage systems could still be vulnerable to unauthorized access. PX-Security integrates with Kubernetes' authentication mechanisms to secure access to Namespaces, Secrets, and Persistent Volumes, ensuring that communication between Kubernetes and Portworx is protected from malicious requests. The document outlines steps for configuring PX-Security to authenticate Persistent Volume Claim (PVC) requests, securing storage systems from external threats.
Kubernetes Concepts
- Namespaces: Used to organize and secure resources within a cluster.
- Secrets: Used to store sensitive information such as passwords and tokens.
- PersistentVolumes: Represents storage in the cluster, which can be secured using PX-Security.
- PersistentVolumeClaims (PVC): Requests for storage by users that can be authenticated using PX-Security.
Portworx Concepts
- PX-Security: A security feature in Portworx that protects storage systems from unauthorized access by integrating with Kubernetes authentication systems.
Overview
While Kubernetes provides a great authentication model for its users, storage systems could be exposed to malicious requests. PX-Security provides a method to protect against such requests, further providing deployers with a more secured system.
The following documents demonstrate how to setup PX-Security to authenticate PVC requests from Kubernetes. This model leverages Kubernetes user authentication, which secures access to Namespaces, Secrets, and PersistentVolumes. With access already provided and secured by Kubernetes, this model provides a way to secure the communication between Kubernetes and Portworx. Securing Portworx also protects the storage system from unwanted access from outside Kubernetes.
Perform the steps in the following sections to set up PX-Security according to this reference architecture: