Securing your Portworx Setup
To help secure your Portworx Kubernetes cluster setup, consider the following approaches:
-
Configure PX-Security on your cluster - This involves enabling Role-based access control (RBAC) for authorization, authentication, and ownership. For more information, see Configure PX-Security on your Cluster.
-
Once a storage cluster with PX-Security enabled is running, a cluster admin must set up a
pxctl context
on each node in order to interact with the system. For more information, see Use pxctl with security enabled. -
You can also make volumes private by adding authorization to PVCs. For more information, see Enable authorization in Portworx.
-
-
Enable encryption on Portworx volumes - To secure Portworx volumes and use features like cloud snapshots and encryption, you need to configure a secret store provider. The secret store is needed for managing the passphrases that Portworx uses for the encryption keys required for encrypting and decrypting volume data at rest and in transit. For more information about encrypting volumes, see Encrypt Portworx Volumes.