px pxe create

Create Portworx resources

note

The following commands support a set of global flags that apply to all px pxe commands.
For details, see the Global Flags section.

px pxe create diags

Create a new Portworx diagnostics CR

Aliases: diag, diagnostics

Examples:

  # Create a new diagnostic CR
  kubectl px pxe create diags new-diag
  
  # Create diagnostics for specific nodes and volumes with pod and core data
  kubectl px pxe create diags new-diag --nodes n1,n2,n3 --pod-diags=true --generate-core=true --volumes v1,v2
  
  # Use node label selectors to choose nodes for diagnostics
  kubectl px pxe create diags label-diag --node-labels environment=prod,role=db
  
  # Skip node diagnostics and only collect volume/pod diagnostics
  kubectl px pxe create diags no-node-diag --nodes none
  
  # Enable all diagnostic options
  kubectl px pxe create diags all-flags-diag --nodes node1,node2 --node-labels zone=us-west --volumes vol1,vol2 --volume-labels env=prod --pod-diags=true --generate-core=true

Flags

Flag	Input type	Description	Default	Required
--generate-core	bool	Generate core dumps	false	Optional
--node-labels	stringToString	Node label selectors to collect diagnostics from	[]	Optional
--nodes	stringSlice	Comma-separated list of nodes to collect diagnostics from If both nodes and node-labels are specified, a union of both is used to determine the nodes to collect diagnostics from. If neither nodes nor node-labels are specified, all nodes in the cluster are used. If "none" is specified as the node, no node diagnostics are collected. If node-labels are provided with the "none" node, the node-labels are used and none is ignored.	[]	Optional
--pod-diags	bool	Collect pod diags	false	Optional
--volume-labels	stringToString	Volume label selectors to collect diagnostics from	[]	Optional
--volumes, -v	stringSlice	List of volumes to collect diagnostics from If volumes are specified, the volume diagnostics are collected from the nodes that have the specified volumes. If volume-labels are specified, the volume diagnostics are collected from the nodes that have the volumes with the specified labels. If both volumes and volume-labels are specified, the volume diagnostics are collected from the nodes that have the specified volumes and the volumes with the specified labels. If neither volumes nor volume-labels are specified, no volume diagnostics are collected.	[]	Optional

px pxe create token

Create a JWT (JSON Web Token) for Portworx authentication.

This command generates a signed JWT token that can be used to authenticate with secure Portworx clusters. The token contains identity information (name, email, subject) and authorization information (roles, groups) that Portworx uses for access control and auditing.

The token must be signed using one of three methods:

• Shared secret (HMAC-SHA256)
• RSA private key (RS256)
• ECDSA private key (ES256)

Once created, the token can be used with the 'px login' command to authenticate with Portworx clusters.

Aliases: tokens

Examples:

  # Create a token using shared secret authentication
  kubectl px pxe create token \
  --token-email=john.doe@example.com \
  --token-name="John Doe" \
  --token-subject="example-corp/john.doe@example.com" \
  --token-roles=system.user \
  --token-groups=developers,admins \
  --token-duration=7d \
  --token-issuer=example-corp \
  --shared-secret=mysecret
  
  # Create a token using RSA private key
  kubectl px pxe create token \
  --token-email=admin@example.com \
  --token-name="Admin User" \
  --token-subject="admin" \
  --token-roles=system.admin \
  --token-duration=1d \
  --rsa-private-keyfile=/path/to/private.key
  
  # Create a short-lived token for automation
  kubectl px pxe create token \
  --token-email=service@example.com \
  --token-name="Service Account" \
  --token-subject="automation/service" \
  --token-roles=system.user \
  --token-duration=1h \
  --shared-secret=automation-secret

Flags

Flag	Input type	Description	Default	Required
--ecdsa-private-keyfile	string	ECDSA private key file to sign token using ES256	-	Optional
--rsa-private-keyfile	string	RSA private key file to sign token using RS256	-	Optional
--shared-secret	string	Shared secret to sign token using HMAC-SHA256	-	Optional
--token-duration	string	Duration for which the token will be valid. Supported suffixes: s (seconds), m (minutes), h (hours), d (days), y (years). Examples: 30m, 2h, 7d	1d	Optional
--token-email	string	Account email address (required)	-	Yes
--token-groups	string	Comma-separated list of groups the account belongs to	-	Optional
--token-issuer	string	Token issuer name. Do not use https:// prefix as it indicates an OpenID Connect issuer	portworx.com	Optional
--token-name	string	Account display name (required)	-	Yes
--token-roles	string	Comma-separated list of roles (e.g., system.admin,system.user)	-	Optional
--token-subject	string	Unique account identifier/subject (required)	-	Yes

px pxe create volume

Create a volume in Portworx

Aliases: volumes, vol

Examples:

  # Create a volume called "myvolume" with size as 3GiB and replicas set to 3:
  kubectl px pxe create volume myvolume --size=3 --replicas=3
  
  # Create a volume called "myvolume" with label as "access=slow" and size as 3 GiB:
  kubectl px pxe create volume myvolume --size=3 --labels 'access=slow'
  
  # Create a volume with daily snapshot policy at 00h:10m with retain=2 (maintaing two snapshot copies at a given time):
  kubectl px pxe create volume snapvol --daily 00:10,2
  
  # Create a volume with weekly snapshot for every monday at 00h:12m with retain=2 (maintaing two snapshot copies at a given time):
  kubectl px pxe create volume snapvol --weekly monday@00:12,2
  
  # Create a volume with monthly snapshot on 25th of every month at 10h:10m with retain=2 (maintaing two snapshot copies at a given time):
  kubectl px pxe create volume snapvol --monthly 25@10:10,2

Flags

Flag	Input type	Description	Default	Required
--size	int	Size in GiB	0	Optional
--replicas	int64	Number of replicas also called HA level [1-3]	1	Optional
--shared	bool	Shared volume using sharedv4 model	false	Optional
--deprecated-shared	bool	Shared volume (deprecated)	false	Optional
--labels	string	Comma separated list of labels as key-value pairs: 'k1=v1,k2=v2'	-	Optional
--fs	string	Filesystem type for the volume [none, ext4]	ext4	Optional
--sticky	bool	Sticky volume	false	Optional
--journal	bool	Journal data for this volume	false	Optional
--encryption	bool	encrypt this volume	false	Optional
--aggregation-level	uint32	aggregation level (Valid Values: [1, 2, 3]	1	Optional
--nodes	stringSlice	Replica set nodes for this volume	[]	Optional
--io-profile	string	IO Profile (Valid Values: [sequential cms db db_remote sync_shared])	sequential	Optional
--groups	string	list of group with volume access details, 'group1:r, group2:w'	-	Optional
--collaborators	string	list of collaborators with volume access details, 'user1:r, user2:w'	-	Optional
--queue-depth	uint32	block device queue depth (Valid Range: [1 256])	128	Optional
--early-ack	bool	Reply to async write requests after it is copied to shared memory	false	Optional
--async-io	bool	Enable async IO to backing storage	false	Optional
--nodiscard	bool	Disable discard support for this volume	false	Optional
--group-enforced	bool	Enforce group during provision	false	Optional
--scale	uint32	auto scale to max number (Valid Range: [1 1024])	1	Optional
--passphrase	string	Passphrase for an encrypted volume	-	Optional
--periodic	string	periodic snapshot interval in mins,k (keeps 5 by default), 0 disables all schedule snapshots	-	Optional
--daily	stringSlice	daily snapshot at specified hh:mm,k (keeps 7 by default)	[]	Optional
--weekly	stringSlice	weekly snapshot at specified weekday@hh:mm,k (keeps 5 by default)	[]	Optional
--monthly	stringSlice	monthly snapshot at specified day@hh:mm,k (keeps 12 by default)	[]	Optional
--policy	string	Schedule policy names separated by comma	-	Optional