Portworx
PORTWORX.COM

Secure your storage with a DaemonSet

Overview

Kubernetes provides a great authentication model for its users, but storage systems could be exposed to malicious requests. PX-Security provides a method to protect against such requests, further providing deployers with a complete secured system.

The following reference architecture describes how to setup PX-Security to authenticate PVC requests from Kubernetes. This model leverages Kubernetes user authentication, which secures access to Namespaces, Secrets, and PersistentVolumes. With access already provided and secured by Kubernetes, this reference architecture provides a model to secure the communication between Kubernetes and Portworx. Securing Portworx also protects the storage system from unwanted access from outside Kubernetes.

Perform the steps in the following sections to set up PX-Security according to this reference architecture:

Prerequisites

  • You must be running Portworx version 2.1 or greater on Kubernetes
  • You must have the PX-Security feature enabled
link Step 1: Generate shared secrets
link Step 2: Enable security in Portworx
link Step 3: Generate tokens
link Step 4: StorageClass Setup
link Example application
Last edited: Friday, Oct 28, 2022
Questions? Visit the Portworx forum.