Portworx is a software defined persistent storage solution designed and purpose built for applications deployed as containers, via container orchestrators such as Kubernetes, Marathon and Swarm. It is a clustered block storage solution and provides a Cloud-Native layer from which containerized stateful applications programmatically consume block, file and object storage services directly through the scheduler.
In this tutorial, you will learn how to create encrypted volumes using Portworx.
- How to set a cluster wide secret key
- Use the Portworx Storage Class encrypt all volumes created from this SC
- Use the Portworx PVC for per-volume encryption
- How to validate data is encrypted
High Level Overview
First we will validate that we can use Kubernetes secrets to store our keys. Then we will create a cluster wide secret key. Next we will deploy Postgres to validate our encrypted volumes are being created. Finally we will do the same but with per volume encryption.
You can read about secure StorageClasses here: Encryption using StorageClass You can read about secure PVCs here: Encryption using PVC
Other things you should know
To learn more about Portworx:
This scenario assumes you have already covered the following scenarios:

Steps
Encrypting volumes on Kubernetes
Wait for Kubernetes & Portworx to be ready
First we need to wait for Kubernetes and Portworx to be ready. Be patient, this is not a very high performance environment, just a place to learn something :-
Step: Wait for Kubernetes to be ready
Click the below section which waits for all Kubernetes nodes to be ready.
watch kubectl get nodes
When all 4 nodes show status Running then hit clear
to ctrl-c and clear the screen.
Step: Wait for Portworx to be ready
Watch the Portworx pods and wait for them to be ready on all the nodes. This can take a few minutes since it involves pulling multiple docker images. You will see 'No resources found' until all images are pulled.
watch kubectl get pods -n kube-system -l name=portworx -o wide
When all the pods show STATUS Running and READY 1/1 then hit clear
to ctrl-c and clear the screen.
Now that we have the Portworx cluster up, let's proceed to the next step !