Difficulty: Intermediate
Estimated Time: 10 minutes

Portworx is a software defined persistent storage solution designed and purpose built for applications deployed as containers, via container orchestrators such as Kubernetes, Marathon and Swarm. It is a clustered block storage solution and provides a Cloud-Native layer from which containerized stateful applications programmatically consume block, file and object storage services directly through the scheduler.

In this tutorial, you will learn how to create encrypted volumes using Portworx.

  • How to set a cluster wide secret key
  • Use the Portworx Storage Class encrypt all volumes created from this SC
  • Use the Portworx PVC for per-volume encryption
  • How to validate data is encrypted

High Level Overview

First we will validate that we can use Kubernetes secrets to store our keys. Then we will create a cluster wide secret key. Next we will deploy Postgres to validate our encrypted volumes are being created. Finally we will do the same but with per volume encryption.

You can read about secure StorageClasses here: Encryption using StorageClass You can read about secure PVCs here: Encryption using PVC

Other things you should know

To learn more about Portworx:

This scenario assumes you have already covered the following scenarios:

Thank you for trying the encryption tutorial. To view all our scenarios, go here

To learn more about Portworx, below are some useful references.

Don’t stop now! The next scenario will only take about 10 minutes to complete.

Encrypting volumes on Kubernetes

Step 1 of 6

Wait for Kubernetes & Portworx to be ready

First we need to wait for Kubernetes and Portworx to be ready. Be patient, this is not a very high performance environment, just a place to learn something :-

Step: Wait for Kubernetes to be ready

Click the below section which waits for all Kubernetes nodes to be ready.

watch kubectl get nodes

When all 4 nodes show status Running then hit clear to ctrl-c and clear the screen.

Step: Wait for Portworx to be ready

Watch the Portworx pods and wait for them to be ready on all the nodes. This can take a few minutes since it involves pulling multiple docker images. You will see 'No resources found' until all images are pulled.

watch kubectl get pods -n kube-system -l name=portworx -o wide

When all the pods show STATUS Running and READY 1/1 then hit clear to ctrl-c and clear the screen.

Now that we have the Portworx cluster up, let's proceed to the next step !