Portworx

Portworx Enterprise

PX-Backup

Multitenancy using namespaces

Overview

Kubernetes provides a great way to isolate account resources using namespaces, but you may want a more secure multitenant solution. Portworx can greatly enhance the multitenant model by providing resource access control for application volumes.

The following reference architecture provides a model where volume access is authenticated using tokens stored in the secret of the namespace of the tenant.

NOTE: This solution is currently supported in CSI only.

Prerequisites

  • You must be running Portworx version 2.1 or greater on Kubernetes
  • You must have the PX-Security feature enabled
  • You must have CSI enabled
play_circle_outline Step 1: Generate shared secrets
play_circle_outline Step 2: Enable security in Portworx
play_circle_outline Step 3: Generate tokens
play_circle_outline Step 4: Set up the StorageClass
Last edited: Wednesday, Jun 10, 2020
Questions? Visit the Portworx forum.