What configuration steps should a Portworx Administrator perform to ensure that Portworx can use the S3 Object Store using a custom/3rd party (not signed by public CA) certificate?
A.
Create a Kubernetes secret containing the certificate and reference it in the storagecluster via env variable.
B.
No additional configuration is necessary.
C.
Create a secret containing the certificate and run pxctl certificate import command.
Comprehensive and Detailed Explanation From Exact Extract:
When integrating Portworx with an S3 Object Store secured by a custom or third-party certificate that is not signed by a public Certificate Authority (CA), administrators must manually provide the relevant CA certificate to Portworx. This involves creating a Kubernetes secret that contains the custom CA certificate and referencing this secret in the StorageCluster manifest through environment variables. This allows Portworx components to trust the certificate during TLS handshake with the S3 endpoint, avoiding connection failures due to untrusted certificates. Without this step, Portworx cannot securely communicate with the object store. The Portworx security and installation documentation highlights this practice as essential for secure Object Store integration in private or regulated environments where internal or custom PKIs are used【Pure Storage Portworx Security Guide†source】.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit