Portworx is a software-defined persistent storage solution designed and purpose-built for applications deployed as containers, via container orchestrators such as Kubernetes. You can use Palette to install Portworx on the cloud or on-premises.

Versions Supported

  • 2.11.2


For deploying Portworx for Kubernetes, make sure to configure the properties in the pack:

  • Ensure you are using a supported Kubernetes version.
  • Identify and set up the storageType.


The default installation of Portworx will deploy the following components in the Kubernetes cluster.

  • Portworx
  • CSI Provisioner
  • Storage class making use of portworx-volume provisioner.

Notable Parameters

Manifests - Portworx:

# The namespace to install Portworx resources
namespace: "portworx"
# Portworx storage type and size
storageType: "type=zeroedthick,size=150"
# Max storgae nodes per zone
maxStorageNodesPerZone: 3
# Node recovery timeout in seconds
nodeRecoveryTimeout: 1500
# Portworx storage class config
enabled: true
isDefaultStorageClass: true
allowVolumeExpansion: true
reclaimPolicy: Retain
volumeBindingMode: Immediate
repl: "3"
priority_io: "high"
#sharedv4: true
k8sVersion: '{{.spectro.system.kubernetes.version}}'
templateVersion: "v4"
# List of additional container args to be passed
#- "-dedicated_cache"
#- "-a"
#- "--app-initializer=true"
#- "--scheduler-name=xyz"
# The private registry from where images will be pulled from. When left empty, images will be pulled from the public registry
# Example, imageRegistry: "harbor.company.com/portworx"
imageRegistry: ""

Integrating to an External etcd

Starting Portworx v2.6.1, you can use the presets feature to toggle between the available ETCD options.

By default, Portworx is set to use internal KVDB. However, you can integrate Portworx to an external etcd server by following the steps below.

  1. Enable useExternalKvdb flag by setting it to true.
  1. Configure the external etcd endpoints in externalKvdb.endpoints.

If the external etcd server is configured to authenticate via certificates, additionally you may want to set up the following:

  1. Enable externalKvdb.useCertsForSSL flag by setting it to true.
  1. Setup certificate related configuration in externalKvdb.cacert, externalKvdb.cert, and externalKvdb.key.
Make sure to follow the correct indentation style; otherwise, certs will not be imported correctly and will result in Portworx deployment failure.

etcd Presets

These are the three types of Presets that can be selected and modified.

Use Internal KVDB

# ECTD selection
useExternalKvdb: false
# External kvdb related config
useCertsForSSL: false
k8sVersion: '{{.spectro.system.kubernetes.version}}'


vSphere Environment

For deploying Portworx storage on vSphere environments, make sure to configure the following properties in the pack:

  • vSphere Configuration file
  • Storage Type
  • Kubernetes Version

vSphere Manifest

Additional parameters for the manifest is as follows:

# VSphere cloud configurations
insecure: "true"
host: ""
port: "443"
datastorePrefix: "datastore"
installMode: "shared"
userName: ""
password: ""
# Enter the name of the secret which has vsphere user credentials (Use keys VSPHERE_USER, VSPHERE_PASSWORD)
userCredsSecret: ""

Using Secrets for vSphere User Credentials

Portworx pack values allow you to configure vSphere user credentials in two ways:

  1. Username & password - (portworx.vsphereConfig.userName and portworx.vsphereConfig.password).
  1. Secret - (portworx.vsphereConfig.userCredsSecret is available with v2.6.1 and above).

If you chose the latter, make sure to create the secret in the target cluster manually or by bringing your own (BYO) manifest Add-on pack.

Until the secret is created in the cluster, Portworx deployments might fail to run. When secret is configured, reconciliation should recover Portworx.

Secret can be created using the spec below,

apiVersion: v1
kind: Secret
name: px-vsphere-secret
namespace: kube-system
type: Opaque
VSPHERE_USER: "b64 encoded admin username"
VSPHERE_PASSWORD: "b64 encoded admin password"

and this secret can be referenced in the Portworx pack values as shown below:

userCredsSecret: "px-vsphere-secret"

Ensure to follow the correct indentation style; otherwise, certificates will not be imported correctly and resulting in a Portworx deployment failure.


Portworx Install with Kubernetes


Installation Prerequisites

Install Portworx on AWS ASG using the DaemonSet