Cloud Experts Documentation

Install Portworx on Red Hat OpenShift Service on AWS (ROSA) with Hosted Control Planes (HCP)

Last edited
Published
Authors
Nerav Doshi, 
Deepika Ranganathan
Tags: ROSA ROSA HCP

This content is authored by Red Hat experts, but has not yet been tested on every supported configuration. This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions.

Portworx storage is a built-for-Kubernetes service that offers flexible and scalable persistent storage for applications in production. In this tutorial, we will look at installing Portworx Enterprise on ROSA-HCP.

Prerequisites

1. Set environment variable

2. Open ports for worker nodes

Note: You can open the ports via web console or CLI.

Web Console

Perform the following to add the inbound rules so that the AWS EC2 instance uses your specified security groups to control the incoming traffic.

  1. From the EC2 page of your AWS console find EC2 instances for hcp cluster worker nodes, click Security Groups, under Network & Security, in the left pane.
HCP-worker-nodes-security-groups

  1. On the Security Groups page, type your ROSA cluster name in the search bar and press enter. You will see a list of security groups associated with your cluster. Click the link under Security group ID of your cluster’s worker security group:

  2. From your security group page, click Actions in the upper-right corner, and choose Edit inbound rules from the dropdown menu.

  3. Click Add Rule at the bottom of the screen to add each of the following rules:

    • Allow inbound Custom TCP traffic with Protocol: TCP on ports 17001 - 17022
    • Allow inbound Custom TCP traffic with Protocol: TCP on port 20048
    • Allow inbound Custom TCP traffic with Protocol: TCP on port 111
    • Allow inbound Custom UDP traffic with Protocol: UDP on port 17002
    • Allow inbound NFS traffic with Protocol: TCP on port 2049

Make sure to specify the security group ID of the same worker security group that is mentioned in step 2.

  1. Click Save rule.

AWS and ROSA CLI

  1. Get a Private Subnet ID from the cluster.
  1. Get the VPC ID from the subnet ID.
  1. Get the cluster ID
  1. Get Security group id associated with VPC
  1. Add inbound rules to default Security group id for

3. Log in to OpenShift UI

Log in to the OpenShift console as mentioned in the ROSA documentation .

  1. Create portworx namespace

Output

  1. Get AWS credentials for AWS IAM user (replace with user ) and copy AccessKeyId and SecretAccessKey
  1. Create secret in portworx namespace in ROSA-HCP cluster (get aws credentials from step2)

4. Install Portworx Operator using the OpenShift UI

  1. From your OpenShift console, select OperatorHub in the left pane.

  2. On the OperatorHub page, search for Portworx and select the Portworx Enterprise or Portworx Essential card:

PX-operator from OperatorHub
  1. Install
PX-operator-install-from-OperatorHub

  1. The Portworx Operator begins to install and takes you to the Install Operator page. On this page, select the A specific namespace on the cluster option for Installation mode. Select portworx namespace

  2. Click Install to install Portworx Operator in the portworx namespace.

5. Apply Portworx spec using OpenShift UI

  1. Once the Operator is installed successfully, create a StorageCluster object from the same page by clicking Create StorageCluster:
Portworx-Enterprise-Operator
  1. On the Create StorageCluster page, choose YAML view to configure a StorageCluster. Copy and paste the below Portworx spec into the text-editor, and click Create to deploy Portworx:

Note: One can generate Portworx spec from Portworx Central using the instructions hereexternal link (opens in new tab)

Install-Portworx-from-OpenShift-Console
  1. Verify that Portworx has deployed successfully by navigating to the Storage Cluster tab of the Installed Operators page. Once Portworx has been fully deployed, the status will show as Running:
Portworx-status-running

6. Verify your Portworx installation

Once you’ve installed Portworx, you can perform the following tasks to verify that Portworx has installed correctly.

Verify if all pods are running

Enter the following oc get pods command to list and filter the results for Portworx pods:

Output

Note the name of one of your px-cluster pods. You’ll run pxctl commands from these pods in following steps.

Output

The Portworx status will display PX is operational if your cluster is running as intended.

7. Verify pxctl cluster provision status

1.Find the storage cluster, the status should show as Online:

Output

  1. Find the storage nodes status should show Online

Output

8. Create your first PVC

For your apps to use persistent volumes powered by Portworx, you must use a StorageClass that references Portworx as the provisioner. Portworx includes a number of default StorageClasses, which you can reference with PersistentVolumeClaims (PVCs) you create. For a more general overview of how storage works within Kubernetes, refer to the Persistent Volumes section of the Kubernetes documentation.

Perform the following steps to create a PVC:

  1. Create a PVC referencing the px-csi-db default StorageClass and save the file:

Output

  1. Verify your StorageClass and PVC

Output

  1. To get PVC you should

Output

Back to top

Interested in contributing to these docs?

Collaboration drives progress. Help improve our documentation The Red Hat Way.

GitHub Edit this page
Red Hat logo LinkedIn YouTube Facebook Twitter

Products

Tools

Try, buy & sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Subscribe to our newsletter, Red Hat Shares

Sign up now © 2026 Red Hat