We are deploying Portworx onto our Kubernetes cluster through the operator in a GitOps way through ArgoCD and we have successfully got this working.
The only caveat is that in each new environment we have to manually do:
kubectl exec $PORTWORX -c portworx -n kube-system -- /opt/pwx/bin/pxctl secrets set-cluster-key --secret
which, as of right now, is a manual process. We would like to see how we can configure the operator to consume an already existing secret for volume encryption so that we can fully automate deployments of Portworx across ephemeral environments.