6d3c7e25a3
Story: 2011127 Task: 52130 Change-Id: Iaf27c18ca465262860606b592a98fdfa634d3d23 Signed-off-by: Ngairangbam Mili <ngairangbam.mili@windriver.com>
2.0 KiB
Turn off Inter-host Pod-to-pod Traffic Protection in the Cluster
The ipsec-policy-operator system application must be installed (applied). To check if the system application is installed, run the following command:
~(keystone_admin)$ system application-listThere are IPsec policies created for the services.
~(keystone_admin)$ kubectl get ipsecpolicies
This applies to users who decide to turn off the feature in the cluster.
There are two methods to turn off the inter-host pod-to-pod IPsec feature in the cluster.
Method 1
Delete all the IPsec policies |CRs| in the system
List the IPsec policies in the system by running the following command:
~(keystone_admin)$ kubectl get ipsecpoliciesDelete the listed policies by running the following command:
~(keystone_admin)$ kubectl delete ipsecpolicies <IPsec policy>
After all the IPsec policies are deleted, there will be no IPsec for inter-host pod-to-pod network traffic.
Method 2
Remove the ipsec-policy-operator system application
The ipsec-policy-operator system application can be removed from the cluster by running the following command:
~(keystone_admin)$ system application-remove ipsec-policy-operatorWhen the system application is removed, the ipsec-policy-operator
system application will be in the uploaded state. All the
related resources including the existing IPsec policies will be deleted.
All the existing IPsec tunnels for inter-host pod-to-pod traffic will
also be removed. There will be no IPsec for inter-host pod-to-pod
network traffic.