6d3c7e25a3
Story: 2011127 Task: 52130 Change-Id: Iaf27c18ca465262860606b592a98fdfa634d3d23 Signed-off-by: Ngairangbam Mili <ngairangbam.mili@windriver.com>
1.4 KiB
Inter-host Pod-to-pod Security Overview
On , inter-host pod-to-pod traffic for a service can be configured to be protected by IPsec in tunnel mode over cluster host network. The configurations are defined as IPsec policies and managed by the ipsec-policy-operator Kubernetes system application.
Ipsec-policy-operator is an optional platform system application. IPsec policies are Kubernetes custom resources. You can create, update, and delete the IPsec policy for services. Based on the user defined IPsec policies, the ipsec-policy-operator system application will configure/reconfigure IPsec on the cluster network to protect (or unprotect) the inter-host pod-to-pod traffic of services.
You need to install the ipsec-policy-operator system application
first in order to protect the inter-host pod-to-pod traffic for
services. You can then define IPsec policies in a yaml file and apply
the yaml file using the kubectl command to create IPsec policies for
services.
You can update the existing IPsec polices by updating and re-applying
the yaml file or using the kubectl edit command.
An IPsec policy can also be deleted so that the specific traffic will no longer be protected by IPsec.