6d3c7e25a3
Story: 2011127 Task: 52130 Change-Id: Iaf27c18ca465262860606b592a98fdfa634d3d23 Signed-off-by: Ngairangbam Mili <ngairangbam.mili@windriver.com>
20 lines
935 B
ReStructuredText
20 lines
935 B
ReStructuredText
.. WARNING: Add no lines of text between the label immediately following
|
|
.. and the title.
|
|
|
|
.. _inter-host-pod-to-pod-security-overview-502afc38a15e:
|
|
|
|
=======================================
|
|
Inter-host Pod-to-pod Security Overview
|
|
=======================================
|
|
|
|
On |prod|, inter-host pod-to-pod traffic for a service can be configured to be
|
|
protected by IPsec in tunnel mode over cluster host network. The configurations
|
|
are defined as IPsec policies and managed by the ipsec-policy-operator
|
|
Kubernetes system application.
|
|
|
|
Ipsec-policy-operator is an optional platform system application. IPsec
|
|
policies are Kubernetes custom resources. You can create, update, and delete
|
|
the IPsec policy |CRs| for services. Based on the user defined IPsec policies,
|
|
the ipsec-policy-operator system application will configure/reconfigure IPsec
|
|
on the cluster network to protect (or unprotect) the inter-host pod-to-pod
|
|
traffic of services. |