kmesh icon indicating copy to clipboard operation
kmesh copied to clipboard
verified publisher icon kmesh-net

[LFX-2025-Sep-Nov] Improving Ipsec's Stability and Ease of Use

Open LiZhenCheng9527 opened this issue 4 months ago • 8 comments

What would you like to be added: According to the situation of Kmesh IPsec features, combined with the user's actual use scenarios, simplify the user's configuration steps and improve the ease of use of IPsec. And improve IPsec stability by means of testing and refactoring functions, etc. Why is this needed: Communication encryption is an important functional feature of the Service Mesh to ensure communication security. Kmesh uses IPsec to implement this feature. However, Kmesh lacks the reliability maintenance and ease of use enhancements for Kmesh. Therefore, we should optimize the reliability and ease of use of IPsec in addition to its implementation.

LiZhenCheng9527 avatar Jul 29 '25 10:07 LiZhenCheng9527

@LiZhenCheng9527 Hi, I was thinking for applying for this project for LFX mentorship, is there any requirements such contributions or any time zone constraints?

yugalkaushik avatar Aug 01 '25 16:08 yugalkaushik

When using the kmeshctl secret command to create an IPsec configuration, if a random key is used, it can simplify the command by having the user not generate the random key themselves, but instead letting kmeshctl generate it on their behalf.

  1. The old method of use involves running the command: kmeshctl secret --key=$(dd if=/dev/urandom count=36 bs=1 2>/dev/null | xxd -p -c 64)
  2. The new method of use simplifies this by allowing commands like kmeshctl secret create, where the tool generates the key automatically.

LiZhenCheng9527 avatar Aug 04 '25 12:08 LiZhenCheng9527

@LiZhenCheng9527 Hi, I was thinking for applying for this project for LFX mentorship, is there any requirements such contributions or any time zone constraints?

No. We have no time zone restrictions and welcome developers from around the world to join the Kmesh community.

LiZhenCheng9527 avatar Aug 04 '25 12:08 LiZhenCheng9527

Should we also consider multi clusters scenarios here?

hzxuzhonghu avatar Aug 07 '25 07:08 hzxuzhonghu

/assign @zrggw

LiZhenCheng9527 avatar Aug 26 '25 12:08 LiZhenCheng9527

@LiZhenCheng9527: GitHub didn't allow me to assign the following users: zrggw.

Note that only kmesh-net members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. For more information please see the contributor guide

In response to this:

/assign @zrggw

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

kmesh-bot avatar Aug 26 '25 12:08 kmesh-bot

I have already applied for this task.

zrggw avatar Aug 26 '25 12:08 zrggw

/assign @zrggw

LiZhenCheng9527 avatar Aug 27 '25 08:08 LiZhenCheng9527

Done /close

LiZhenCheng9527 avatar Nov 29 '25 03:11 LiZhenCheng9527

@LiZhenCheng9527: Closing this issue.

In response to this:

Done /close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

kmesh-bot avatar Nov 29 '25 03:11 kmesh-bot