cluster-api-provider-aws icon indicating copy to clipboard operation
cluster-api-provider-aws copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Support for IPSEC (ESP protocol number 50) in CNI ingress rules

Open JoelSpeed opened this issue 2 years ago • 3 comments
trafficstars

/kind feature

Describe the solution you'd like

OVN Kubernetes allows you to configure IPSEC to create an encrypted network between nodes within a cluster. To use this feature, both worker and control plane nodes must have the ability to route traffic over ESP (protocol 50) between themselves.

The CNIIngressRules feature would work to configure this sufficiently, however, at present the list of supported protcols is limited by an enum and this enum doesn't include protocol 50.

I would like to expand the list of supported protocols to include ESP so that I can use the IPSEC feature of my CNI, OVN K.

Anything else you would like to add:

This AWS doc explains a little more about the use case in a more generic manner than OVN K.

Environment:

  • Cluster-api-provider-aws version: latest
  • Kubernetes version: (use kubectl version): any
  • OS (e.g. from /etc/os-release): any

JoelSpeed avatar Sep 11 '23 09:09 JoelSpeed