Skip to content

Instantly share code, notes, and snippets.

@williamcaban

williamcaban/OVN IPSec East-West.md

Last active June 11, 2021 19:36
Show Gist options
  • Save williamcaban/1b096bf25826677c16b3b4afb2a8fed9 to your computer and use it in GitHub Desktop.
Save williamcaban/1b096bf25826677c16b3b4afb2a8fed9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
OVN IPSec East-West.md

OVN IPSec for east-west traffic

With OCP 4.7 IPSec for east-west traffic is a day-1 configuraiton. With OCP 4.8 this can also be applied as a day-2 configuration.

  • Setup install-config.yaml to use IPSec
networking:
  networkType: OVNKubernetes
  • Inject custom manifest manifest/manifest_cluster-network-03-config.yaml before generating configuration
apiVersion: operator.openshift.io/v1
kind: Network
metadata:
  creationTimestamp: null
  name: cluster
spec:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  externalIP:
    policy: {}
  networkType: OVNKubernetes
  serviceNetwork:
  - 172.30.0.0/16
  defaultNetwork:
    type: OVNKubernetes
    ovnKubernetesConfig:
      ipsecConfig: {}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment