Encrypt the east-west traffic

Available since MOS 21.3 TechPreview

Note

Consider this section as part of Deploy an OpenStack cluster.

Mirantis OpenStack on Kubernetes allows configuring Internet Protocol Security (IPsec) encryption for the east-west tenant traffic between the OpenStack compute nodes and gateways. The feature uses the strongSwan open source IPsec solution. Authentication is accomplished through a pre-shared key (PSK). However, other authentication methods are upcoming.

To encrypt the east-west tenant traffic, enable ipsec in the spec:features:neutron settings of the OpenStackDeployment CR:

spec:
  features:
    neutron:
      ipsec:
        enabled: true