Encrypt the east-west traffic¶
Available since MOS 21.3 TechPreview
Consider this section as part of Deploy an OpenStack cluster.
Mirantis OpenStack on Kubernetes allows configuring Internet Protocol Security (IPsec) encryption for the east-west tenant traffic between the OpenStack compute nodes and gateways. The feature uses the strongSwan open source IPsec solution. Authentication is accomplished through a pre-shared key (PSK). However, other authentication methods are upcoming.
To encrypt the east-west tenant traffic, enable
ipsec in the
spec:features:neutron settings of the
spec: features: neutron: ipsec: enabled: true