Encrypt the east-west traffic

Encrypt the east-west trafficΒΆ

Note

This feature is available as technical preview. Use such configuration for testing and evaluation purposes only.

Note

Consider this section as part of Deploy an OpenStack cluster.

Caution

This feature is available starting from MOS 21.3.

Mirantis OpenStack on Kubernetes allows configuring Internet Protocol Security (IPsec) encryption for the east-west tenant traffic between the OpenStack compute nodes and gateways. The feature uses the strongSwan open source IPsec solution. Authentication is accomplished through a pre-shared key (PSK). However, other authentication methods are upcoming.

To encrypt the east-west tenant traffic, enable ipsec in the spec:features:neutron settings of the OpenStackDeployment CR:

spec:
  features:
    neutron:
      ipsec:
        enabled: true