Open davidhadas opened 4 months ago
vxlan seem to have limitations affecting what we can and cannot do.
For reference see
This is the current test environment for vxlan, slightly modified for our needs:
Here is the test environment that we seem to need for running vxlan on secure comms - note the extra NS on each PP and at the WN.
A similar change will be needed in cloud-api-adaptor
when we implement vxlan on top of SecureComms.
Todate, the vxlan traffic from peer pods to the cluster is not encrypted.
With the introduction of Secure Comms for Peer Pods(PP), it is possible to open tunnels between the PP and Worker Node (WN) to allow forwarding communication between utilizing the security mechanism already established by SSH.
That is, any communication transferred via a Secure Comms tunnel is secured without the need to introduce additional certificates, key pairs or shared keys.
It is therefore desired to add support for transporting the vxlan traffic via a Secure Comms tunnel.