Inter-host Pod-to-pod Security Overview

On StarlingX, inter-host pod-to-pod traffic for a service can be configured to be protected by IPsec in tunnel mode over cluster host network. The configurations are defined as IPsec policies and managed by the ipsec-policy-operator Kubernetes system application.

Ipsec-policy-operator is an optional platform system application. IPsec policies are Kubernetes custom resources. You can create, update, and delete the IPsec policy CRs for services. Based on the user defined IPsec policies, the ipsec-policy-operator system application will configure/reconfigure IPsec on the cluster network to protect (or unprotect) the inter-host pod-to-pod traffic of services.