ipsec: add ipsec user guide #105
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
✅ Deploy Preview for kmesh-net ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
| menu: | ||
| docs: | ||
| parent: user guide | ||
| weight: 19 |
There was a problem hiding this comment.
nit: This is used for sorting in the navigation bar, there are already pages that are 19. It is recommended to use different weights.
There was a problem hiding this comment.
Maybe this is the reason why it does not show up in preview https://deploy-preview-105--kmesh-net.netlify.app/
|
|
||
| **Step 1: Generate an IPsec pre shared key for Kmesh before starting the Kmesh by kmeshctl. Currently, only the rfc4106 (gcm (AES)) algorithm is supported. key need 36 characters(32 character as algo key, 4 character as salt)** | ||
|
|
||
| root@master:~/kmesh# ./kmeshctl secret --key=<aead key> |
There was a problem hiding this comment.
| root@master:~/kmesh# ./kmeshctl secret --key=<aead key> | |
| ```bash | |
| root@master:~/kmesh# ./kmeshctl secret --key=<aead key> | |
| ``` |
|
|
||
| or | ||
|
|
||
| root@master:~/kmesh# ./kmeshctl secret --k=<aead key> |
|
|
||
| If you want use custom key, you can use the following command | ||
|
|
||
| root@master:~/kmesh# ./kmeshctl secret --key=$(echo -n "{36-character user-defined key here}" | xxd -p -c 64) |
There was a problem hiding this comment.
wah tis the difference with L22 and L26
|
|
||
| **Step 2: Install the specified CRD type** | ||
|
|
||
| root@master:~/kmesh# kubectl apply -f deploy/yaml/crd/kmesh.net_kmeshnodeinfos.yaml |
There was a problem hiding this comment.
we donot need this, this is installed when install kmesh
|
|
||
| Use tcpdump on nodes to capture packets and check if IPsec has been used during data communication between nodes (determined by ESP packets) | ||
|
|
||
| root@master:~/kmesh# tcpdump -i any |grep ESP |
There was a problem hiding this comment.
hmm, you should provide who access who
|
@bitcoffeeiux please update |
Signed-off-by: bitcoffee <[email protected]>
| @@ -0,0 +1,84 @@ | |||
| --- | |||
| draft: true | |||
There was a problem hiding this comment.
| draft: true | |
| draft: false |
|
|
||
| If you want to randomly generate a key, you can use the following command | ||
|
|
||
| root@master:~/kmesh# ./kmeshctl secret --key=$(dd if=/dev/urandom count=36 bs=1 2>/dev/null | xxd -p -c 64) |
There was a problem hiding this comment.
| root@master:~/kmesh# ./kmeshctl secret --key=$(dd if=/dev/urandom count=36 bs=1 2>/dev/null | xxd -p -c 64) | |
| root@master:~/kmesh# kmeshctl secret --key=$(dd if=/dev/urandom count=36 bs=1 2>/dev/null | xxd -p -c 64) |
ipsec: add ipsec user guide