Skip to content

Added IPsec file #3398

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 15, 2016
Merged

Added IPsec file #3398

merged 1 commit into from
Dec 15, 2016

Conversation

bfallonf
Copy link

@bfallonf bfallonf mentioned this pull request Dec 15, 2016
Closed
@bfallonf bfallonf added this to the Next Release milestone Dec 15, 2016
@bfallonf
Copy link
Author

[rev_history]
|xref:../admin_guide/ipsec.adoc#admin-guide-ipsec[Encrypting Hosts with IPsec]
|Added the section on encrypting hosts with IPsec.
%

ahardin-rh
ahardin-rh reviewed Dec 15, 2016
View reviewed changes
admin_guide/ipsec.adoc

This topic shows how to secure communication of an entire IP subnet from which
the {product-title} hosts receive their IP addresses, including all cluster
management and pod data traffic. Note that because {product-title} management
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe put the note in a NOTE box?

ahardin-rh
ahardin-rh reviewed Dec 15, 2016
View reviewed changes
admin_guide/ipsec.adoc
mutually authenticated HTTPS communication. This means that both the client (for
example, an {product-title} node) and the server (for example, an
{product-title} api-server) send each other their certificates, which are
checked against a known Certificate Authority (CA). These certificates are
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/Certificate Authority/certificate authority

ahardin-rh
ahardin-rh reviewed Dec 15, 2016
View reviewed changes
admin_guide/ipsec.adoc
These certificates can also be used to secure pod communications with IPsec. You
need three files on each host:

* Cluster Certificate Authority file
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/Certificate Authority/certificate authority

ahardin-rh
ahardin-rh reviewed Dec 15, 2016
View reviewed changes
admin_guide/ipsec.adoc

[[admin-guide-ipsec-ipsec-policy]]
=== Step 3: libreswan IPsec Policy
Now that the necessary certificates have been imported into the *libreswan*
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/have been/are

@ahardin-rh
Copy link
Contributor

@bfallonf Just a few comments from me. Other than that, looks good!

@bfallonf
Copy link
Author

Thanks @ahardin-rh . Suggestions taken. I'll merge.

@bfallonf bfallonf merged commit 9c13912 into openshift:master Dec 15, 2016
@bfallonf bfallonf deleted the ipsec branch December 16, 2016 01:23
@bfallonf bfallonf modified the milestones: Next Release, Staging, Published - 20/12/2016 Dec 20, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahardin-rh ahardin-rh ahardin-rh left review comments

Assignees
No one assigned
Labels
branch/enterprise-3.3
Projects
None yet
Milestone
Published - 12/20/16
Development

Successfully merging this pull request may close these issues.
2 participants
@bfallonf @ahardin-rh