scl/kubespray
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Doc: variable cilium_ipsec_key must be base64 encoded (#10781)

Browse Source 
Signed-off-by: serge Hartmann <serge.hartmann@gmail.com>
This commit is contained in:
Serge Hartmann
2024-01-22 17:49:00 +01:00
committed by GitHub
parent 6497ecc767
commit a2ed5fcd3d
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/cilium.md
View File

@ -141,7 +141,7 @@ cilium_encryption_enabled: true
cilium_encryption_type: "ipsec" cilium_encryption_type: "ipsec"
``` ```
The third variable is `cilium_ipsec_key.` You need to create a secret key string for this variable. The third variable is `cilium_ipsec_key`. You need to create a secret key string for this variable.
Kubespray does not automate this process. Kubespray does not automate this process.
Cilium documentation currently recommends creating a key using the following command: Cilium documentation currently recommends creating a key using the following command:
@ -149,7 +149,11 @@ Cilium documentation currently recommends creating a key using the following com
echo "3 rfc4106(gcm(aes)) $(echo $(dd if=/dev/urandom count=20 bs=1 2> /dev/null | xxd -p -c 64)) 128" echo "3 rfc4106(gcm(aes)) $(echo $(dd if=/dev/urandom count=20 bs=1 2> /dev/null | xxd -p -c 64)) 128"
``` ```
Note that Kubespray handles secret creation. So you only need to pass the key as the `cilium_ipsec_key` variable. Note that Kubespray handles secret creation. So you only need to pass the key as the `cilium_ipsec_key` variable, base64 encoded:
```shell
echo "cilium_ipsec_key: "$(echo -n "3 rfc4106(gcm(aes)) $(echo $(dd if=/dev/urandom count=20 bs=1 2> /dev/null | xxd -p -c 64)) 128" | base64 -w0)
```
### Wireguard Encryption ### Wireguard Encryption