Uploaded image for project: 'OpenShift SDN'
  1. OpenShift SDN
  2. SDN-4502

OpenShift North-South IPsec Post-GA tasks

XMLWordPrintable

    • OpenShift North-South IPsec Implementation Post-GA Tasks
    • BU Product Work
    • False
    • None
    • False
    • Red
    • In Progress
    • OCPSTRAT-1201 - OpenShift North-South IPsec Post-GA tasks
    • OCPSTRAT-1201 OpenShift North-South IPsec Post-GA tasks
    • 0% To Do, 0% In Progress, 100% Done
    • M
    • Hide

      [QE] May 17- Testing complete!
      [QE] Apr 29,2024 - QE e2e auto done.
      [QE] Mar 27, 2024 - No QE stories planned in Sprint 251

      Show
      [QE] May 17- Testing complete! [QE] Apr 29,2024 - QE e2e auto done. [QE] Mar 27, 2024 - No QE stories planned in Sprint 251
    • ---
    • 0
    • 0

      Epic Goal

      • telemetry
      • nmstate ipv6
      • nmstate net2net

      Why is this important?

      • without API, customers are forced to use MCO. this brings with it a set of limitations (mainly reboot per change and the fact that config is shared among each pool, can't do per node configuration)
      • better upgrade solution will give us the ability to support a single host based implementation
      • telemetry will give us more info on how widely is ipsec used.

      Acceptance Criteria

      • CI - MUST be running successfully with tests automated
      • Release Technical Enablement - Provide necessary release enablement details and documents.
      • Must allow for the possibility of offloading the IPsec encryption to a SmartNIC.

       

      • nmstate
      • k8s-nmstate
      • easier mechanism for cert injection (??)
      • telemetry
      • improve ci and test coverage
         

      Dependencies (internal and external)

      1.  nmstate tasks

      Related:

      • ITUP-44 - OpenShift support for North-South OVN IPSec
      • HATSTRAT-33 - Encrypt All Traffic to/from Cluster (aka IPSec as a Service)

      Previous Work (Optional):

      1. SDN-717 - Support IPSEC on ovn-kubernetes
      2. SDN-3604 - Fully supported non-GA N-S IPSec implementation using machine config.

      Open questions::

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

              ykashtan Yuval Kashtan
              mcurry@redhat.com Marc Curry
              Huiran Wang Huiran Wang
              Jason Boxman Jason Boxman
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: