Kops: add --network-encrypt true when setting up --networking weave option

Created on 13 Feb 2017  路  8Comments  路  Source: kubernetes/kops

allow to specify encryption of the networking at create time when using kops and a network provider.

right now
kops create cluster {options} --networking weave creates an unecnrypted mode.

we should add an option to make it encrypted from the get-go
https://github.com/weaveworks-experiments/weave-kube/issues/38#issuecomment-253855874

by having kops create a password and add that line into the weave-net DS so we dont have to manually touch it and reroll the DS across the cluster.

lifecyclrotten
Source
picture hollowimage

Most helpful comment

hello
just for avoid collision: i working in it.
thanks

picture pronix on 24 Mar 2017
👍2

All 8 comments

We can have that as an option, but would rather not have that as default. does it use more resources and is it possibly slower?

chrislovecnm picture chrislovecnm on 13 Feb 2017

Oh definitely make it as an option.

hollowimage picture hollowimage on 13 Feb 2017
👍2

Doing encryption is inevitably slower than not doing it; as of 1.9.0 Weave Net can do it in the kernel which vastly reduces the overhead.

bboreham picture bboreham on 14 Feb 2017

I believe there was just a PR submitted to pull 1.9 into the kops branch here https://github.com/kubernetes/kops/pull/1893#issuecomment-279725222

hollowimage picture hollowimage on 14 Feb 2017

hello
just for avoid collision: i working in it.
thanks

pronix picture pronix on 24 Mar 2017
👍2

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or @fejta.
/lifecycle stale

fejta-bot picture fejta-bot on 22 Dec 2017

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or @fejta.
/lifecycle rotten
/remove-lifecycle stale

fejta-bot picture fejta-bot on 21 Jan 2018

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

fejta-bot picture fejta-bot on 20 Feb 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rot26 picture rot26  路  5Comments
justinsb picture justinsb  路  4Comments
owenmorgan picture owenmorgan  路  3Comments
pluttrell picture pluttrell  路  4Comments
argusua picture argusua  路  5Comments