Add wireguard description in calico docs

kubernetes · Oct 11, 2020 · a5e1633 · a5e1633
1 parent 7ad4815
commit a5e1633
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/docs/networking/calico.md b/docs/networking/calico.md
@@ -56,7 +56,7 @@ To enable this mode in a cluster, add the following to the cluster spec:
       crossSubnet: true
 ```
 In the case of AWS, EC2 instances have source/destination checks enabled by default.
-When you enable cross-subnet mode in kops 1.19+, it is equivalent to: 
+When you enable cross-subnet mode in kops 1.19+, it is equivalent to:
 ```yaml
   networking:
     calico:
@@ -93,6 +93,17 @@ It is possible to configure Calico to use Typha by editing a cluster and adding
       typhaReplicas: 3
 ```
 
+### Configuring WireGuard
+Calico supports WireGuard to encrypt pod-to-pod traffic. If you enable this options, WireGuard encryption is automatically enabled for all nodes. At the moment, kops installs WireGuard automatically only when the host OS is *Ubuntu*. For other OSes, WireGuard has to be part of the base image or installed via a hook.
+
+For more details of Calico WireGuard please refer the [Calico Docs](https://docs.projectcalico.org/security/encrypt-cluster-pod-traffic).
+
+```yaml
+  networking:
+    calico:
+      wireguardEnabled: true
+```
+
 ## Getting help
 
 For help with Calico or to report any issues: