From e7a34bc8f0a1066f1d180a48658ec29d2008bb1c Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Mon, 6 Jan 2025 11:04:16 +0100 Subject: [PATCH 1/3] fix(k8s): tutorial fix headline --- tutorials/enabling-encryption-in-kapsule-with-cilium/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tutorials/enabling-encryption-in-kapsule-with-cilium/index.mdx b/tutorials/enabling-encryption-in-kapsule-with-cilium/index.mdx index 466243819b..410aa25469 100644 --- a/tutorials/enabling-encryption-in-kapsule-with-cilium/index.mdx +++ b/tutorials/enabling-encryption-in-kapsule-with-cilium/index.mdx @@ -25,7 +25,7 @@ By default, Cilium is selected as the CNI when creating a cluster. We will confi - `kubectl` installed and configured for your cluster. - Cilium is selected as the [CNI](/containers/kubernetes/concepts/#container-network-interface-cni) in your cluster (default in Kapsule). -## Creating a `CiliumNodeConfig` resource for encryption +## Creating a CiliumNodeConfig resource for encryption The `CiliumNodeConfig` resource defines encryption settings for Cilium. It enables **WireGuard encryption** across all nodes in your Kapsule cluster. From f25a7ec6af563fd8e58d1550763fad258232f324 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Mon, 6 Jan 2025 11:11:16 +0100 Subject: [PATCH 2/3] fix(k8s): fix tuto formatting --- tutorials/enabling-encryption-in-kapsule-with-cilium/index.mdx | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tutorials/enabling-encryption-in-kapsule-with-cilium/index.mdx b/tutorials/enabling-encryption-in-kapsule-with-cilium/index.mdx index 410aa25469..91d738acb0 100644 --- a/tutorials/enabling-encryption-in-kapsule-with-cilium/index.mdx +++ b/tutorials/enabling-encryption-in-kapsule-with-cilium/index.mdx @@ -25,7 +25,7 @@ By default, Cilium is selected as the CNI when creating a cluster. We will confi - `kubectl` installed and configured for your cluster. - Cilium is selected as the [CNI](/containers/kubernetes/concepts/#container-network-interface-cni) in your cluster (default in Kapsule). -## Creating a CiliumNodeConfig resource for encryption +## Creating a `CiliumNodeConfig` resource for encryption The `CiliumNodeConfig` resource defines encryption settings for Cilium. It enables **WireGuard encryption** across all nodes in your Kapsule cluster. @@ -265,4 +265,3 @@ You should now see traffic matching **port 51871**, indicating the packets are e Enabling encryption may slightly increase CPU usage on the nodes. Monitor resource utilization to ensure adequate capacity. For more details, refer to [Cilium’s WireGuard Encryption Documentation](https://docs.cilium.io/en/stable/security/network/encryption-wireguard/). - From 9e859959926bbcf8951b82b16db06e0152f61823 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Mon, 6 Jan 2025 11:13:20 +0100 Subject: [PATCH 3/3] fix(k8s): fix tuto formatting --- .../index.mdx | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/tutorials/enabling-encryption-in-kapsule-with-cilium/index.mdx b/tutorials/enabling-encryption-in-kapsule-with-cilium/index.mdx index 91d738acb0..cd002ed0f1 100644 --- a/tutorials/enabling-encryption-in-kapsule-with-cilium/index.mdx +++ b/tutorials/enabling-encryption-in-kapsule-with-cilium/index.mdx @@ -1,17 +1,16 @@ --- meta: - title: Enabling Encryption in Kapsule (Kubernetes 1.31) with Cilium + title: Enabling encryption in Kapsule (Kubernetes 1.31) with Cilium description: Learn how to enable WireGuard encryption in Scaleway’s Kapsule Managed Kubernetes service using Cilium. This guide covers configuration steps, verification, and testing encryption for secure network traffic. content: - h1: Enabling Encryption in Kapsule (Kubernetes 1.31) with Cilium + h1: Enabling encryption in Kapsule (Kubernetes 1.31) with Cilium paragraph: Learn how to enable WireGuard encryption in Scaleway’s Kapsule Managed Kubernetes service using Cilium. This guide covers configuration steps, verification, and testing encryption for secure network traffic. -tags: hashicorp vault kubernetes k8s easy deploy +tags: encryption cilium kapsule wireguard categories: - containers dates: validation: 2024-12-31 posted: 2024-12-31 - validation_frequency: 24 --- @@ -25,7 +24,7 @@ By default, Cilium is selected as the CNI when creating a cluster. We will confi - `kubectl` installed and configured for your cluster. - Cilium is selected as the [CNI](/containers/kubernetes/concepts/#container-network-interface-cni) in your cluster (default in Kapsule). -## Creating a `CiliumNodeConfig` resource for encryption +## Creating a CiliumNodeConfig resource for encryption The `CiliumNodeConfig` resource defines encryption settings for Cilium. It enables **WireGuard encryption** across all nodes in your Kapsule cluster. @@ -78,7 +77,7 @@ After creating the `CiliumNodeConfig`, you must restart Cilium to apply these en In this step, you will deploy test applications along with a `tcpdump` DaemonSet to observe network traffic before and after enabling encryption. -### 3.1 Deploying test applications and `tcpdump` +### Deploying test applications and tcpdump Below is an example YAML manifest that deploys: