yk8s.ipsec
More details about the IPsec setup can be found here.
yk8s.ipsec.enabled
Whether to enable .
Type::
boolean
Default::
false
Example::
true
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/ipsec.nix
yk8s.ipsec.esp_proposals
A list of parent SA proposals to offer to the client.
Type::
list of non-empty string
Default::
"\${cfg.proposals}"
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/ipsec.nix
yk8s.ipsec.local_networks
List of CIDRs to offer to the peer
Type::
list of non-empty string
Default::
[
  "172.30.154.0/24"
]
Example::
''
  Set the following for a working NAT-free setup
  [
    config.yk8s.infra.subnet_cidr
    config.yk8s.kubernetes.network.pod_subnet
    config.yk8s.kubernetes.network.service_subnet
  ]
''
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/ipsec.nix
yk8s.ipsec.peer_networks
List of CIDRs to route to the peer. If not set, only dynamic IP assignments will be routed.
Type::
list of non-empty string
Default::
[ ]
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/ipsec.nix
yk8s.ipsec.proposals
A list of parent SA proposals to offer to the client.
Type::
list of non-empty string
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/ipsec.nix
yk8s.ipsec.purge_installation
Whether to enable purging the ipsec installation.
Type::
boolean
Default::
false
Example::
true
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/ipsec.nix
yk8s.ipsec.remote_addrs
List of addresses to accept as remote. When initiating, the first single IP address is used.
Type::
list of non-empty string
Default::
[ ]
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/ipsec.nix
yk8s.ipsec.remote_name
Type::
non-empty string
Default::
"peerid"
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/ipsec.nix
yk8s.ipsec.remote_private_addrs
Private address of remote endpoint. only used when test_enabled is True
Type::
null or non-empty string
Default::
null
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/ipsec.nix
yk8s.ipsec.test_enabled
Whether to enable the test suite. Must make sure a remote endpoint, with ipsec enabled, is running and open for connections. .
Type::
boolean
Default::
false
Example::
true
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/ipsec.nix
yk8s.ipsec.virtual_subnet_pool
Pool to source virtual IP addresses from. Those are the IP addresses assigned to clients which do not have remote networks. (e.g.: “10.3.0.0/24”)
Type::
null or non-empty string
Default::
null
Declared by https://gitlab.com/yaook/k8s/-/tree/devel/nix/yk8s/k8s-supplements/ipsec.nix