This describes how to enable IPSEC on a Calico/VPP cluster
You can find the documentation here
You can use the following script to build the appropriate manifest for a cluster with ipsec enabled.
cd $REPOSITORY_ROOT/yaml
cat > kustomization.yaml <<EOF
bases:
- ./base
components:
- ./components/ipsec
EOF
kubectl kustomize . > calico-vpp-ipsec.yaml
kubectl apply -f calico-vpp-ipsec.yamlYou will also need to create the secret for the PSK out of band
kubectl -n calico-vpp-dataplane create secret generic calicovpp-ipsec-secret \
--from-literal=psk="$(dd if=/dev/urandom bs=1 count=36 2>/dev/null | base64)"