mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
44 lines
1.6 KiB
Plaintext
44 lines
1.6 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * networking/ovn_kubernetes_network_provider/configuring-ipsec-ovn.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="nw-ovn-ipsec-disable_{context}"]
|
|
= Disabling IPsec encryption
|
|
|
|
As a cluster administrator, you can disable IPsec encryption.
|
|
|
|
.Prerequisites
|
|
|
|
* You installed the {oc-first}.
|
|
* You logged in to the cluster with a user with `cluster-admin` privileges.
|
|
|
|
.Procedure
|
|
|
|
. Choose one of the following options to disable IPsec encryption:
|
|
+
|
|
.. Where the `ipsecConfig.mode` parameter is set to either `External` or `Full` and the `ipsecConfig.full` schema is not added to `networks.operator.openshift.io`, enter the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc patch networks.operator.openshift.io cluster --type=merge -p \
|
|
'{
|
|
"spec":{
|
|
"defaultNetwork":{
|
|
"ovnKubernetesConfig":{
|
|
"ipsecConfig":{
|
|
"mode":"Disabled"
|
|
}}}}}'
|
|
----
|
|
+
|
|
.. Where the `ipsecConfig.mode` parameter is set to `Full` and the `ipsecConfig.full` configuration is added to `networks.operator.openshift.io`, enter the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc patch networks.operator.openshift.io cluster --type='json' -p \
|
|
'[{"op": "remove", "path": "/spec/defaultNetwork/ovnKubernetesConfig/ipsecConfig/full"},
|
|
{"op": "replace", "path": "/spec/defaultNetwork/ovnKubernetesConfig/ipsecConfig/mode", "value": "Disabled"}]'
|
|
----
|
|
|
|
. Optional: You can increase the size of your cluster MTU by `46` bytes because there is no longer any overhead from the IPsec Encapsulating Security Payload (ESP) header in IP packets.
|