I’m currently evaluating the usage of Wireguard to encrypt node-to-node traffic within my Kubernetes cluster according to Encrypt in-cluster pod traffic. Since we have a lot of internal security requirements, I have to answer a lot of questions. However, I’m struggling to find the information online. A few of those questions are:
- How does Calico bootstrap Wireguard? By that I mean key generation and so on. Is everything fully automated?
- How can keys be protected?
Thank you for taking time to answer my questions.