We are having Kubernetes cluster with Calico 3.17.1. The requirement is to support the encryption of the communication between the pods in a single cluster. Unfortunately, Wiregaurd is not acceptable in our deployments. One of the options we are considering is to Ipsec encrypt the IPIP tunnels of calico.
We have tried adding a encryption policy with endpoints of the tunel0 between the node1 (hosting test client) and node2 (hosting test server). But some how when we captured the pcaps the data is not encrypted.
I am new to both calico and ipsec, and will be working on understanding the calico and IPSEC more. But, I wanted check with the community if anyone has already worked on something similar and appreciate any kind of suggestions.