strongSwan Helm Chart on IBM Cloud Pak for AIOps

Procedure to get strongSwan Helm Chart working on IBM Cloud Pak for AIOps.

Procedure

  1. Connect to IBM Cloud Pak for AIOps virtual machine using SSH credentials.

  2. Copy the etcd-secret as calico-etcd-secrets with a command:

    kubectl -n kube-system get secrets etcd-secret -o json |  jq '.metadata.name = "calico-etcd-secrets"' |  kubectl -n kube-system  create -f -

    Note: If you do not have jq installed, run the following command to install:

    apt install jq

  3. Update calico-config configMap to add the etcd endpoint details.

    Example snippet to add the etcd_endpoints into calico-config configMap:

    Get the etcd endpoint details
~# etcd_ep=kubectl -n kube-system get cm etcd-config -ojsonpath={.data.etcd_endpoints} -n kube-system; echo "$etcd_ep"
https://9.9.9.9:4001 <===== This is just in our example.
Execute the following command to edit the calico-config
kubectl -n kube-system edit cm calico-config
scroll down in the editor to see the contex
etcd_ca: /calico-secrets/etcd-ca
etcd_cert: /calico-secrets/etcd-cert
etcd_key: /calico-secrets/etcd-key

    The following is an example when you add etcd_endpoints:

    etcd_ca: /calico-secrets/etcd-ca
etcd_cert: /calico-secrets/etcd-cert
etcd_key: /calico-secrets/etcd-key
etcd_endpoints: https://9.9.9.9:4001 <===== This is just in our example. Use the value specific to your env found through $etcd_ep

  4. Save and close the editor.

  5. When installing the helm chart, set the parameter privilegedVpnPod to true in the config file of strongSwan.