I'm currently running kubernetes with flannel in aws-vpc mode. Due to legal requirements, it would be extremely convenient to encrypt traffic on the overlay network. Does anyone have suggestions on how I might set up an IPSEC network without switching to vxlan?

I think what I want is IPSEC in Transport mode, but there doesn't seem to be a guide on how to set that up with an overlay network. There's a simple guide at http://7u83.deepqube.com/2014-04-06-creating-ipsec-transport-between-freebsd-and-linux , but there's no overlay network there.