I am trying to deploy a pod hosting IPSec functionality lets say IPsec pod. This IPsec pod is responsible for encrypting all the packets it receives, in ESP mode and send it to a security gateway inside the IPsec tunnel. Any other pods requiring IPsec functionality should be routing their packets directly to this IPsec pod for the sake of tunneling their packets. I have looked into weavenet, flannel, canal CNIs, but we could not come up with the way to realize this requirement.

Problem Diagram:

Any help in this regard is appreciated.

Cluster information: Kubernetes version: 1.17.0) Cloud being used: Bare-metal Installation method: Host OS: Cent OS-7 CNI and version: flannel (latest) CRI and version: Docker 1.13.1

Regards, Shubham