diff --git a/docs/multicluster/quick-start.md b/docs/multicluster/quick-start.md index 0c077cf0a52..3ba7a3d7a61 100644 --- a/docs/multicluster/quick-start.md +++ b/docs/multicluster/quick-start.md @@ -114,7 +114,8 @@ Secret manifest and other ClusterSet join arguments to file `join-config.yml` command (with the `--config-file` option) to join the ClusterSet with these arguments. If you want to use a separate token for each member cluster for security considerations, you can run the following commands to create a token -and use the token to join the ClusterSet: +and use the token (together with the previously generated configuration file +`join-config.yml`) to join the ClusterSet: ```bash antctl mc create membertoken test-cluster-leader-token -n antrea-multicluster -o test-cluster-leader-token.yml @@ -313,8 +314,8 @@ kubectl annotate node node-b1 multicluster.antrea.io/gateway=true ### Add new member clusters If you want to add a new member cluster to your ClusterSet, you can follow the -steps for cluster B to do so. Remember to update the member cluster ID in -`member-clusterset-template.yml` to the new member cluster's ID in the step 2 of +steps for cluster B to do so. Remember to update the member cluster ID `spec.clusterID` +in `member-clusterset-template.yml` to the new member cluster's ID in the step 2 of joining ClusterSet. For example, you can run the following commands to join the ClusterSet in a member cluster with ID `test-cluster-member2`: diff --git a/docs/multicluster/user-guide.md b/docs/multicluster/user-guide.md index 8e083599149..e6a5e113cda 100644 --- a/docs/multicluster/user-guide.md +++ b/docs/multicluster/user-guide.md @@ -409,6 +409,13 @@ member clusters. If WireGuard is enabled, the WireGuard interface and routes will be created by Antrea Agent on the Gateway Node, and all cross-cluster traffic will be encrypted and forwarded to the WireGuard tunnel. +Please note that WireGuard encryption requires the `wireguard` kernel module be +present on the Kubernetes Nodes. `wireguard` module is part of mainline kernel +since Linux 5.6. Or, you can compile the module from source code with a kernel +version >= 3.10. [This WireGuard installation guide](https://www.wireguard.com/install) +documents how to install WireGuard together with the kernel module on various +operating systems. + To enable the WireGuard encryption, the `TrafficEncryptMode` in Multi-cluster configuration should be set to `wireGuard` and the `enableGateway` field should be set to `true` as follows: diff --git a/docs/traffic-encryption.md b/docs/traffic-encryption.md index 8e6e20bc257..5d1cadf34cd 100644 --- a/docs/traffic-encryption.md +++ b/docs/traffic-encryption.md @@ -81,10 +81,10 @@ will be ignored. ### Prerequisites -WireGuard encryption requires `wireguard` kernel module be present on the +WireGuard encryption requires the `wireguard` kernel module be present on the Kubernetes Nodes. `wireguard` module is part of mainline kernel since Linux 5.6. Or, you can compile the module from source code with a kernel version >= 3.10. -[This WireGuard web page](https://www.wireguard.com/install) documents how to +[This WireGuard installation guide](https://www.wireguard.com/install) documents how to install WireGuard together with the kernel module on various operating systems. ### Antrea installation