starlingx/docs
Code Issues Proposed changes
Files
cec32560f628a63183e74fceb019a97c4c2056ea
docs/doc/source/security/kubernetes/install-ipsec-policy-operator-system-application-95ae437a67e2.rst
Ngairangbam Mili 99b33d0aa2 Add warning to alert customers on the CPU impact due to IPSec policies 
Story: 2011127
Task: 52808

Change-Id: Ib04943a119b807912e55314b168f381c6644c3c2
Signed-off-by: Ngairangbam Mili <ngairangbam.mili@windriver.com>
2025-09-15 11:37:03 +00:00

1.4 KiB
Raw Blame History

Install IPsec Policy Operator System Application

The ipsec-policy-operator system application is managed by the system application framework and will be automatically uploaded after the system is deployed. It can be installed by applying the system application and running the following command:

~(keystone_admin)$ system application-apply ipsec-policy-operator

Once the system application is installed, ipsecpolicies.starlingx.io will be created.

Note

Configuring IPSec policies on podtopod traffic may degrade the CPU performance. Refer to the following approximate pod and node impacts for both transmitting and receiving sides based on the traffic rate between 25 Mbps and 500 Mbps.

Transmit Receive
Pod 50-100% 0%
Node 30-90% 5-40%

Ensure that adequate resources are available to support sustained and peak internode traffic.