Install IPsec Policy Operator System Application

The ipsec-policy-operator system application is managed by the system application framework and will be automatically uploaded after the system is deployed. It can be installed by applying the system application and running the following command:

~(keystone_admin)$ system application-apply ipsec-policy-operator

Once the system application is installed, ipsecpolicies.starlingx.io CRD will be created.

Note

Configuring IPSec policies on pod‑to‑pod traffic may degrade the CPU performance. Refer to the following approximate pod and node impacts for both transmitting and receiving sides based on the traffic rate between 25 Mbps and 500 Mbps.

Transmit

Receive

Pod

50-100%

0%

Node

30-90%

5-40%

Ensure that adequate resources are available to support sustained and peak inter‑node traffic.