Install IPsec Policy Operator System Application¶
The ipsec-policy-operator system application is managed by the system application framework and will be automatically uploaded after the system is deployed. It can be installed by applying the system application and running the following command:
~(keystone_admin)$ system application-apply ipsec-policy-operator
Once the system application is installed, ipsecpolicies.starlingx.io CRD
will be created.
Note
Configuring IPSec policies on pod‑to‑pod traffic may degrade the CPU performance. Refer to the following approximate pod and node impacts for both transmitting and receiving sides based on the traffic rate between 25 Mbps and 500 Mbps.
Transmit |
Receive |
|
Pod |
50-100% |
0% |
Node |
30-90% |
5-40% |
Ensure that adequate resources are available to support sustained and peak inter‑node traffic.
