Enabling Policy Center

Constraints

• Only Huawei Cloud accounts or users with the UCS FullAccess permission can enable Policy Center.
• Before enabling Policy Center for a non-Huawei Cloud cluster, ensure that the cluster can pull public network images.
• After Policy Center is enabled, the system installs the Gatekeeper add-on on the fleet or cluster. Note that the add-on occupies some cluster resources (as shown in Table 1). Therefore, ensure the cluster has sufficient resources. This will help ensure the smooth deployment of Policy Center while avoiding negative impacts on the performance of existing workloads.

  Table 1 Resource usage of the Gatekeeper add-on

  CPU	Mem
  Requests: 100m * 3 Limits: 1000m * 3	Requests: 256Mi * 3 Limits: 512Mi * 3

  

  * 3 indicates that there are three pods.

• When a fleet or cluster is being enabled, avoid performing any operations on the fleet or cluster. Performing operations during the enabling process may affect the enabling success.

Procedure

1. Log in to the UCS console. In the navigation pane, choose Policy Center.
2. Click Enable. The Enable Policy Management dialog box is displayed.
3. Select a fleet or cluster from the drop-down list and click OK to return to the policy center.

   You will see that policy management is being enabled. Wait for about 3 minutes.

   If The throttling threshold has been reached: policy ip over rate limit is displayed when you enable the policy management function, traffic is limited because a large number of clusters are enabled. Wait for a while and try again.