Enabling the Policy Center

Constraints

• Only Huawei Cloud accounts or users with the UCS FullAccess permission can enable the policy center function.
• Before enabling the policy center function for a non-Huawei Cloud cluster, ensure that the cluster can pull public network images.
• After the policy center function is enabled, the system installs the Gatekeeper add-on on the fleet or cluster. Note that the add-on occupies some cluster resources (as shown in Table 1). Therefore, ensure the cluster has sufficient resources. This will help ensure the smooth deployment of the policy center function while avoiding negative impacts on the performance of existing workloads.

  Table 1 Resource usage of the Gatekeeper add-on

  CPU	Mem
  Requests: 100m * 3 Limits: 1000m * 3	Requests: 256Mi * 3 Limits: 512Mi * 3

  

  * 3 indicates that there are three pods.

• When a fleet or cluster is being enabled, avoid performing any operations on the fleet or cluster. Performing operations during the enabling process may affect the enabling success.

Procedure

1. Log in to the UCS console. In the navigation pane, choose Policy Center.
2. Click Enable. The Enable Policy Management dialog box is displayed.
3. Select a fleet or cluster from the drop-down list and click OK to return to the policy center.

   You will see that policy management is being enabled. Wait for about 3 minutes.

   If The throttling threshold has been reached: policy ip over rate limit is displayed when you enable the policy management function, traffic is limited because a large number of clusters are enabled. Wait for a while and try again.