#Create Node Isolation Strategy

Create a node isolation policy for the current cluster, allowing specified projects to have exclusive access to the nodes of grouped resources within the cluster, thereby restricting the runnable nodes for Pods under the project, achieving physical resource isolation between projects.

#Create Node Isolation Strategy

1. In the left navigation bar, click on Security > Node Isolation Strategy.

2. Click on Create Node Isolation Strategy.

3. Refer to the instructions below to configure the relevant parameters.

   Parameter	Description
   Project Exclusivity	Whether to enable or disable the switch for the nodes contained in the project isolation policy configured in the strategy; click to toggle on or off, default is on. When the switch is on, only Pods under the specified project in the policy can run on the nodes included in the policy; when off, Pods under other projects in the current cluster can also run on the nodes included in the policy apart from the specified project.
   Project	The project that is configured to use the nodes in the policy. Click the Project dropdown selection box, and check the checkbox before the project name to select multiple projects. Note: A project can only have one node isolation policy set; if a project has already been assigned a node isolation policy, it cannot be selected; Supports entering keywords in the dropdown selection box to filter and select projects.
   Node	The IP addresses of the compute nodes allocated for use by the project in the policy. Click the Node dropdown selection box, and check the checkbox before the node name to select multiple nodes. Note: A node can belong to only one isolation policy; if a node already belongs to another isolation policy, it cannot be selected; Supports entering keywords in the dropdown selection box to filter and select nodes.

4. Click Create.

   Note:

   • After the policy is created, existing Pods in the project that do not comply with the current policy will be scheduled to the nodes included in the current policy after they are rebuilt;

   • When Project Exclusivity is on, currently existing Pods on the nodes will not be automatically evicted; manual scheduling is required if eviction is needed.

#Delete Node Isolation Strategy

Note: After the node isolation policy is deleted, the project will no longer be restricted to run on specific nodes, and the nodes will no longer be exclusively used by the project.

1. In the left navigation bar, click on Security > Node Isolation Strategy.

2. Locate the node isolation policy, click ⋮ > Delete.