Skip to main content
Version: 5.4

Namespace Boundary Enforcement

Policy: Namespace Boundary Enforcement​

Customer made request to policy ingress/egress traffic on namespace’s natural boundary. eg.) There are 2 namespaces ns1, ns2, in ns1 there are pod1 and pod2, in ns2 there are pod3 and pod4 g1 is created using "label=app1" which includes pod1 and pod3 g2 is created using "label=app2" which includes pod2 and pod4 network policy: from g1 to g2 app HTTPS port any action allow with namespace boundary enforcement only pod1 can talk to pod2 but not pod1 to pod4, pod3 to pod4 but not pod3 to pod2, it saves user from creating additional rules to realize this restriction.

Use label to enable/disable namespace boundary enforcement
  • Add label to enable NBE

kubectl label namespace <namespace> NeuvectorNamespaceBoundary=enabled

  • Remove or change label to disable NBE

kubectl label namespace <namespace> NeuvectorNamespaceBoundary- or kubectl label namespace <namespace> NeuvectorNamespaceBoundary=disabled