Skip to main content

Isolation

Namespaces can be configured to provide moderate levels of isolation. This "isolation" typically includes applying ResourceQuotas, LimitRanges, and NetworkPolicies to a Namespace. These policies can be configured using the Namespace Objects option, to provide your desired quotas, limits and network policies. To make your life easier, Loft is deployed with a default Namespace Template called Isolated Namespace Template. This namespace template can give you a head start on configuring your own Namespace isolation policies, or you may find the template sufficient for your needs.

The default Isoalted Namespace Template creates hard limits for resource types, sets rational default limit ranges, and deploys a rather restrictive NetworkPolicy limiting network traffic.

CNIs and Network Policies

Not all CNIs will support all network policies. Make sure you understand what capabilities your CNI supports when investigating namespace isolation.