Isolation
Namespaces can be configured to provide moderate levels of isolation. This "isolation"
typically includes applying ResourceQuotas, LimitRanges, and NetworkPolicies to a Namespace. These
policies can be configured using the Namespace Objects option, to provide your desired quotas,
limits and network policies. To make your life easier, Loft is deployed with a default Namespace
Template called Isolated Namespace Template. This namespace template can give you a head start on
configuring your own Namespace isolation policies, or you may find the template sufficient for your
needs.
The default Isoalted Namespace Template creates hard limits for resource types, sets rational
default limit ranges, and deploys a rather restrictive NetworkPolicy limiting network traffic.
Not all CNIs will support all network policies. Make sure you understand what capabilities your CNI supports when investigating namespace isolation.