Skip to content

Namespace Policies



Any existing pods/workloads prior to to sidecar injection being enabled must be RESTARTED in order for policies to take effect. When sidecar injection is disabled, pods/workloads must be RESTARTED for the sidecars to no longer run.


Org Admin or Project Admin or Workspace Admin role is required to create and use service mesh namespace policies.

A namespace-wide policy is a bundle of service mesh rules that can be applied to one or more namespaces. An example use case for a namespace policy is configuring traffic routing for the purposes of A/B testing or staged roll outs.

Managing Namespace Policies

Creating a Namespace Policy

In order to create a namespace policy, you must add namespace-scoped policy rules to it.

  • Login to the controller and under Service Mesh, navigate to the Policies screen. Select the namespace tab and click new policy
  • Give a name for the policy and click Create
  • Provide a version name
  • Click Add Rules and add your namespace-scoped rules with the corresponding version you want to use
  • Click Save Changes

Create namespace policy

Rules can be added to or removed from a policy using the same workflow. A new version needs to be created every time a policy is updated.

Using Namespace Policies

Namespaces Policies are added to/removed namespaces by doing the following:

  • Login to the controller and navigate to Namespaces
  • Select the namespace that you want to apply the namespace policy/policies to, and click edit
  • Under the Configuration tab, navigate to Service Mesh Policies
  • Enable sidecar injection
  • To add namespace policies, select from the dropdown and select the corresponding version to use
  • To remove a namespace policy, simply hit the delete icon to the right of the policy
  • Click Save and navigate to placement
  • Select the clusters and click republish.

Assign namespace policy