Skip to content

Cluster-Wide Policies



Any existing pods/workloads prior to to sidecar injection being enabled must be RESTARTED in order for policies to take effect. When sidecar injection is disabled, pods/workloads must be RESTARTED for the sidecars to no longer run.


Org Admin or Infra Admin role is required to create and use cluster-wide service mesh policies

A cluster-wide policy is a bundle of service mesh rules that can be applied to one or more clusters via blueprints. They streamline the application of a standard default posture by allowing the admin to apply a single policy which applies to pods in all namespaces in a cluster.

An example use case for a cluster-wide policy is securing inter-service communication. As a platform admin, you may want to enforce mTLS for all service to service communication for security or compliance purposes.

Managing Cluster-Wide Policies

Creating a Cluster-Wide Policy

In order to create a cluster-wide policy, you must add cluster-scoped service mesh rules to it.

  • Login to the controller and under Service Mesh go to the Policies screen. Select the cluster tab and click new policy
  • Give a name for the policy and click Create
  • Provide a version name
  • Click Add Rules and add your cluster-scoped rules with the corresponding version
  • Click Save Changes

Create cluster-wide policy

Rules can be added to or removed from a policy using the same workflow. A new version needs to be created every time a policy is updated.

Using Cluster-Wide Policies

Cluster-Wide Policies are applied to clusters via blueprint.

Adding/Removing Cluster-Wide To/From Blueprints

  • Under Infrastructure, navigate to Blueprints.
  • Navigate to the Service Mesh section and enable it
  • Click Add Policy and add the cluster-wide policies with the corresponding version
  • Delete a cluster-wide policy from the blueprint by simply clicking the delete icon next to the policy you want to delete.
  • Click Save Changes

Update Blueprint with Cluster-Wide Policy