---
# создаем namespace
apiVersion: v1
kind: Namespace
metadata:
  name: example
  labels:
    name: example

    app.kubernetes.io/managed-by: manual
  annotations:
    scheduler.alpha.kubernetes.io/node-selector: "nodetype=worker"
---
# выделяем лимиты на текущий namespace
apiVersion: v1
kind: ResourceQuota
metadata:
  name: example
  namespace: example
  labels:
    app.kubernetes.io/managed-by: manual
spec:
  hard:
    configmaps:             "100"
    limits.cpu:             "16"
    limits.memory:          32Gi
    persistentvolumeclaims: "1"
    pods:                   "100"
    replicationcontrollers: "0"
    requests.cpu:           "8"
    requests.memory:        "24Gi"
    requests.storage:       "2Gi"
    resourcequotas:         "1"
    secrets:                "100"
    services:               "100"
    services.loadbalancers: "0"
    services.nodeports:     "0"
---
# запрещаем все для текущего namespace
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all
  namespace: example
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
  ingress: []
  egress: []