Namespace: x => audit y (annotated) => block Global Posture: Audit Pods: 1. test1 in x 2. test2 in y What if 256 pods? Policy Allow curl to access only tcp Execution: curl google.com (UDP access) Behaviour: 1. success with alert 2. failure with alert Event Global Posture changed to Block Namespace: x => ~~audit~~block y (annotated) => block Execution: curl google.com (UDP access) Behaviour: 1. failure with alert ~~success with alert~~ 2. failure with alert