Status: OUT
Network policy enforcement covers both primary networks (via AdminNetworkPolicy cluster-scoped rules with Allow/Deny/Pass actions) and secondary networks (via MultiNetworkPolicy with identical spec to NetworkPolicy), providing comprehensive traffic control across all network interfaces.
depth-2 gated — policy enforcement is architecturally complete but SR-IOV secondary network policies remain tech preview, leaving a gap for hardware-accelerated workloads
Depends on (SL): multi-cni-network-architecture, anp-three-actions-allow-deny-pass, multinetworkpolicy-spec-identical-to-networkpolicy