Use a Label Group in a Scope
When you use a label group in a scope, it is expanded into multiple scopes. Cross-communication is not allowed.
For example, to create a scope that applies to all environments except production, first create a Non-Prod label group, which consists of labels for the Dev, QA, and Stage environments.
Scope:
App: HRM
Env: Non-prod
Loc: US
Rule:
Providers: DB
Services: MySQL
Consumers: DB
This means “workloads in all Non-Prod environments (Dev, QA, and Stage) can communicate within their environments with the DB using MySQL” and would allow the following communication:
HRM | Dev | US | DB ← HRM | Dev | US | DB
The following communication would not be allowed, since the Environment labels are different and cross-communication is not allowed:
HRM | Dev | US | DB ← HRM | QA | US | DB
and
HRM | Dev | US | DB ← HRM | Stage | US | DB