I need to setup an Authorization policy in a namespace this should check if the JWT token is not present in header DENY access.So i setup a policy “allow-nothing” as below. This denies all requests without a valid token in the header. I want to exclude some apps in the same namespace from this rule. The apps allowed access needs to be in the same namespace. Can I create such a rule. Any pointers on this will help. Tried few things but have not been able to get this working.