diff --git a/cluster-resources/policies/default-blocker.yaml b/cluster-resources/policies/default-blocker.yaml
new file mode 100644
index 0000000..858636b
--- /dev/null
+++ b/cluster-resources/policies/default-blocker.yaml
@@ -0,0 +1,41 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: disallow-default-namespace
+  annotations:
+    pod-policies.kyverno.io/autogen-controllers: none
+    policies.kyverno.io/title: Disallow Default Namespace
+    policies.kyverno.io/minversion: 1.6.0
+    policies.kyverno.io/category: Multi-Tenancy
+    policies.kyverno.io/severity: medium
+    policies.kyverno.io/subject: Pod
+    policies.kyverno.io/description: Kubernetes Namespaces are an optional feature that provide a way to segment and isolate cluster resources across multiple applications and users. As a best practice, workloads should be isolated with Namespaces. Namespaces should be required and the default (empty) Namespace should not be used. This policy validates that Pods specify a Namespace name other than `default`. Rule auto-generation is disabled here due to Pod controllers need to specify the `namespace` field under the top-level `metadata` object and not at the Pod template level.
+spec:
+  validationFailureAction: Enforce
+  background: true
+  rules:
+  - name: enforce-namespace
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+    validate:
+      message: Using 'default' namespace is not allowed.
+      pattern:
+        metadata:
+          namespace: "!default"
+  - name: enforce-podcontroller-namespace
+    match:
+      any:
+      - resources:
+          kinds:
+          - DaemonSet
+          - Deployment
+          - Job
+          - StatefulSet
+    validate:
+      message: Using 'default' namespace is not allowed for pod controllers.
+      pattern:
+        metadata:
+          namespace: "!default"