As an OpenShift cluster admin, I want to feel confident that only permitted network traffic is sent or received by Cluster Autoscaler operator and operand. Please add policies as follows and make sure they are properly installed when CA is installed::

Operator:

• CVO-installed policy
• Ingress for metrics (doc suggests allow all – investigate allow all vs from monitoring namespace)
• Egress to API server

Operand:

• (CVO or operator)-installed policy
• Ingress from API server (to webhook)
• Ingress for metrics (doc suggests allow all – investigate allow all vs from monitoring namespace)
• Egress to API server