As an OpenShift cluster admin, I want to feel confident that only permitted network traffic is sent or received by Vertical Pod Autoscaler operator and operands. Please add policies as follows and make sure they are properly installed when VPA is installed:

Operator:

• OLM-installed policy
• Ingress for metrics (doc suggests allow all – investigate allow all vs from monitoring namespace)
• Egress to API server

Operands:

• Operator-installed policy
• Ingress from API server (to webhook)
• Ingress for metrics (doc suggests allow all – investigate allow all vs from monitoring namespace)
• Egress to API server (all 3 operands)
• Egress to Prometheus if we want to support prometheus metrics feature (recomender only?)
• Custom recommenders would need to bring their own policy