-
Epic
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
None
-
Operator Network Policies
-
False
-
-
False
-
Not Selected
-
To Do
-
SECFLOWOTL-273 - Builds for OpenShift Network Policies
Epic Goal
Provide network policies on the Builds for OpenShift operator deployment.
Out of scope:
- Builds for OpenShift operand components - see BUILD-1557
- User workloads (BuildRuns)
Why is this important?
Without network policies, any pod within the Openshift cluster can communicate freely with other pods, regardless of their intended level of access. Attackers or compromised pods can exploit this lack of restriction to move laterally within the cluster and potentially compromise critical components. In the absence of network policies, pods may have unrestricted communication with external networks, this can result in unintended data leakage, where sensitive information is transmitted to unauthorized destinations.
Scenarios
- Prevent ingress from a compromised pod
- Block egress in the event the operator deployment is compromised
Acceptance Criteria (Mandatory)
- Technical requirements TBD
- CI - MUST be running successfully with tests automated
- Release Technical Enablement - Provide necessary release enablement details and documents.
- ...
Dependencies (internal and external)
Previous Work (Optional):
Open questions::
TBD
Done Checklist
- Acceptance criteria are met
- Non-functional properties of the Feature have been validated (such as performance, resource, UX, security or privacy aspects)
- User Journey automation is delivered
- Support and SRE teams are provided with enough skills to support the feature in production environment