Epic Goal

The primary goal is to implement Kubernetes Network Policy resources for all Argo CD workload pods to prevent unnecessary ingress and egress traffic. This directly mitigates a risk identified in the OCP Threat Model and ensures a least-privilege network security posture for all components.

Why is this important?

Without network policies, any compromised pod can freely communicate laterally within the cluster and potentially compromise critical components or leak sensitive data outside the cluster. Implementing these policies drastically reduces the risk of cluster compromise in the event a component pod is attacked.

Scenarios

1. ...

Other Considerations

• <Call out anything explicitly as Out of Scope?>
• <Call out internal and external dependencies?>
• <Are there any known previous works?>
• <Any unanswered questions?>

Definition of Ready

• The epic has been broken down into stories.
• Stories have been scoped.
• The epic has been stack ranked.

Definition of Done

• Code Complete:
  • All code has been written, reviewed, and approved.
• Tested:
  • Unit tests have been written and passed.
  • Integration tests have been completed.
  • System tests have been conducted, and all critical bugs have been fixed.
  • Tested on OpenShift either upstream or downstream on a local build.
• Documentation:
  • User documentation or release notes have been written.
• Build:
  • Code has been successfully built and integrated into the main repository / project.
• Review:
  • Code has been peer-reviewed and meets coding standards.
  • All acceptance criteria defined in the user story have been met.
  • Tested by reviewer on OpenShift.
• Deployment:
  • The feature has been deployed on OpenShift cluster for testing.
• Acceptance:
  • Product Manager or stakeholder has reviewed and accepted the work.