Continuing from OSD-13219, we would like to limit the network traffic as much as we can to follow security best practices. The following Network policy should be added to HCP namespaces to limit traffic flow between HCP namespaces (note blocking traffic using ingress network policy for kas was not practical in HOSTEDCP-557):

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  annotations:
    hypershift.openshift.io/cluster: clusters/kartrosa2-29529
  name: kas-egress-block
  namespace: clusters-kartrosa2-29529
spec:
  podSelector:
    matchLabels:
      app: kube-apiserver
  policyTypes:
  - Egress
  egress:
    - to:
        - podSelector: {}
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: openshift-dns

The name can be changed to something more appropriate. This has been tested on a test management cluster which had a public loadbalancer kas HCP service and we did not see any functionality affected.

Acceptance Criteria:

• A network policy to block all egress traffic (apart from traffic to openshift-dns) is blocked to limit network flow between HCP namespaces