Uploaded image for project: 'OpenShift BuildConfig'
  1. OpenShift BuildConfig
  2. OCPBUILD-10

SPIKE: Test "deny all but k8s" policy for ocm-o

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-1051 - Network Policies for openshift-controller-manager

      Story (Required)

      <Describes high level purpose and goal for this story. Answers the questions: Who is impacted, what is it and why do we need it? How does it improve the customer’s experience?>

      As a cluster admin trying to harden OpenShift I want to test what happens when almost all ingress and egress for openshift-controller-manager-operator are limited so that I can understand which network policies make sense.

      Background (Required)

      <Describes the context or background related to this story>

      Network policies provide a "defense in depth" mechanism for the OpenShift control plane by ensuring pods are limited in terms of which components they can talk to. This spike is a learning opportunity to experiment with network policies, and how they impact OpenShift.

      Out of scope

      <Defines what is not included in this story>

      • Merging any PR with the network policies in place.

      Approach (Required)

      <Description of the general technical path on how to achieve the goal of the story. Include details like json schema, class definitions>

      Dependencies

      <Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>

      Acceptance Criteria (Mandatory)

      <Describe edge cases to consider when implementing the story and defining tests>

      <Provides a required and minimum list of acceptance tests for this story. More is expected as the engineer implements this story>

      • A network policy capable of passing the build suite is identified.

      INVEST Checklist

      Dependencies identified

      Blockers noted and expected delivery timelines set

      Design is implementable

      Acceptance criteria agreed upon

      Story estimated

      Legend

      Unknown

      Verified

      Unsatisfied

      Done Checklist

      • Code is completed, reviewed, documented and checked in
      • Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
      • Continuous Delivery pipeline(s) is able to proceed with new code included
      • Customer facing documentation, API docs etc. are produced/updated, reviewed and published
      • Acceptance criteria are met

              Unassigned Unassigned
              adkaplan@redhat.com Adam Kaplan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: