-
Epic
-
Resolution: Done
-
Major
-
None
-
[OLM v1] static network policies for controllers
-
Product / Portfolio Work
-
0% To Do, 0% In Progress, 100% Done
-
False
-
-
False
-
Not Selected
-
None
-
None
-
9
OCP/Telco Definition of Done
Epic Template descriptions and documentation.
<--- Cut-n-Paste the entire contents of this description into your new Epic --->
Epic Goal
- Add Network Policy objects to the release manifest of OLMv1's catalogd and operator-controller components
Why is this important?
- In order to better protect against unintended data leaks and other attacks, we need to ensure we limit traffic to and from OLMv1 components to the minimum necessary for their features to work.
Scenarios
- ...
Acceptance Criteria
- CI - MUST be running successfully with tests automated
- Release Technical Enablement - Provide necessary release enablement details and documents.
- NetworkPolicy object exists for catalogd that limits incoming traffic to ONLY its known services (catalogd http server, metrics server, webhook server)
- NetworkPolicy object exists for operator-controller that limits incoming traffic to ONLY its known services (metrics server)
- All egress traffic remains allowed (for now) due to catalogd and operator-controller's need to communicate with image registries that are not known a priori.
Dependencies (internal and external)
- None
Previous Work (Optional):
- None
Open questions::
- None
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
