We want to be able to restrict EgressFirewall with deny-all for a namespace via platform helm chart. Then for each service owner (assuming we would have multiple services inside same namespace), we want them to come with their own EgressFirewall CR definition in their respective custom helm chart, to open up connectivities they see necessary for their respective use cases.

We manage all OCP Configurations using Helm Charts. Different Helm Charts are owned by different teams in our ecosystem. We want the customers to be able to come with their own helm charts. This is one of the main asks from our Developer community so they could manage their services even though they are in the same namespace. So we are trying to find ways to ensure infosec requirements are met by platform helm charts and give independence for service owners so they could manage their services without stepping over toes with other service owners in the same namespace.