-
Feature Request
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
False
-
None
-
False
-
-
-
Openshift Default SDN CNI provider does not support the upstream api object for network policies when it comes to egress rules. Instead it leverage a CR called EgressNetworkPolicy from the network.openshift.io/v1 api.
Horizon BCBS of NJ is in the process of defining project-based deny all egress policies and their security team would like to be able to monitor those network policies to ensure that they are in place using ACS's network graph.
The initial feature request would be to ingest and populate the network policies from these CRs and visualize them in the Pod --> Network Policy view.
Once this is in place, the customer would also like the ability to create a policy rule (similar to the one we have for "At least one ingress rule" today) that detects whether a default egress rule is missing from their projects.
Considering Openshift's CNIs leverage this egress policy CR instead of the upstream API we should consider prioritizing support for this as it will impact any customer with the same use case