CUSTOMER PROBLEM

In the HyperShift architecture of the managed openshift service (ROSA), the control plane components of customer clusters are hosted by Red Hat in a multi-tenanted cluster. This cluster hosts multiple control planes differentiated by namespaces for each unique managed cluster.

We would like to use ACS's network graph to monitor network traffic between Hosted Control Plane (HCP) Namespaces , more specifically traffic related to the kube-apiserver deployment in each namespace.

The configuration for this needs to be automated so that baselines are automatically set for kube-apiserver deployments for each new HCP namespace. We would like the baseline traffic to remain the same in all HCP namespaces, however the* ACS API doesn't support creation of static baselines on multiple namespaces*.

USERS

• The main user of this feature would be the Managed OpenShift (ROSA) service team. We would use ACS network graph' monitoring and alerting functionalities to meet our compliance requirements and to fire alerts if anomalous traffic is observed between HCP namespaces

ACCEPTANCE CRITERIA

• ACS API supports users creating static list of network baselines on multiple namespaces/deployments using its API, without needing the user to wait each time to build the list of network baselines