1. Proposed title of this feature request
Make Advanced Cluster Security default Network Policies optional

2. What is the nature and description of the request?
In large enterprise environments, NetworkPolicies need to be very restricted on OpenShift Container Platform 4. Given that there is always different demand, it's requested to make the creation of the default NetworkPolicy optional and allow turning the creation and re-concile of the NetworkPolicy off.

See MAISTRA-2236 where similar functionality was provided in OpenShift Service Mesh.

That way, large enterprise customers can implement their own NetworkPolicy according to their needs and potentially also leverage their automation.

The only thing needed when making this optional is to have documentation, helping to understand what component talks with whom and what port, so that customers can guarantee the necessry connectivity.

3. Why does the customer need this? (List the business requirements here)
Large enterprise environments always have special requirements when it comes to security and implemetnation of NetworkPolicy. Even though it's appreciated that Red Hat Advanced Cluster Security is providing a default set of NetworkPolicy they are usually not strict enough and need to be adjusted. Further, there is also lots of automation in-place which can impact default provided NetworkPolicy.

It's therefore common practice to have an option to disable NetworkPolicy management by the component and allow customers to bring their own NetworkPolicy while knowing what communication is required (port, namespace, etc.).

4. List any affected packages or components.
Red Hat Advanced Cluster Security

• Central
• SecuredCluster