Context

Based on an issue https://issues.redhat.com/browse/RHOAIENG-1003 RHAI needed to change the set-up configuration of OSSM which lead to pods not being able to communicate to each other in `knative-serving` namespace. Full discussion here:

https://redhat-internal.slack.com/archives/C065ARTVA80/p1705331979411859

Problem description

• knative-serving ns is part of the istio-system, so it has maistra.io/member-of: istio-system label
• by default OSSM creates networkpolicy that allows ingress from all ns with such a label and is applied to all pods
• serverless-operator creates additional policies, namely allow-from-openshift-monitoring-ns which is applied to all pods in this namespace

 
All good now, traffic flows nicely. Because of the issue in https://issues.redhat.com/browse/RHOAIENG-1003 RHAI changed the set-up/config for OSSM to no longer create the default OSSM network-policies. With that the OSS allow-from-openshift-monitoring-ns policy becomes catch-all policy, as it targets ALL pods in the namespace. This now only allows traffic originating from the monitoring ns, which breaks Knative.
 
Change request

• It should be possible to disable the default OSSM network policies without breaking OSS
• This will also be a preparation for SM3.0 where the default network-policies no longer exist