OTA-1531: Add a default-deny network policy for CVO namespace

petr-muller · petr-muller · commit 76b22bec437b · 2025-05-27T18:16:45.000+02:00
diff --git a/install/0000_00_cluster-version-operator_02_networkpolicy.yaml b/install/0000_00_cluster-version-operator_02_networkpolicy.yaml
@@ -0,0 +1,12 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  # This NetworkPolicy is used to deny all ingress and egress traffic by default in this namespace,
+  # serving as a baseline. Individual additional policies allow specific desirable traffic.
+  name: default-deny
+  namespace: openshift-cluster-version
+spec:
+  podSelector: {}
+  policyTypes:
+  - Ingress
+  - Egress
