In order to satisfy security requirements, OpenShift cluster administrators would like to restrict the EgressFirewall with a "deny-all" policy for a namespace when using helm charts. Each service owner will then provide their own EgressFirewall custom resource definition in their respective custom helm chart which will allow connectivity they need based on their use case.
Different helm charts may have different owners on various teams and these service owners may work in the same namespace. As a result, cluster admins want to provide the ability to allow multiple EgressFirewall cr's in the same namespace so that each service owner can manage their own service without having to modify the "shared" EgressFirewall cr applied to the shared namespace.
- OpenShift 4.X
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.