What this PR does / why we need it:
This ConstraintTemplate will provide multi-tenant NetworkPolicies as known in SDN. This capability is dropped with OVN and default kubernetes RBAC does not provide capability to restrict namespace administrators from modifying or deleting NetworkPolicies that are Cluster or Administrator deployed.
Special notes for your reviewer:
The most difficult part on the PR was to figure out how to utilize AdmissionReview objects with UserInfo properly. We clearly lack documentation and samples on that.
I have been testing the Policy with OCP 4.12, 4.13 4.14
What this PR does / why we need it: This ConstraintTemplate will provide multi-tenant NetworkPolicies as known in SDN. This capability is dropped with OVN and default kubernetes RBAC does not provide capability to restrict namespace administrators from modifying or deleting NetworkPolicies that are Cluster or Administrator deployed.
Special notes for your reviewer: The most difficult part on the PR was to figure out how to utilize AdmissionReview objects with UserInfo properly. We clearly lack documentation and samples on that.
I have been testing the Policy with OCP 4.12, 4.13 4.14