Adds the --dump-network-policies flag to the AAQ CSV generator

[Barakmor1]

Adds the --dump-network-policies flag to the AAQ CSV generator, as introduced in
kubevirt/application-aware-quota#159. This flag enables including NetworkPolicies in the generated CSV to improve overall security.
The policies ensure that AAQ pods can only connect to the API server and DNS, and only receive incoming connections for the webhook and metrics servers.

What this PR does / why we need it:

Reviewer Checklist

Reviewers are supposed to review the PR for every aspect below one by one. To check an item means the PR is either "OK" or "Not Applicable" in terms of that item. All items are supposed to be checked before merging a PR.

• PR Message
• Commit Messages
• How to test
• Unit Tests
• Functional Tests
• User Documentation
• Developer Documentation
• Upgrade Scenario
• Uninstallation Scenario
• Backward Compatibility
• Troubleshooting Friendly

Jira Ticket:

https://issues.redhat.com/browse/CNV-60820

Release note:

Add network Policies to AAQ pods

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign nunnatsa for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sourcery-ai]

Hey @Barakmor1 - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[nunnatsa]

Thanks for this PR @Barakmor1 !

We are not implementing network policies for the community release, yet. We'll do it later.

/hold

[openshift-ci]

@Barakmor1: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/hco-e2e-upgrade-prev-operator-sdk-sno-azure	7ecbac9	link	false	/test hco-e2e-upgrade-prev-operator-sdk-sno-azure
ci/prow/hco-e2e-upgrade-prev-operator-sdk-aws	7ecbac9	link	true	/test hco-e2e-upgrade-prev-operator-sdk-aws
ci/prow/hco-e2e-operator-sdk-aws	7ecbac9	link	true	/test hco-e2e-operator-sdk-aws
ci/prow/hco-e2e-upgrade-operator-sdk-sno-aws	7ecbac9	link	false	/test hco-e2e-upgrade-operator-sdk-sno-aws
ci/prow/hco-e2e-kv-smoke-azure	7ecbac9	link	true	/test hco-e2e-kv-smoke-azure

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[nunnatsa]

@Barakmor1 - in addition to the comment above, we'll need also an AAQ release, as the current AAQ operator ppod does not support the new flag.

[nunnatsa]

@Barakmor1 - please fix the PR title to reflect that it's related to AAQ.

[Barakmor1]

@Barakmor1 - please fix the PR title to reflect that it's related to AAQ.

Done

@Barakmor1 - in addition to the comment above, we'll need also an AAQ release, as the current AAQ operator ppod does not support the new flag.

Yes make sense