Status: IN
Operators and cluster updates are constrained by the same security hierarchy: install-time locks (FIPS, CPU partitioning) permanently bound both the operator runtime environment and the update path, runtime TLS/IPsec enforcement governs both operator and update traffic, and API governance controls both operator CRD stability and update version ordering
depth-6 — operators and updates are independently constrained by security (d5 each), revealing that security is the shared constraint root for all platform lifecycle activities
Depends on (SL): operator-lifecycle-bounded-by-platform-constraints, security-constrains-entire-update-path