{"results":[{"id":"acl-audit-log-annotation-key","text":"Audit logging for network policies is enabled via the `k8s.ovn.org/acl-logging` annotation on namespaces (for NetworkPolicy/EgressFirewall) or directly on ANP/BANP CRs.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acl-audit-logging-ovn-kubernetes-only","text":"Network policy audit logging is only available with the OVN-Kubernetes network plugin.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"admin-networkpolicy-cluster-scoped-alpha","text":"AdminNetworkPolicy and BaselineAdminNetworkPolicy (`policy.networking.k8s.io/v1alpha1`) are cluster-scoped network policy resources","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"admin-policy-external-route-api-group","text":"AdminPolicyBasedExternalRoute is a cluster-scoped CRD in the `k8s.ovn.org/v1` API group, specific to OVN-Kubernetes","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"admin-policy-external-route-bfd-default-false","text":"BFD (Bidirectional Forwarding Detection) defaults to false on both static and dynamic hops in AdminPolicyBasedExternalRoute","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"admin-policy-external-route-dynamic-hop-empty-attachment","text":"When `networkAttachmentName` is empty on a dynamic hop, the system assumes the pod uses HostNetwork and the node IP is used as the gateway","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"admin-policy-external-route-dynamic-hop-requires-both-selectors","text":"Dynamic hops in AdminPolicyBasedExternalRoute require both `podSelector` and `namespaceSelector`","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"admin-policy-external-route-static-dynamic-hops","text":"AdminPolicyBasedExternalRoute supports two next-hop types: static (fixed IP) and dynamic (IP derived from gateway pods selected by podSelector and namespaceSelector)","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"anp-banp-api-group","text":"AdminNetworkPolicy and BaselineAdminNetworkPolicy use API group `policy.networking.k8s.io/v1alpha1`","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"anp-cluster-scoped-networkpolicy-namespace-scoped","text":"AdminNetworkPolicy is cluster-scoped while NetworkPolicy is namespace-scoped","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"anp-cluster-scoped-v1alpha1","text":"AdminNetworkPolicy (ANP) is a cluster-scoped resource using API version `policy.networking.k8s.io/v1alpha1`","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"anp-evaluation-order-anp-np-banp","text":"Network policy evaluation order is: AdminNetworkPolicy (by priority) → NetworkPolicy → BaselineAdminNetworkPolicy","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"anp-nodes-networks-egress-only","text":"AdminNetworkPolicy `nodes` and `networks` peer types are valid for egress rules only","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"anp-pass-delegates-to-networkpolicy","text":"ANP Pass action delegates the traffic decision to namespace-scoped NetworkPolicy, then to BANP if no NetworkPolicy matches","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"anp-priority-range-0-99","text":"AdminNetworkPolicy priority range is 0–99 (maximum 100 ANP policies); lower value = higher precedence","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"anp-supports-pass-action","text":"AdminNetworkPolicy (ANP) supports three actions in audit logging: allow, deny, and pass; the `pass` action delegates evaluation to NetworkPolicy or BANP.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"anp-three-actions-allow-deny-pass","text":"ANP rules support three actions: Allow (overrides NetworkPolicy denials), Deny (blocks traffic), and Pass (delegates to NetworkPolicy then BaselineAdminNetworkPolicy)","truth_value":"IN","justification_count":0,"dependent_count":1,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"api-governance-spans-stability-and-admission","text":"OpenShift API governance operates across two dimensions: a tiered stability model (Level 1 through Level 4) defines compatibility guarantees and deprecation timelines, while the webhook admission system (TLS-required, 13s hard timeout, CEL match conditions) enforces runtime policy — together they govern both the evolution and the enforcement of the API surface.","truth_value":"IN","justification_count":1,"dependent_count":1,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"autoscaler-types-pod-vs-node","text":"HorizontalPodAutoscaler scales pod replicas, ClusterAutoscaler sets cluster-wide node scaling policy, and MachineAutoscaler scales specific MachineSets","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"banp-allow-deny-only-no-pass","text":"BaselineAdminNetworkPolicy supports only Allow and Deny actions (no Pass action, which is ANP-only)","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":191,"limit":20,"offset":0}