Merge pull request #1333 from wking/NetworkPolicy-inclusion-annotations

OCPBUGS-77762: install/0000_00_cluster-version-operator_02_networkpolicy: Add inclusion annotations

Author: openshift-merge-bot[bot]

install/0000_00_cluster-version-operator_02_networkpolicy.yaml

@@ -1,14 +1,16 @@
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  # This NetworkPolicy is used to deny all ingress and egress traffic by default in this namespace,
-  # serving as a baseline. At the moment no other Network Policy should be needed:
-  # - CVO is a host-networked Pod, so it is not affected by network policies
-  # - Bare `version` Pods spawned by CVO do not require any network communication
   name: default-deny
   namespace: openshift-cluster-version
+  annotations:
+    kubernetes.io/description: |
+      This NetworkPolicy is used to deny all ingress and egress traffic by default in this namespace, matching all Pods, and serving as a baseline. At the moment no other Network Policy should be needed:
+      - The cluster-version operator (CVO) is a host-networked Pod, so it is not affected by network policies.
+      - Bare `version-...` Pods spawned by CVO do not require any network communication.
+    exclude.release.openshift.io/internal-openshift-hosted: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
 spec:
-  # Match all pods in the namespace
   podSelector: {}
   policyTypes:
   - Ingress