Network Policies should be created in Project Release Namespaces to allow access to pods in Project Namespaces

[aiyengar2]

Is your feature request related to a problem? Please describe.

Currently, Helm Project Operator assumes that it is deployed into a Rancher environment and assumes that the Project Release Namespaces are all in the System Project, which ensures that if Project Network Isolation is turned on (and Network Policies are used) that the Release Namespace is already configured to allow Pods to reach out into all namespaces (not just Project namespaces) since that's how all system project namespaces are configured.

However, in case a Rancher user would like to place the Project Release Namespaces outside the System project (e.g. to be able to set resource quotas across a dedicated release project) and is in this type of setup, since the Project Release namespaces are deployed with a default network policy allowing no ingress or egress, any action that requires reaching across to project namespaces (e.g. scraping custom metric workloads) will not be allowed.

Describe the solution you'd like

The Helm Chart should automatically create Network Policies allowing pods in the Project Release Namespace to reach out to all pods in any Project Namespace; these network policies should be configurable on a chart level.

Describe alternatives you've considered

Additional context