Is your feature request related to a problem? Please describe.
Currently "allow from proxy" and "deny all" are created as part of job1. Actual network polciies are created in job2. Instead we can use this sequence

1. job1 to create only namespaces and pods
2. job2 measurement code create proxy pod, allow from proxy network policy and deny all network policy
3. job2 object apply code to create all the tenant network policies

Describe the solution you'd like
netpol latency measurement code pkg/measurements/netpol_latency.go should create

1. below admin based network policy (ANP) with priority 99 to allow "all from proxy pod"
   apiVersion: policy.networking.k8s.io/v1alpha1
   kind: AdminNetworkPolicy
   metadata:
   name: allow-from-proxy
   spec:
   priority: 99
   subject:
   namespaces: {}
   ingress:

• name: "allow-from-proxy-pod"
  action: "Allow"
  from:
  • namespaces:
    matchLabels:
    kubernetes.io/metadata.name: network-policy-proxy

2. below Baseline Admin based network policy (BANP) to deny from workload pods

apiVersion: policy.networking.k8s.io/v1alpha1
kind: BaselineAdminNetworkPolicy
metadata:
name: deny-all
spec:
subject:
namespaces:
matchLabels:
kube-burner-uuid: globalCfg.UUID
ingress:

• name: "default-deny"
  action: "Deny"
  from:
  • namespaces:
    matchLabels:
    kube-burner-uuid: globalCfg.UUID

From https://ovn-kubernetes.io/features/network-security-controls/admin-network-policy/#pass-action-delegate-decision-to-networkpolicies

1. "allow-from-proxy" AdminNetworkPolicy will allow traffic from proxy pod, irrespective of any other network policies in created by the workload template
2. "deny-all" BaselineAdminNetworkPolicy will initally deny traffic till job2 creates the network policies which allow the traffic

Describe alternatives you've considered
Existing approach of using np-allow-from-proxy.yml and np-deny-all.yml in the job1 template