Merge pull request #72976 from stevsmit/OCPBUGS-29069-nic-update

Updates deny by default policy in ocp docs
openshift · Mar 20, 2024 · c05ab6d · c05ab6d
2 parents 5900648 + dac2447
commit c05ab6d
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 5 deletions.
diff --git a/modules/nw-networkpolicy-create-cli.adoc b/modules/nw-networkpolicy-create-cli.adoc
@@ -71,10 +71,12 @@ metadata:
   name: deny-by-default
 ifdef::multi[]
   annotations:
-    k8s.v1.cni.cncf.io/policy-for: <network_name>
+    k8s.v1.cni.cncf.io/policy-for:<namespace_name>/<network_name>
 endif::multi[]
 spec:
-  podSelector:
+  podSelector: {}
+  policyTypes:
+  - Ingress
   ingress: []
 ----
 +

diff --git a/modules/nw-networkpolicy-deny-all-allowed.adoc b/modules/nw-networkpolicy-deny-all-allowed.adoc
@@ -48,10 +48,12 @@ metadata:
   name: deny-by-default
   namespace: default <1>
   annotations:
-    k8s.v1.cni.cncf.io/policy-for: <network_name> <2>
+    k8s.v1.cni.cncf.io/policy-for: <namespace_name>/<network_name> <2>
 spec:
   podSelector: {} <3>
-  ingress: [] <4>
+  policyTypes: <4>
+  - Ingress <5>
+  ingress: [] <6>
 endif::multi[]
 ifndef::multi[]
 kind: NetworkPolicy
@@ -68,7 +70,9 @@ ifdef::multi[]
 <1> `namespace: default` deploys this policy to the `default` namespace.
 <2> `network_name`: specifies the name of a network attachment definition.
 <3> `podSelector:` is empty, this means it matches all the pods. Therefore, the policy applies to all pods in the default namespace.
-<4> There are no `ingress` rules specified. This causes incoming traffic to be dropped to all pods.
+<4> `policyTypes:` a list of rule types that the `NetworkPolicy` relates to.
+<5> Specifies as `Ingress` only `policyType`.
+<6> There are no `ingress` rules specified. This causes incoming traffic to be dropped to all pods.
 endif::multi[]
 ifndef::multi[]
 <1> `namespace: default` deploys this policy to the `default` namespace.