tigera · ctauchen · Dec 1, 2025 · Nov 28, 2025 · Dec 1, 2025
@@ -51,23 +51,23 @@ The default tier is where:
 - All network and global network policies without an explicit tier are placed.
 - Network and global network policies are placed when you upgrade from Project Calico without tier support to $[prodname] release with tier support.
 
-## The admin network policy tier:
+## kube-admin tier:
 
-The `Tier` with name `adminnetworkpolicy` is where all [Kubernetes admin network policies](https://network-policy-api.sigs.k8s.io/reference/examples/) reside. It is automatically created
-during installation and has the order of 1,000 and a default action of `Pass`. This is fixed, and should not be changed.
+The `Tier` with name `kube-admin` is where all [Kubernetes ClusterNetworkPolicy](https://network-policy-api.sigs.k8s.io/reference/examples/) resources with Admin Tier reside.
+It is automatically created during installation and has the order of 1,000 and a default action of `Pass`. This is fixed, and should not be changed.
 
-In addition to `AdminNetworkPolicy` resources, you can also add $[prodname] `NetworkPolicy`/`GlobalNetworkPolicy` resources
-to the admin network policy `Tier`. The `AdminNetworkPolicy` `priority` field maps to the `order` field in the $[prodname]
+In addition to `ClusterNetworkPolicy` resources, you can also add $[prodname] `NetworkPolicy`/`GlobalNetworkPolicy` resources
+to the kube-admin `Tier`. The `ClusterNetworkPolicy` `priority` field maps to the `order` field in the $[prodname]
 `NetworkPolicy`/`GlobalNetworkPolicy` resources so that the two types of policy can be ordered together.
 
-## The baseline admin network policy tier:
+## kube-baseline tier:
 
-The `Tier` with name `baselineadminnetworkpolicy` is where the singleton [Kubernetes baseline admin network policy](https://network-policy-api.sigs.k8s.io/reference/examples/) resides. It is automatically created
-during installation and has the order of 10,000,000 and a default action of `Pass`. This is fixed, and should not be changed.
+The `Tier` with name `kube-baseline` is where all [Kubernetes ClusterNetworkPolicy](https://network-policy-api.sigs.k8s.io/reference/examples/) resources with Baseline tier reside.
+It is automatically created during installation and has the order of 10,000,000 and a default action of `Pass`. This is fixed, and should not be changed.
 
-In addition to the `BaselineAdminNetworkPolicy` resource, you can also add $[prodname] `NetworkPolicy`/`GlobalNetworkPolicy` resources
-to the baseline admin network policy `Tier`. The `BaselineAdminNetworkPolicy` is treated as if it had an `order` of 1,000, allowing $[prodname]
-`NetworkPolicy`/`GlobalNetworkPolicy` resources to be inserted with higher/lower precedence than the `BaselineAdminNetworkPolicy`.
+In addition to the `ClusterNetworkPolicy` resource, you can also add $[prodname] `NetworkPolicy`/`GlobalNetworkPolicy` resources
+to the kube-baseline `Tier`. The `ClusterNetworkPolicy` `priority` field maps to the `order` field in the $[prodname]
+`NetworkPolicy`/`GlobalNetworkPolicy` resources so that the two types of policy can be ordered together.
 
 ## Tier order