Merge pull request #89209 from JoeAldinger/OCPBUGS-42758

OCPBUGS-42758:updates NetworkPolicy warning

Author: JoeAldinger

modules/nw-networkpolicy-deny-all-allowed.adoc

@@ -16,14 +16,12 @@ endif::[]
 [id="nw-networkpolicy-deny-all-multi-network-policy_{context}"]
 = Creating a default deny all {name} policy
 
-This is a fundamental policy, blocking all cross-pod networking other than network traffic allowed by the configuration of other deployed network policies. This procedure enforces a default `deny-by-default` policy.
+This policy blocks all cross-pod networking other than network traffic allowed by the configuration of other deployed network policies and traffic between host-networked pods. This procedure enforces a strong deny policy by applying a `deny-by-default` policy in the `my-project` namespace.
 
-ifndef::microshift[]
-[NOTE]
+[WARNING]
 ====
-If you log in with a user with the `cluster-admin` role, then you can create a network policy in any namespace in the cluster.
+Without configuring a `NetworkPolicy` custom resource (CR) that allows traffic communication, the following policy might cause communication problems across your cluster.
 ====
-endif::microshift[]
 
 .Prerequisites
 ifndef::microshift[]
@@ -46,7 +44,7 @@ apiVersion: k8s.cni.cncf.io/v1beta1
 kind: MultiNetworkPolicy
 metadata:
   name: deny-by-default
-  namespace: default <1>
+  namespace: my-project <1>
   annotations:
     k8s.v1.cni.cncf.io/policy-for: <namespace_name>/<network_name> <2>
 spec:
@@ -60,23 +58,23 @@ kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
 metadata:
   name: deny-by-default
-  namespace: default <1>
+  namespace: my-project <1>
 spec:
   podSelector: {} <2>
   ingress: [] <3>
 endif::multi[]
 ----
 ifdef::multi[]
-<1> `namespace: default` deploys this policy to the `default` namespace.
-<2> `network_name`: specifies the name of a network attachment definition.
-<3> `podSelector:` is empty, this means it matches all the pods. Therefore, the policy applies to all pods in the default namespace.
-<4> `policyTypes:` a list of rule types that the `NetworkPolicy` relates to.
-<5> Specifies as `Ingress` only `policyType`.
-<6> There are no `ingress` rules specified. This causes incoming traffic to be dropped to all pods.
+<1> Specifies the namespace in which to deploy the policy. For example, the `my-project` namespace.
+<2> Specifies the name of a network attachment definition.
+<3> If this field is empty, the configuration matches all the pods. Therefore, the policy applies to all pods in the `my-project` namespace.
+<4> Specifies a list of rule types that the `NetworkPolicy` relates to.
+<5> Specifies `Ingress` only `policyTypes`.
+<6> Specifies `ingress` rules. If not specified, all incoming traffic is dropped to all pods.
 endif::multi[]
 ifndef::multi[]
-<1> `namespace: default` deploys this policy to the `default` namespace.
-<2> `podSelector:` is empty, this means it matches all the pods. Therefore, the policy applies to all pods in the default namespace.
+<1> `Specifies the namespace in which to deploy the policy. For example, the `my-project` namespace.
+<2> If this field is empty, the configuration matches all the pods. Therefore, the policy applies to all pods in the `my-project` namespace.
 <3> There are no `ingress` rules specified. This causes incoming traffic to be dropped to all pods.
 endif::multi[]
 +