From f220d06da199ca8825ce3dda16ab15f78500dbe4 Mon Sep 17 00:00:00 2001
From: dfitzmau <dfitzmau@redhat.com>
Date: Tue, 24 Jun 2025 12:00:05 +0100
Subject: [PATCH] OCPBUGS-49997: Inhanced the info for the
 k8s.v1.cni.cncf.io/policy-for annotation

---
 modules/nw-multi-network-policy-differences.adoc            | 6 ++++--
 .../nw-networkpolicy-allow-application-all-namespaces.adoc  | 2 +-
 ...etworkpolicy-allow-application-particular-namespace.adoc | 2 +-
 modules/nw-networkpolicy-allow-external-clients.adoc        | 2 +-
 modules/nw-networkpolicy-create-cli.adoc                    | 6 +++---
 modules/nw-networkpolicy-deny-all-allowed.adoc              | 2 +-
 6 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/modules/nw-multi-network-policy-differences.adoc b/modules/nw-multi-network-policy-differences.adoc
index 6acf8c31643d..3300980cdc34 100644
--- a/modules/nw-multi-network-policy-differences.adoc
+++ b/modules/nw-multi-network-policy-differences.adoc
@@ -18,19 +18,21 @@ kind: MultiNetworkPolicy
 
 * You must use the `multi-networkpolicy` resource name when using the CLI to interact with multi-network policies. For example, you can view a multi-network policy object with the `oc get multi-networkpolicy <name>` command where `<name>` is the name of a multi-network policy.
 
-* You must specify an annotation with the name of the network attachment definition that defines the macvlan or SR-IOV additional network:
+* You can use the `k8s.v1.cni.cncf.io/policy-for` annotation on a `MultiNetworkPolicy` object to point to a `NetworkAttachmentDefinition` (NAD) custom resource (CR). The NAD CR defines the network to which the policy applies.
 +
+.Example multi-network policy that includes the `k8s.v1.cni.cncf.io/policy-for` annotation
 [source,yaml]
 ----
 apiVersion: k8s.cni.cncf.io/v1beta1
 kind: MultiNetworkPolicy
 metadata:
   annotations:
-    k8s.v1.cni.cncf.io/policy-for: <network_name>
+    k8s.v1.cni.cncf.io/policy-for:<namespace_name>/<network_name>
 ----
 +
 --
 where:
 
+`<namespace_name>`:: Specifies the namespace name.
 `<network_name>`:: Specifies the name of a network attachment definition.
 --
diff --git a/modules/nw-networkpolicy-allow-application-all-namespaces.adoc b/modules/nw-networkpolicy-allow-application-all-namespaces.adoc
index 3d485d1726b0..d70a3227c2b6 100644
--- a/modules/nw-networkpolicy-allow-application-all-namespaces.adoc
+++ b/modules/nw-networkpolicy-allow-application-all-namespaces.adoc
@@ -48,7 +48,7 @@ metadata:
   namespace: default
 ifdef::multi[]
   annotations:
-    k8s.v1.cni.cncf.io/policy-for: <network_name>
+    k8s.v1.cni.cncf.io/policy-for:<namespace_name>/<network_name>
 endif::multi[]
 spec:
   podSelector:
diff --git a/modules/nw-networkpolicy-allow-application-particular-namespace.adoc b/modules/nw-networkpolicy-allow-application-particular-namespace.adoc
index f540bcad2479..014ec4cca756 100644
--- a/modules/nw-networkpolicy-allow-application-particular-namespace.adoc
+++ b/modules/nw-networkpolicy-allow-application-particular-namespace.adoc
@@ -51,7 +51,7 @@ metadata:
   namespace: default
 ifdef::multi[]
   annotations:
-    k8s.v1.cni.cncf.io/policy-for: <network_name>
+    k8s.v1.cni.cncf.io/policy-for:<namespace_name>/<network_name>
 endif::multi[]
 spec:
   podSelector:
diff --git a/modules/nw-networkpolicy-allow-external-clients.adoc b/modules/nw-networkpolicy-allow-external-clients.adoc
index 1eb97514e8d5..b5d88dc53dde 100644
--- a/modules/nw-networkpolicy-allow-external-clients.adoc
+++ b/modules/nw-networkpolicy-allow-external-clients.adoc
@@ -50,7 +50,7 @@ metadata:
   namespace: default
 ifdef::multi[]
   annotations:
-    k8s.v1.cni.cncf.io/policy-for: <network_name>
+    k8s.v1.cni.cncf.io/policy-for:<namespace_name>/<network_name>
 endif::multi[]
 spec:
   policyTypes:
diff --git a/modules/nw-networkpolicy-create-cli.adoc b/modules/nw-networkpolicy-create-cli.adoc
index 0fbb7ab83394..73b42792c4c4 100644
--- a/modules/nw-networkpolicy-create-cli.adoc
+++ b/modules/nw-networkpolicy-create-cli.adoc
@@ -98,7 +98,7 @@ metadata:
   name: allow-same-namespace
 ifdef::multi[]
   annotations:
-    k8s.v1.cni.cncf.io/policy-for: <network_name>
+    k8s.v1.cni.cncf.io/policy-for:<namespace_name>/<network_name>
 endif::multi[]
 spec:
   podSelector:
@@ -133,7 +133,7 @@ metadata:
   name: allow-traffic-pod
 ifdef::multi[]
   annotations:
-    k8s.v1.cni.cncf.io/policy-for: <network_name>
+    k8s.v1.cni.cncf.io/policy-for:<namespace_name>/<network_name>
 endif::multi[]
 spec:
   podSelector:
@@ -180,7 +180,7 @@ metadata:
   name: api-allow
 ifdef::multi[]
   annotations:
-    k8s.v1.cni.cncf.io/policy-for: <network_name>
+    k8s.v1.cni.cncf.io/policy-for:<namespace_name>/<network_name>
 endif::multi[]
 spec:
   podSelector:
diff --git a/modules/nw-networkpolicy-deny-all-allowed.adoc b/modules/nw-networkpolicy-deny-all-allowed.adoc
index ba181b51b00b..c24337e981cb 100644
--- a/modules/nw-networkpolicy-deny-all-allowed.adoc
+++ b/modules/nw-networkpolicy-deny-all-allowed.adoc
@@ -42,7 +42,7 @@ metadata:
   name: deny-by-default
   namespace: default <1>
   annotations:
-    k8s.v1.cni.cncf.io/policy-for: <network_name> <2>
+    k8s.v1.cni.cncf.io/policy-for:<namespace_name>/<network_name> <2>
 spec:
   podSelector: {} <3>
   ingress: [] <4>