diff --git a/modules/nw-multi-network-policy-differences.adoc b/modules/nw-multi-network-policy-differences.adoc index d4197775b2ba..fa9f979c9ca2 100644 --- a/modules/nw-multi-network-policy-differences.adoc +++ b/modules/nw-multi-network-policy-differences.adoc @@ -13,19 +13,21 @@ kind: MultiNetworkPolicy * You must use the `multi-networkpolicy` resource name when using the CLI to interact with multi-network policies. For example, you can view a multi-network policy object with the `oc get multi-networkpolicy ` command where `` is the name of a multi-network policy. -* You must specify an annotation with the name of the network attachment definition that defines the macvlan or SR-IOV additional network: +* You can use the `k8s.v1.cni.cncf.io/policy-for` annotation on a `MultiNetworkPolicy` object to point to a `NetworkAttachmentDefinition` (NAD) custom resource (CR). The NAD CR defines the network to which the policy applies. + +.Example multi-network policy that includes the `k8s.v1.cni.cncf.io/policy-for` annotation [source,yaml] ---- apiVersion: k8s.cni.cncf.io/v1beta1 kind: MultiNetworkPolicy metadata: annotations: - k8s.v1.cni.cncf.io/policy-for: + k8s.v1.cni.cncf.io/policy-for:/ ---- + -- where: +``:: Specifies the namespace name. ``:: Specifies the name of a network attachment definition. -- diff --git a/modules/nw-networkpolicy-allow-application-all-namespaces.adoc b/modules/nw-networkpolicy-allow-application-all-namespaces.adoc index ce417fc2d642..00b97d83b045 100644 --- a/modules/nw-networkpolicy-allow-application-all-namespaces.adoc +++ b/modules/nw-networkpolicy-allow-application-all-namespaces.adoc @@ -57,7 +57,7 @@ metadata: namespace: default ifdef::multi[] annotations: - k8s.v1.cni.cncf.io/policy-for: + k8s.v1.cni.cncf.io/policy-for:/ endif::multi[] spec: podSelector: diff --git a/modules/nw-networkpolicy-allow-application-particular-namespace.adoc b/modules/nw-networkpolicy-allow-application-particular-namespace.adoc index 5cffca4eb18e..315a267a867c 100644 --- a/modules/nw-networkpolicy-allow-application-particular-namespace.adoc +++ b/modules/nw-networkpolicy-allow-application-particular-namespace.adoc @@ -59,7 +59,7 @@ metadata: namespace: default ifdef::multi[] annotations: - k8s.v1.cni.cncf.io/policy-for: + k8s.v1.cni.cncf.io/policy-for:/ endif::multi[] spec: podSelector: diff --git a/modules/nw-networkpolicy-allow-external-clients.adoc b/modules/nw-networkpolicy-allow-external-clients.adoc index e91d5e5d929c..9e09e4189a25 100644 --- a/modules/nw-networkpolicy-allow-external-clients.adoc +++ b/modules/nw-networkpolicy-allow-external-clients.adoc @@ -58,7 +58,7 @@ metadata: namespace: default ifdef::multi[] annotations: - k8s.v1.cni.cncf.io/policy-for: + k8s.v1.cni.cncf.io/policy-for:/ endif::multi[] spec: policyTypes: diff --git a/modules/nw-networkpolicy-create-cli.adoc b/modules/nw-networkpolicy-create-cli.adoc index 199258755a37..64fa1b18e527 100644 --- a/modules/nw-networkpolicy-create-cli.adoc +++ b/modules/nw-networkpolicy-create-cli.adoc @@ -108,7 +108,7 @@ metadata: name: allow-same-namespace ifdef::multi[] annotations: - k8s.v1.cni.cncf.io/policy-for: + k8s.v1.cni.cncf.io/policy-for:/ endif::multi[] spec: podSelector: @@ -143,7 +143,7 @@ metadata: name: allow-traffic-pod ifdef::multi[] annotations: - k8s.v1.cni.cncf.io/policy-for: + k8s.v1.cni.cncf.io/policy-for:/ endif::multi[] spec: podSelector: @@ -190,7 +190,7 @@ metadata: name: api-allow ifdef::multi[] annotations: - k8s.v1.cni.cncf.io/policy-for: + k8s.v1.cni.cncf.io/policy-for:/ endif::multi[] spec: podSelector: diff --git a/modules/nw-networkpolicy-deny-all-allowed.adoc b/modules/nw-networkpolicy-deny-all-allowed.adoc index 4c767b062e0f..119db3b24e35 100644 --- a/modules/nw-networkpolicy-deny-all-allowed.adoc +++ b/modules/nw-networkpolicy-deny-all-allowed.adoc @@ -50,7 +50,7 @@ metadata: name: deny-by-default namespace: default <1> annotations: - k8s.v1.cni.cncf.io/policy-for: <2> + k8s.v1.cni.cncf.io/policy-for:/ <2> spec: podSelector: {} <3> ingress: [] <4>