advanced config properties

modules/administration-guide/pages/configuring-network-policies.adoc

@@ -38,12 +38,11 @@ spec:
     policyTypes:
     - Ingress
 ----
-====
-+
 <1> The {prod-short} namespace.
 The default is `{prod-namespace}`.
 <2> The empty `podSelector` selects all Pods in the {orch-namespace}.
-
+====
++
 * OPTIONAL: In case you applied link:https://docs.openshift.com/container-platform/{ocp4-ver}/networking/network_policy/multitenant-network-policy.html[Configuring multitenant isolation with network policy], you also must apply `allow-from-openshift-apiserver` and `allow-from-workspaces-namespaces` NetworkPolicies to `{prod-namespace}`. 
 The `allow-from-openshift-apiserver` NetworkPolicy allows incoming traffic from `openshift-apiserver` namespace to the `devworkspace-webhook-server` enabling webhooks.
 The `allow-from-workspaces-namespaces` NetworkPolicy allows incoming traffic from each user project to `che-gateway` pod.
@@ -70,11 +69,10 @@ spec:
   policyTypes:
     - Ingress
 ----
-====
-+
 <1> The {prod-short} namespace.
 The default is `{prod-namespace}`.
 <2> The `podSelector` only selects devworkspace-webhook-server pods
+====
 +
 .`allow-from-workspaces-namespaces.yaml`
 ====
@@ -86,9 +84,7 @@ metadata:
   name: allow-from-workspaces-namespaces
   namespace: {prod-namespace}   <1>
 spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/component: che-gateway   <2>
+  podSelector: {}   <2>
   ingress:
     - from:
         - podSelector: {}
@@ -98,11 +94,11 @@ spec:
   policyTypes:
     - Ingress
 ----
-====
-+
 <1> The {prod-short} namespace.
 The default is `{prod-namespace}`.
-<2> The `podSelector` only selects che-gateway pods
+<2> The empty `podSelector` selects all pods in the {prod-short} namespace.
+====
++
 
 .Additional resources
 * xref:configuring-namespace-provisioning.adoc[]