chore: Add network policy section (#2984)

tolusha · gtrivedi88 · web-flow · commit 213f3cd56eba · 2025-10-27T16:05:58.000+01:00
* chore: Add network policy section

Signed-off-by: Anatolii Bazko &lt;abazko@redhat.com&gt;

* Update modules/administration-guide/pages/security-best-practices.adoc

Co-authored-by: Gaurav Trivedi &lt;90042568+gtrivedi88@users.noreply.github.com&gt;

* Update modules/administration-guide/pages/security-best-practices.adoc

Co-authored-by: Gaurav Trivedi &lt;90042568+gtrivedi88@users.noreply.github.com&gt;

* Update modules/administration-guide/pages/security-best-practices.adoc

Co-authored-by: Gaurav Trivedi &lt;90042568+gtrivedi88@users.noreply.github.com&gt;

* Update modules/administration-guide/pages/security-best-practices.adoc

Co-authored-by: Gaurav Trivedi &lt;90042568+gtrivedi88@users.noreply.github.com&gt;

* Update modules/administration-guide/pages/security-best-practices.adoc

Co-authored-by: Gaurav Trivedi &lt;90042568+gtrivedi88@users.noreply.github.com&gt;

---------

Signed-off-by: Anatolii Bazko &lt;abazko@redhat.com&gt;
Co-authored-by: Gaurav Trivedi &lt;90042568+gtrivedi88@users.noreply.github.com&gt;
diff --git a/modules/administration-guide/pages/security-best-practices.adoc b/modules/administration-guide/pages/security-best-practices.adoc
@@ -221,7 +221,24 @@ By combining Resource Quotas and Limit Ranges,
 you can enforce project-specific policies to prevent bad actors from consuming excessive resources.
 
 These mechanisms contribute to better resource management, stability, and fairness within an OpenShift cluster.
-More details about link:https://docs.openshift.com/container-platform/4.14/applications/quotas/quotas-setting-per-project.html[Resource Quotas] and link:https://docs.openshift.com/container-platform/4.14/nodes/clusters/nodes-cluster-limit-ranges.html[Limit Ranges] are available in the OpenShift documentation.
+More details about link:https://docs.openshift.com/container-platform/4.14/applications/quotas/quotas-setting-per-project.html[Resource quotas] and link:https://docs.openshift.com/container-platform/4.14/nodes/clusters/nodes-cluster-limit-ranges.html[Limit ranges] are available in the OpenShift documentation.
+
+.Network policies
+
+Network policies provide an additional layer of security by controlling network traffic between
+pods in a {kubernetes} cluster. By default, every pod can communicate with every other pod and service on the cluster,
+see link:https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp4-ver}/html/networking_overview/index#about-openshift-sdn[OpenShift networking overview].
+
+Implementing network policies allows you to:
+
+* Control ingress and egress traffic to and from workspace pods
+* Limit the attack surface by denying unauthorized network access
+
+When configuring network policies for {prod},
+ensure that pods in the {prod-short} namespace can still communicate with pods in user namespaces,
+as this is required for proper functionality.
+
+For detailed instructions on implementing network policies with {prod}, see xref:configuring-network-policies.adoc[].
 
 .Disconnected environment
 
