Add clarity about egress/ingress combination

NillsF · web-flow · commit 7277714c8f50 · 2021-01-05T09:14:10.000-08:00
In reference to kubernetes/kubernetes#97489 Add clarity in the documentation about the case of having an egress and ingress policy where one is blocking and the other is allowing.
diff --git a/content/en/docs/concepts/services-networking/network-policies.md b/content/en/docs/concepts/services-networking/network-policies.md
@@ -35,6 +35,8 @@ Pods become isolated by having a NetworkPolicy that selects them. Once there is
 
 Network policies do not conflict; they are additive. If any policy or policies select a pod, the pod is restricted to what is allowed by the union of those policies' ingress/egress rules. Thus, order of evaluation does not affect the policy result.
 
+For a network flow between two pods to be allowed, both the egress policy on the source pod and the ingress policy on the destination pod need to allow the traffic. If either the egress policy on the source, or the ingress policy on the destination denies the traffic, the traffic will be denied.
+
 ## The NetworkPolicy resource {#networkpolicy-resource}
 
 See the [NetworkPolicy](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#networkpolicy-v1-networking-k8s-io) reference for a full definition of the resource.
