Merge pull request #68467 from JoeAldinger/OCPBUGS-23460

OCPBUGS-234060: clarifies example labels

Author: JoeAldinger

modules/nw-infw-operator-rules-object.adoc

@@ -83,7 +83,7 @@ spec:
   - eth0
   nodeSelector:
     matchLabels:
-      <do_node_ingress_firewall>: 'true'
+      <ingress_firewall_label_name>: <label_value> <1>
   ingress:
   - sourceCIDRs:
        - 172.16.0.0/12
@@ -110,6 +110,7 @@ spec:
           icmpType: 128 #ICMPV6 Echo request
       action: Deny
 ----
+<1> A <label_name> and a <label_value> must exist on the node and must match the `nodeselector` label and value applied to the nodes you want the `ingressfirewallconfig` CR to run on. The <label_value> can be `true` or `false`. By using `nodeSelector` labels, you can target separate groups of nodes to apply different rules to using the `ingressfirewallconfig` CR.
 
 [discrete]
 [id="nw-ingress-node-firewall-zero-trust-example-cr_{context}"]
@@ -136,10 +137,10 @@ spec:
  - eth1 <1>
  nodeSelector:
    matchLabels:
-     <do_node_ingress_firewall>: 'true'
+     <ingress_firewall_label_name>: <label_value> <2>
  ingress:
  - sourceCIDRs:
-      - 0.0.0.0/0 <2>
+      - 0.0.0.0/0 <3>
    rules:
    - order: 10
      protocolConfig:
@@ -148,8 +149,9 @@ spec:
          ports: 22
      action: Allow
    - order: 20
-     action: Deny <3>
+     action: Deny <4>
 ----
-<1> Multi-interface cluster
-<2> `0.0.0.0/0` set to match any CIDR
-<3> `action` set to `deny`
+<1> Network-interface cluster
+<2> The <label_name> and <label_value> needs to match the `nodeSelector` label and value applied to the specific nodes with which you wish to apply the `ingressfirewallconfig` CR.
+<3> `0.0.0.0/0` set to match any CIDR
+<4> `action` set to `Deny`