Added newallow-from-kube-apiserver-operator policy

Author: Shubha Narayanan

modules/nw-networkpolicy-multitenant-isolation.adoc

@@ -93,6 +93,31 @@ spec:
 EOF
 ----
 
+.. A policy named `allow-from-kube-apiserver-operator`:
++
+[source,terminal]
+----
+$ cat << EOF| oc create -f -
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-kube-apiserver-operator
+spec:
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: openshift-kube-apiserver-operator
+      podSelector:
+        matchLabels:
+          app: kube-apiserver-operator
+  policyTypes:
+  - Ingress
+EOF
+----
++
+For more details, see link:https://access.redhat.com/solutions/6964520[New `kube-apiserver-operator` webhook controller validating health of webhook].
+
 . Optional: To confirm that the network policies exist in your current project, enter the following command:
 +
 [source,terminal]

modules/nw-networkpolicy-project-defaults.adoc

@@ -59,6 +59,21 @@ objects:
     podSelector: {}
     policyTypes:
     - Ingress
+- apiVersion: networking.k8s.io/v1
+  kind: NetworkPolicy
+  metadata:
+    name: allow-from-kube-apiserver-operator
+  spec:
+    ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            kubernetes.io/metadata.name: openshift-kube-apiserver-operator
+        podSelector:
+          matchLabels:
+            app: kube-apiserver-operator
+    policyTypes:
+    - Ingress
 ...
 ----