From 698910c0315e8ba83411447272da838eb5bb6bc6 Mon Sep 17 00:00:00 2001
From: Andrew Taylor <antaylor@redhat.com>
Date: Thu, 4 Apr 2019 18:06:29 -0400
Subject: [PATCH] bug 1656374 added notes for NetworkPolicy feature support

bug 1656374 amendments
---
 admin_guide/managing_networking.adoc |  7 ++++++-
 install_config/configuring_sdn.adoc  | 12 ++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/admin_guide/managing_networking.adoc b/admin_guide/managing_networking.adoc
index 1fc8806e1556..2de1e2a27851 100644
--- a/admin_guide/managing_networking.adoc
+++ b/admin_guide/managing_networking.adoc
@@ -1374,11 +1374,16 @@ network isolation and do not support Kubernetes `NetworkPolicy`. However,
 
 [NOTE]
 ====
-Only the `v1` NetworkPolicy features are available in {product-title}. This
+The `v1` NetworkPolicy features are available only in {product-title}. This
 means that egress policy types, IPBlock, and combining `podSelector` and
 `namespaceSelector` are not available in {product-title}.
 ====
 
+[NOTE]
+====
+Do not apply `NetworkPolicy` features on default {product-title} projects, because they can disrupt communication with the cluster.
+====
+
 In a cluster
 ifdef::openshift-enterprise,openshift-origin[]
 xref:../install_config/configuring_sdn.adoc#install-config-configuring-sdn[configured
diff --git a/install_config/configuring_sdn.adoc b/install_config/configuring_sdn.adoc
index fbe45e166254..256c310ec9b7 100644
--- a/install_config/configuring_sdn.adoc
+++ b/install_config/configuring_sdn.adoc
@@ -348,6 +348,18 @@ $ oc get netnamespace
 [[migrating-between-sdn-plugins-networkpolicy]]
 === Migrating from ovs-multitenant to ovs-networkpolicy
 
+[NOTE]
+====
+The `v1` NetworkPolicy features are available only in {product-title}. This
+means that egress policy types, IPBlock, and combining `podSelector` and
+`namespaceSelector` are not available in {product-title}.
+====
+
+[NOTE]
+====
+Do not apply `NetworkPolicy` features on default {product-title} projects, because they can disrupt communication with the cluster.
+====
+
 In addition to the generic plug-in migration steps above in the xref:migrating-between-sdn-plugins[Migrating between SDN plug-ins section], there is one additional
 step when migrating from the *ovs-multitenant* plug-in to the
 *ovs-networkpolicy* plug-in; you must ensure that every namespace has a unique