docs: modify network policy doc note (#16223)

* docs: modify network policy doc note * docs: update to add more clarification
istio · Feb 6, 2025 · 2c629b7 · 2c629b7
1 parent 5825840
commit 2c629b7
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/content/en/docs/ambient/usage/networkpolicy/index.md b/content/en/docs/ambient/usage/networkpolicy/index.md
@@ -16,7 +16,7 @@ An implication of this is that it is possible to create a Kubernetes `NetworkPol
 
 Once you have added applications to the ambient mesh, ambient's secure L4 overlay will tunnel traffic between your pods over port 15008. Once secured traffic enters the target pod with a destination port of 15008, the traffic will be proxied back to the original destination port.
 
-However, `NetworkPolicy` is enforced on the host, outside the pod. This means that if you have preexisting `NetworkPolicy` in place that, for example, will deny list inbound traffic to an ambient pod on every port but 443, you will have to add an exception to that `NetworkPolicy` for port 15008.
+However, `NetworkPolicy` is enforced on the host, outside the pod. This means that if you have preexisting `NetworkPolicy` in place that, for example, will deny list inbound traffic to an ambient pod on every port but 443, you will have to add an exception to that `NetworkPolicy` for port 15008. Sidecar workloads receiving traffic will also need to allow inbound traffic on port 15008 to allow ambient workloads to communicate with them.
 
 For example, the following `NetworkPolicy` will block incoming {{< gloss >}}HBONE{{< /gloss >}} traffic to `my-app` on port 15008:
 
@@ -54,7 +54,7 @@ spec:
       protocol: TCP
 {{< /text >}}
 
-if `my-app` is added to the ambient mesh.
+if `my-app` is added to the mesh.
 
 ## Ambient, health probes, and Kubernetes NetworkPolicy