From cfb6309c56eeb0ea8d56c0eb6d153cff2c043de7 Mon Sep 17 00:00:00 2001
From: Simon Engmann <simon.engmann@sovity.de>
Date: Mon, 17 Jul 2023 12:37:02 +0200
Subject: [PATCH] Fix example errors for CrossNamespacePodAffinity

Remove references to CrossNamespaceAffinity

The scope CrossNamespaceAffinity does not exist. Attempting to feed the example
YAML to `kubectl create` results in the following error:

> The ResourceQuota "disable-cross-namespace-affinity" is invalid:
> * spec.scopeSelector.matchExpressions.scopeName: Invalid value:
>  "CrossNamespaceAffinity": unsupported scope

Add missing operator for CrossNamespacePodAffinity

Trying to create the example ResourceQuotas without an operator results in the
following error from `kubectl create`:

> The ResourceQuota "disable-cross-namespace-affinity" is invalid:
> * spec.scopeSelector.matchExpressions.operator: Invalid value: "": must be
>   'Exist' when scope is any of ResourceQuotaScopeTerminating,
>   ResourceQuotaScopeNotTerminating, ResourceQuotaScopeBestEffort,
>   ResourceQuotaScopeNotBestEffort or
>   ResourceQuotaScopeCrossNamespacePodAffinity
> * spec.scopeSelector.matchExpressions.operator: Invalid value: "": not a valid
>     selector operator

The error message itself has another bug, as the operator is Exist*s*, not
Exist.

Signed-off-by: Simon Engmann <simon.engmann@sovity.de>
---
 content/en/docs/concepts/policy/resource-quotas.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/content/en/docs/concepts/policy/resource-quotas.md b/content/en/docs/concepts/policy/resource-quotas.md
index c67880458a355..2186c071d1602 100644
--- a/content/en/docs/concepts/policy/resource-quotas.md
+++ b/content/en/docs/concepts/policy/resource-quotas.md
@@ -465,7 +465,7 @@ from getting scheduled in a failure domain.
 
 Using this scope operators can prevent certain namespaces (`foo-ns` in the example below) 
 from having pods that use cross-namespace pod affinity by creating a resource quota object in
-that namespace with `CrossNamespaceAffinity` scope and hard limit of 0:
+that namespace with `CrossNamespacePodAffinity` scope and hard limit of 0:
 
 ```yaml
 apiVersion: v1
@@ -478,11 +478,12 @@ spec:
     pods: "0"
   scopeSelector:
     matchExpressions:
-    - scopeName: CrossNamespaceAffinity
+    - scopeName: CrossNamespacePodAffinity
+      operator: Exists
 ```
 
 If operators want to disallow using `namespaces` and `namespaceSelector` by default, and 
-only allow it for specific namespaces, they could configure `CrossNamespaceAffinity` 
+only allow it for specific namespaces, they could configure `CrossNamespacePodAffinity` 
 as a limited resource by setting the kube-apiserver flag --admission-control-config-file
 to the path of the following configuration file:
 
@@ -497,12 +498,13 @@ plugins:
     limitedResources:
     - resource: pods
       matchScopes:
-      - scopeName: CrossNamespaceAffinity
+      - scopeName: CrossNamespacePodAffinity
+        operator: Exists
 ```
 
 With the above configuration, pods can use `namespaces` and `namespaceSelector` in pod affinity only
 if the namespace where they are created have a resource quota object with 
-`CrossNamespaceAffinity` scope and a hard limit greater than or equal to the number of pods using those fields.
+`CrossNamespacePodAffinity` scope and a hard limit greater than or equal to the number of pods using those fields.
 
 ## Requests compared to Limits {#requests-vs-limits}