Merge pull request kubernetes#312 from kubernetes/dchen1107-patch-1

update NetworkPolicy Action Required section

release-1.7/release-notes-draft.md

@@ -10,11 +10,9 @@ Extensibility features include, API aggregation, support for extensible admissio
 
 ## **Action Required Before Upgrading**
 
-* NetworkPolicy has been moved from extensions/v1beta1 to the new networking.k8s.io/v1 API group. The structure remains unchanged from the beta1 API. The net.beta.kubernetes.io/network-policy annotation on Namespaces to opt in to isolation has been removed. Instead, isolation is now determined at a per-pod level, with pods being isolated if there is any NetworkPolicy whose spec.podSelector targets them. Pods that are targeted by NetworkPolicies accept traffic that is accepted by any of the NetworkPolicies (and nothing else), and pods that are not targeted by any NetworkPolicy accept all traffic by default. ([#39164](https://github.com/kubernetes/kubernetes/pull/39164), [@danwinship](https://github.com/danwinship))
+* NetworkPolicy has been promoted from extensions/v1beta1 to the new networking.k8s.io/v1 API group. The structure remains unchanged from the beta1 API. The net.beta.kubernetes.io/network-policy annotation on Namespaces to opt in to isolation has been removed. Instead, isolation is now determined at a per-pod level, with pods being isolated if there is any NetworkPolicy whose spec.podSelector targets them. Pods that are targeted by NetworkPolicies accept traffic that is accepted by any of the NetworkPolicies (and nothing else), and pods that are not targeted by any NetworkPolicy accept all traffic by default. ([#39164](https://github.com/kubernetes/kubernetes/pull/39164), [@danwinship](https://github.com/danwinship))
 
-	Action Required: When upgrading to Kubernetes 1.7 (and a [network plugin](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/) that supports the new NetworkPolicy v1 semantics), to ensure full behavioral compatibility with v1beta1:
-
-	In Namespaces that previously had the "DefaultDeny" annotation, you can create equivalent v1 semantics by creating a NetworkPolicy that matches all pods but does not allow any traffic:
+	Action Required: When upgrading to Kubernetes 1.7 (and a [network plugin](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/) that supports the new NetworkPolicy v1 semantics), the beta API used an annotation on Namespaces to activate the DefaultDeny policy for an entire namespace.  To activate default deny in the v1 API, you can create  a NetworkPolicy that matches all pods but does not allow any traffic:
 
       kind: NetworkPolicy
 
@@ -28,7 +26,7 @@ Extensibility features include, API aggregation, support for extensible admissio
 
         podSelector:
 
-	This will ensure that pods that aren't matched by any other NetworkPolicy will continue to be fully-isolated, as they were before.
+	This will ensure that pods that aren't matched by any other NetworkPolicy will continue to be fully-isolated, as they were in v1beta1.
 
 	In Namespaces that previously did not have the "DefaultDeny"  annotation, you should delete any existing NetworkPolicy objects. These would have had no effect before, but with v1 semantics they might cause some traffic to be blocked that you didn't intend to be blocked.