[v0.30] docs(vcluster): use distinct diagrams for private-nodes and standalone (#1616) (#1619)

* Backport: Copy vcluster/_fragments/private-nodes.mdx to vcluster_versioned_docs/version-0.30.0/_fragments/private-nodes.mdx

* Backport: Copy vcluster/_fragments/standalone.mdx to vcluster_versioned_docs/version-0.30.0/_fragments/standalone.mdx

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Author: github-actions[bot]

vcluster_versioned_docs/version-0.30.0/_fragments/private-nodes.mdx

@@ -1,7 +1,7 @@
 import PrivateNodeLimitations from './private-nodes-limitations.mdx'
 
 Using private nodes is a tenancy model for vCluster where, instead of sharing the host cluster’s worker nodes, individual worker nodes are joined to a vCluster.
- These private nodes act as the vCluster’s worker nodes and are treated as worker nodes for the vCluster. 
+ These private nodes act as the vCluster’s worker nodes and are treated as worker nodes for the vCluster.
 
 Because these nodes are real Kubernetes nodes, vCluster does not sync any resources to the host cluster as no host cluster worker nodes are used. All workloads run directly on the attached nodes as if they were native to the virtual cluster.
 
@@ -17,9 +17,9 @@ To allow nodes to join the virtual cluster, the cluster must be exposed and acce
 <center>
 
 <img
-src="/docs/media/private-nodes/architecture.png"
+src="/docs/media/diagrams/private-nodes.png"
 width='800'
-alt="Overview"
+alt="Private nodes architecture showing dedicated worker nodes per vCluster"
 />
 </center>
 
@@ -28,10 +28,10 @@ alt="Overview"
 
 ## How private nodes can be provisioned
 
-Private nodes can be provisioned in two different ways: 
+Private nodes can be provisioned in two different ways:
 
-* **[Manually provisioned](../../../deploy/worker-nodes/private-nodes/join)** - Nodes that were provisioned outside of vCluster. These nodes are joined to vCluster using a vCluster CLI command. 
-* **[Automatically provisioned](./auto-nodes)** -  Nodes that are provisioned on-demand based on the vCluster configuration and resource requirements. vCluster is connected to vCluster Platform and references a node provider defined in 
+* **[Manually provisioned](../../../deploy/worker-nodes/private-nodes/join)** - Nodes that were provisioned outside of vCluster. These nodes are joined to vCluster using a vCluster CLI command.
+* **[Automatically provisioned](./auto-nodes)** -  Nodes that are provisioned on-demand based on the vCluster configuration and resource requirements. vCluster is connected to vCluster Platform and references a node provider defined in
 vCluster Platform.
 
 
@@ -75,4 +75,28 @@ controlPlane:
       enabled: true
 ```
 
-<PrivateNodeLimitations />
+<PrivateNodeLimitations />
+
+### Network policies
+If you are using [network policies](../configure/vcluster-yaml/policies/network-policy.mdx), private nodes traffic into the virtual cluster control plane must be allowed.
+
+```yaml title="vcluster.yaml"
+privateNodes:
+  enabled: true
+
+controlPlane:
+  service:
+    spec:
+      type: LoadBalancer
+
+policies:
+  networkPolicy:
+    enabled: true
+    controlPlane:
+      ingress:
+        - from:
+            # Allow incoming traffic from the load balancer internal IP address.
+            # This example is allowing incoming traffic from any address. Load balancer internal CIDR should be used.
+            - ipBlock:
+                cidr: 0.0.0.0/0
+```

vcluster_versioned_docs/version-0.30.0/_fragments/standalone.mdx

@@ -11,6 +11,6 @@ nodes must be private nodes.
 <center>
   <img
     src="/docs/media/private-nodes/architecture.png"
-    alt="vCluster Standalone Architecture"
+    alt="Comparison of traditional vCluster (control plane as pod) versus vCluster Standalone (control plane as binary on dedicated nodes)"
   />
 </center>