Website update for main

antrea-io · Nov 15, 2023 · 70f6478 · 70f6478
1 parent 38439c9
commit 70f6478
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/content/docs/main/docs/antrea-network-policy.md b/content/docs/main/docs/antrea-network-policy.md
@@ -1777,3 +1777,10 @@ Similar RBAC is applied to the ClusterGroup resource.
 - NetworkPolicies are connection/flow oriented and stateful. They apply to
   connections, instead of individual packets, which means established connections
   won't be blocked by new rules.
+- For hairpin service traffic, when a Pod initiates traffic towards the service it provides,
+  and the same Pod is selected as the Endpoint, NetworkPolicies will consistently permit
+  this traffic during ingress enforcement if AntreaProxy is enabled. However, when AntreaProxy
+  is disabled, NetworkPolicies may not function as expected for hairpin service traffic.
+  This is due to kube-proxy performing SNAT, which conceals the original source IP from Antrea.
+  Consequently, NetworkPolicies are unable to differentiate between hairpin service traffic and
+  external traffic in this scenario.
diff --git a/content/docs/main/docs/api-reference.html b/content/docs/main/docs/api-reference.html
@@ -14574,5 +14574,5 @@ <h3 id="system.antrea.io/v1beta1.BundleStatus">BundleStatus
 <hr/>
 <p><em>
 Generated with <code>gen-crd-api-reference-docs</code>
-on git commit <code>379e039</code>.
+on git commit <code>29bea94</code>.
 </em></p>