From 70f6478f1327af14037eceff06c05db4074ca45e Mon Sep 17 00:00:00 2001
From: antrea-bot <antreabot@gmail.com>
Date: Wed, 15 Nov 2023 06:08:39 +0000
Subject: [PATCH] Website update for main

---
 content/docs/main/docs/antrea-network-policy.md | 7 +++++++
 content/docs/main/docs/api-reference.html       | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/content/docs/main/docs/antrea-network-policy.md b/content/docs/main/docs/antrea-network-policy.md
index ae3180d4..9d289aa6 100644
--- a/content/docs/main/docs/antrea-network-policy.md
+++ b/content/docs/main/docs/antrea-network-policy.md
@@ -1777,3 +1777,10 @@ Similar RBAC is applied to the ClusterGroup resource.
 - NetworkPolicies are connection/flow oriented and stateful. They apply to
   connections, instead of individual packets, which means established connections
   won't be blocked by new rules.
+- For hairpin service traffic, when a Pod initiates traffic towards the service it provides,
+  and the same Pod is selected as the Endpoint, NetworkPolicies will consistently permit
+  this traffic during ingress enforcement if AntreaProxy is enabled. However, when AntreaProxy
+  is disabled, NetworkPolicies may not function as expected for hairpin service traffic.
+  This is due to kube-proxy performing SNAT, which conceals the original source IP from Antrea.
+  Consequently, NetworkPolicies are unable to differentiate between hairpin service traffic and
+  external traffic in this scenario.
diff --git a/content/docs/main/docs/api-reference.html b/content/docs/main/docs/api-reference.html
index 3ab04925..9aafaee5 100644
--- a/content/docs/main/docs/api-reference.html
+++ b/content/docs/main/docs/api-reference.html
@@ -14574,5 +14574,5 @@ <h3 id="system.antrea.io/v1beta1.BundleStatus">BundleStatus
 <hr/>
 <p><em>
 Generated with <code>gen-crd-api-reference-docs</code>
-on git commit <code>379e039</code>.
+on git commit <code>29bea94</code>.
 </em></p>