diff sg with port-security

Signed-off-by: bobz965 <[email protected]>

docs/advance/security-group.en.md

@@ -31,6 +31,11 @@ The specific meaning of each field of the SecurityGroup can be found in the [Kub
 
 Pods bind security-groups by adding annotations, two annotations are used.
 
+- port_security: source address verification. If this function is enabled, only packets with ip addresses assigned by kube-ovn ipam can be exported from the pod network adapter. After this function is disabled, any ip address can be exported
+- security_groups: indicates a security group that contains a series of ACL rules
+
+> These two annotations are responsible for functions that are independent of each other.
+
 ```yaml
     ovn.kubernetes.io/port_security: "true"
     ovn.kubernetes.io/security_groups: sg-example

docs/advance/security-group.md

@@ -31,6 +31,11 @@ spec:
 
 Pod 通过添加 annotation 来绑定安全组，使用的 annotation 有两个：
 
+- port_security: 源地址校验，如果开启，只能 kube-ovn ipam 分配到的 ip 地址的包可以从 pod 网卡出去，关闭后任意 ip 都可以。
+- security_groups： 安全组，包含一系列 ACL 规则。
+
+> 这两个 annotation 负责的功能是互相独立的。
+
 ```yaml
     ovn.kubernetes.io/port_security: "true"
     ovn.kubernetes.io/security_groups: sg-example