From d4e973e979855cb886ed90cb536f3a02805e18cf Mon Sep 17 00:00:00 2001 From: Alessandro Olivero Date: Wed, 25 Oct 2023 15:20:00 +0200 Subject: [PATCH] docs: add warinig for api server when security mode is enabled --- docs/_static/css/custom.css | 4 ++++ docs/usage/security-modes.md | 12 ++++++++++++ 2 files changed, 16 insertions(+) diff --git a/docs/_static/css/custom.css b/docs/_static/css/custom.css index cb267337be..537d8d81df 100644 --- a/docs/_static/css/custom.css +++ b/docs/_static/css/custom.css @@ -9,3 +9,7 @@ font-size: 0.85rem !important; line-height: unset !important; } + +.mb { + margin-bottom: 1.5rem !important; +} diff --git a/docs/usage/security-modes.md b/docs/usage/security-modes.md index a9043872c7..0b76c3fca8 100644 --- a/docs/usage/security-modes.md +++ b/docs/usage/security-modes.md @@ -47,6 +47,7 @@ Considering two clusters (C1 and C2) in which the former has started a peering t ```{figure} /_static/images/usage/security-modes/security-modes-schema.drawio.svg --- align: center +class: mb --- ``` @@ -54,6 +55,7 @@ align: center ```{figure} /_static/images/usage/security-modes/matrix-full-p2p.drawio.svg --- align: center +class: mb --- ``` @@ -71,6 +73,7 @@ Using the same rules and conventions already presented for the previous case (_f ```{figure} /_static/images/usage/security-modes/security-modes-schema.drawio.svg --- align: center +class: mb --- ``` @@ -78,10 +81,19 @@ align: center ```{figure} /_static/images/usage/security-modes/matrix-traffic-segregation.drawio.svg --- align: center +class: mb --- ``` +``` {warning} Warning +Currently, when this feature is enabled, your offloaded pods will not be able to reach the local cluster's API Server. +This is due to the fact that the API Server is not exposed as a service, but it is directly reachable through the remapped cluster's IP address. +This limitation will be removed in future. + +For the same reason, the [in-band](FeaturesPeeringInBandControlPlane) peer will not work in this mode. +``` + ## Selection of the security mode The desired security mode can be selected by setting a **flag** at install time or by setting the proper Helm values.