docs: add warinig for api server when security mode is enabled

liqotech · Oct 25, 2023 · d4e973e · d4e973e
1 parent c6b63a1
commit d4e973e
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/docs/_static/css/custom.css b/docs/_static/css/custom.css
@@ -9,3 +9,7 @@
     font-size: 0.85rem !important;
     line-height: unset !important;
 }
+
+.mb {
+    margin-bottom: 1.5rem !important;
+}
diff --git a/docs/usage/security-modes.md b/docs/usage/security-modes.md
@@ -47,13 +47,15 @@ Considering two clusters (C1 and C2) in which the former has started a peering t
 ```{figure} /_static/images/usage/security-modes/security-modes-schema.drawio.svg
 ---
 align: center
+class: mb
 ---
 
 ```
 
 ```{figure} /_static/images/usage/security-modes/matrix-full-p2p.drawio.svg
 ---
 align: center
+class: mb
 ---
 
 ```
@@ -71,17 +73,27 @@ Using the same rules and conventions already presented for the previous case (_f
 ```{figure} /_static/images/usage/security-modes/security-modes-schema.drawio.svg
 ---
 align: center
+class: mb
 ---
 
 ```
 
 ```{figure} /_static/images/usage/security-modes/matrix-traffic-segregation.drawio.svg
 ---
 align: center
+class: mb
 ---
 
 ```
 
+``` {warning} Warning
+Currently, when this feature is enabled, your offloaded pods will not be able to reach the local cluster's API Server.
+This is due to the fact that the API Server is not exposed as a service, but it is directly reachable through the remapped cluster's IP address.
+This limitation will be removed in future.
+
+For the same reason, the [in-band](FeaturesPeeringInBandControlPlane) peer will not work in this mode.
+```
+
 ## Selection of the security mode
 
 The desired security mode can be selected by setting a **flag** at install time or by setting the proper Helm values.