Update K3s Service Load Balancer docs

Signed-off-by: manuelbuil <[email protected]>
k3s-io · Oct 17, 2024 · f14e3ab · f14e3ab
1 parent 96c1fcb
commit f14e3ab
Showing 1 changed file with 3 additions and 6 deletions.
diff --git a/docs/networking/networking-services.md b/docs/networking/networking-services.md
@@ -58,15 +58,12 @@ Upstream Kubernetes allows Services of type LoadBalancer to be created, but does
 
 The ServiceLB controller watches Kubernetes [Services](https://kubernetes.io/docs/concepts/services-networking/service/) with the `spec.type` field set to `LoadBalancer`.
 
-For each LoadBalancer Service, a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) is created in the `kube-system` namespace. This DaemonSet in turn creates Pods with a `svc-` prefix, on each node. These Pods use iptables to forward traffic from the Pod's NodePort, to the Service's ClusterIP address and port.
+For each LoadBalancer Service, a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) is created in the `kube-system` namespace. This DaemonSet in turn creates ServiceLB Pods with a `svc-` prefix, on each node. These pods leverage hostPort using the service port, hence they will only be deployed on nodes that have that port available. If there aren't any nodes with that port available, the LB will remain Pending. Note that it is possible to expose multiple Services on the same node, as long as they use different ports.
 
-If the ServiceLB Pod runs on a node that has an external IP configured, the node's external IP is populated into the Service's `status.loadBalancer.ingress` address list. Otherwise, the node's internal IP is used.
+When the ServiceLB Pod runs on a node that has an external IP configured, the node's external IP is populated into the Service's `status.loadBalancer.ingress` address list with `ipMode: VIP`. Otherwise, the node's internal IP is used.
 
-If multiple LoadBalancer Services are created, a separate DaemonSet is created for each Service.
+If the traffic to the external IP is natted, for example in public clouds when using the public IP of the node as external IP, the traffic is propagated into the ServiceLB Pod thanks to hostPort. The pod then uses iptables to forward traffic to the Service's ClusterIP address and port. If instead, the traffic is no natted, kube-proxy iptables chains `KUBE-EXT` will intercept the traffic and forward it to the Service's ClusterIP address and port.
 
-It is possible to expose multiple Services on the same node, as long as they use different ports.
-
-If you try to create a LoadBalancer Service that listens on port 80, the ServiceLB will try to find a free host in the cluster for port 80. If no host with that port is available, the LB will remain Pending.
 
 ### Usage