Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions docs/networking/networking-services.md
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,11 @@ ip6tables-save | grep -v KUBE-ROUTER | ip6tables-restore
```
:::

:::warning
Network policies are not enforced at pod startup. kube-router network rules are programmed asynchronously after the pod's network is already live. During this window, all traffic is permitted regardless of any applicable NetworkPolicy. More details can be found [here](https://github.com/cloudnativelabs/kube-router/issues/873).
If stricter enforcement is required, disable the embedded controller and use a CNI plugin with built-in network policy support such as Calico or Cilium.
:::

## Service Load Balancer

Any LoadBalancer controller can be deployed to your K3s cluster. By default, K3s provides a load balancer known as [ServiceLB](https://github.com/k3s-io/klipper-lb) (formerly Klipper LoadBalancer) that uses available host ports.
Expand Down