Update docs for service.beta.kubernetes.io/aws-load-balancer-type annotation (#4578)

bobert-2 · web-flow · commit 1dd2dee0690d · 2026-02-11T20:58:17.000-08:00
diff --git a/docs/deploy/installation.md b/docs/deploy/installation.md
@@ -11,7 +11,9 @@ The LBC is supported by AWS. Some clusters may be using the legacy "in-tree" fun
 !!!warning "When using AWS Load Balancer Controller v2.5+"
     The AWS LBC provides a mutating webhook for service resources to set the `spec.loadBalancerClass` field for service of type LoadBalancer on create.
     This makes the AWS LBC the **default controller for service** of type LoadBalancer. You can disable this feature and revert to set Cloud Controller Manager (in-tree controller) as the default by setting the helm chart value **enableServiceMutatorWebhook to false** with `--set enableServiceMutatorWebhook=false` .
-    You will no longer be able to provision new Classic Load Balancer (CLB) from your kubernetes service unless you disable this feature. Existing CLB will continue to work fine.
+    You will no longer be able to provision new Classic Load Balancer (CLB) from your kubernetes service unless you disable this feature. Existing CLB will continue to work fine. 
+
+    If you are updating the `type` of an existing Service to `LoadBalancer`, the webhook **will not** run. If you want the LBC to be the controller for your Service, you must specify it explicitly. [See instructions](../guide/service/nlb.md).
 
 ## Supported Kubernetes versions
 * AWS Load Balancer Controller v2.0.0~v2.1.3 requires Kubernetes 1.15-1.21
diff --git a/docs/guide/service/annotations.md b/docs/guide/service/annotations.md
@@ -92,8 +92,9 @@ Traffic Routing can be controlled with following annotations:
         - [Deprecated] For type `nlb-ip`, the controller will provision an NLB with targets registered by IP address. This value is supported for backwards compatibility.
         - For type `external`, the NLB target type depends on the [nlb-target-type](#nlb-target-type) annotation.
 
-    !!!warning "limitations"
-        - This annotation should not be modified after service creation.
+    !!!warning "Limitations"
+        - Do not add or modify this annotation on an existing Service.
+        - Adding or modifying this annotation on an existing Service can result in misconfigured resources, such as leaked AWS resources or exposing your NLB to the internet.
 
     !!!example
         ```
diff --git a/docs/guide/service/nlb.md b/docs/guide/service/nlb.md
@@ -93,10 +93,10 @@ In order for the LBC to manage the reconciliation of Kubernetes Service resource
 
     When you specify the [`service.beta.kubernetes.io/aws-load-balancer-type` annotation](./annotations.md#lb-type) to be `external` on a Kubernetes Service resource of type `LoadBalancer`, the in-tree controller ignores the Service resource. In addition, if you specify the [`service.beta.kubernetes.io/aws-load-balancer-nlb-target-type` annotation](./annotations.md#nlb-target-type) on the Service resource, the LBC takes charge of reconciliation by provisioning an NLB.
 
-    !!! warning
-        - It's not recommended to modify or add the `service.beta.kubernetes.io/aws-load-balancer-type` annotation on an existing Service resource. If a change is desired, delete the existing Service resource and create a new one instead of modifying an existing Service.
-
-        - If you modify this annotation on an existing Service resource, you might end up with leaked LBC resources.
+    !!! warning "Limitations"
+        - Do not add or modify the `service.beta.kubernetes.io/aws-load-balancer-type` annotation on an existing Service.
+        - Adding or modifying this annotation on an existing Service can result in misconfigured resources, such as leaked AWS resources or exposing your NLB to the internet.
+        - If a change is desired, delete the existing Service resource and create a new one instead of modifying an existing Service.
 
     !!! note "backwards compatibility for `nlb-ip` type"
         For backwards compatibility, both the in-tree and LBC controller supports `nlb-ip` as a value for the `service.beta.kubernetes.io/aws-load-balancer-type` annotation. The controllers treats it as if you specified both of the following annotations:
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -94,7 +94,8 @@ markdown_extensions:
   - pymdownx.tasklist:
       custom_checkbox: true
   - pymdownx.superfences
-  - pymdownx.tabbed
+  - pymdownx.tabbed:
+      alternate_style: true
   - pymdownx.emoji:
       emoji_index: !!python/name:material.extensions.emoji.twemoji
       emoji_generator: !!python/name:material.extensions.emoji.to_svg
