diff --git a/modules/concepts/nav.adoc b/modules/concepts/nav.adoc
index cb658a023..995e21c95 100644
--- a/modules/concepts/nav.adoc
+++ b/modules/concepts/nav.adoc
@@ -1,5 +1,6 @@
 * xref:concepts:index.adoc[]
 ** xref:roles-and-role-groups.adoc[]
+** xref:service-exposition.adoc[]
 ** xref:service_discovery.adoc[]
 ** xref:logging.adoc[]
 ** xref:authentication.adoc[]
@@ -10,4 +11,4 @@
 ** xref:s3.adoc[]
 ** xref:tls_server_verification.adoc[]
 ** xref:pod_placement.adoc[]
-** xref:cluster_operations.adoc[]
\ No newline at end of file
+** xref:cluster_operations.adoc[]
diff --git a/modules/concepts/pages/service-exposition.adoc b/modules/concepts/pages/service-exposition.adoc
new file mode 100644
index 000000000..d5a10ddad
--- /dev/null
+++ b/modules/concepts/pages/service-exposition.adoc
@@ -0,0 +1,16 @@
+= Service exposition
+
+For some deployed products it is sufficient to be only accessible within the Kubernetes cluster, while others need to be accessible from outside the Kubernetes cluster.
+This can e.g. be from your internal corporate network when running on bare metal, your internal network in your cloud provider or the Internet.
+
+As of the release 23.4, the Stackable Operators create Kubernetes Service objects to expose the deployed product.
+For security reasons, the Services default to the `ClusterIP` type in order to avoid exposing anything to the public.
+You can specify the type within the custom resource field `spec.clusterConfig.listenerClass` by setting it to either:
+
+* `cluster-internal` => Use `ClusterIP` (default)
+* `external-unstable` => Use `NodePort`
+* `external-stable` => Use `LoadBalancer`
+
+Please note that as of the release 23.4 not all operators support all the mentioned `Service` types.
+
+In a future release, the `ListenerClass` provided by the xref:listener-operator:index.adoc[listener-operator] will be supported to make things more flexible.