Documentation Index
Fetch the complete documentation index at: https://docs.ankra.io/llms.txt
Use this file to discover all available pages before exploring further.
The Networking section provides visibility into how traffic flows to and within your Kubernetes cluster.
Overview
Kubernetes networking resources control how applications communicate:
- Services - Stable endpoints for accessing pods
- Ingresses - HTTP/HTTPS routing from outside the cluster
- Ingress Classes - Configure which ingress controller handles routes
- Endpoints - Backend targets for services
- Network Policies - Firewall rules between pods
Accessing Networking Resources
Navigate to your cluster and click Kubernetes in the sidebar. Networking resources include:
| Resource | Path |
|---|
| Services | Kubernetes → Services |
| Ingresses | Kubernetes → Ingresses |
| Ingress Classes | Kubernetes → Ingress Classes |
| Endpoints | Kubernetes → Endpoints |
| Network Policies | Kubernetes → Network Policies |
Services
Services provide stable network identities for pods.
Service Types
| Type | Description |
|---|
| ClusterIP | Internal-only access (default) |
| NodePort | Exposes on each node’s IP at a static port |
| LoadBalancer | Provisions external load balancer |
| ExternalName | Maps to external DNS name |
Viewing Services
The Services list shows:
| Column | Description |
|---|
| Name | Service name |
| Namespace | Kubernetes namespace |
| Type | ClusterIP, NodePort, LoadBalancer, ExternalName |
| Cluster IP | Internal cluster IP address |
| External IP | External IP (for LoadBalancer) |
| Ports | Port mappings (port:targetPort/protocol) |
| Age | Time since creation |
Service Details
Click a service to view:
- Selector - Labels used to find backend pods
- Ports - Port configurations
- Endpoints - Current backend pod IPs
- Session Affinity - Sticky session configuration
- Events - Recent service events
Ingresses
Ingresses expose HTTP/HTTPS routes from outside the cluster.
Viewing Ingresses
| Column | Description |
|---|
| Name | Ingress name |
| Namespace | Kubernetes namespace |
| Class | Ingress controller class |
| Hosts | Hostnames configured |
| Address | External IP/hostname |
| Age | Time since creation |
Ingress Details
Click an ingress to view:
- Rules - Host and path routing rules
- TLS - Certificate configuration
- Backend - Default backend service
- Annotations - Controller-specific settings
- Status - Load balancer addresses
Ingress Rules
Each rule defines routing:
Host: app.example.com
/api/* → api-service:8080
/ → frontend-service:80
Ingress Classes
Ingress Classes determine which controller handles an Ingress.
Viewing Ingress Classes
| Column | Description |
|---|
| Name | Class name |
| Controller | Controller implementation |
| Default | Whether this is the default class |
- nginx - NGINX Ingress Controller
- traefik - Traefik
- alb - AWS ALB Ingress Controller
- gce - Google Cloud Load Balancer
Endpoints
Endpoints are the actual pod IPs backing a Service.
Viewing Endpoints
| Column | Description |
|---|
| Name | Endpoint name (matches Service) |
| Namespace | Kubernetes namespace |
| Endpoints | List of pod IP:port pairs |
| Age | Time since creation |
Endpoint Details
- Subsets - Groups of ready and not-ready addresses
- Ports - Port configurations
- Addresses - Pod IPs and node information
Troubleshooting with Endpoints
If a Service isn’t routing traffic:
- Check if Endpoints exist for the Service
- Verify pod IPs appear in the Endpoints
- If empty, check the Service’s selector matches pod labels
- Verify pods are in Running state
Network Policies
Network Policies are firewall rules for pod-to-pod traffic.
Viewing Network Policies
| Column | Description |
|---|
| Name | Policy name |
| Namespace | Kubernetes namespace |
| Pod Selector | Which pods this policy applies to |
| Policy Types | Ingress, Egress, or both |
Network Policy Details
- Pod Selector - Labels that select target pods
- Ingress Rules - Allowed incoming traffic sources
- Egress Rules - Allowed outgoing traffic destinations
- Policy Types - Whether ingress/egress are enforced
Policy Example
# Allow traffic only from pods with label app=frontend
ingress:
- from:
- podSelector:
matchLabels:
app: frontend
ports:
- port: 8080
Common Tasks
Troubleshooting Service Connectivity
- Navigate to Services and find the service
- Click to view details
- Check Endpoints:
- If empty: Verify pod selectors and pod labels match
- If present: Verify pods are running and healthy
- Check Events for errors
Checking Ingress Configuration
- Navigate to Ingresses
- Click the ingress to view rules
- Verify:
- Host matches your domain
- Paths route to correct services
- TLS is configured if using HTTPS
- Check the Address for the external endpoint
Debugging Network Policies
- Navigate to Network Policies
- Find policies in the affected namespace
- Check if policies are blocking expected traffic
- Verify pod selectors and allowed sources/destinations
Tips
Check Endpoints First: Empty Endpoints usually mean a selector mismatch between Service and Pods.
Ingress Annotations: Most ingress functionality is configured via annotations specific to your controller.
Default Deny: If using Network Policies, start with a default-deny policy and explicitly allow required traffic.
Still have questions? Join our Slack community and we’ll help out.
