The Networking section provides visibility into how traffic flows to and within your Kubernetes cluster.
Overview
Kubernetes networking resources control how applications communicate:
- Services - Stable endpoints for accessing pods
- Ingresses - HTTP/HTTPS routing from outside the cluster
- Ingress Classes - Configure which ingress controller handles routes
- Endpoints - Backend targets for services
- Network Policies - Firewall rules between pods
Accessing Networking Resources
Navigate to your cluster and click Kubernetes in the sidebar. Networking resources include:
| Resource | Path |
|---|
| Services | Kubernetes → Services |
| Ingresses | Kubernetes → Ingresses |
| Ingress Classes | Kubernetes → Ingress Classes |
| Endpoints | Kubernetes → Endpoints |
| Network Policies | Kubernetes → Network Policies |
Services
Services provide stable network identities for pods.
Service Types
| Type | Description |
|---|
| ClusterIP | Internal-only access (default) |
| NodePort | Exposes on each node’s IP at a static port |
| LoadBalancer | Provisions external load balancer |
| ExternalName | Maps to external DNS name |
Viewing Services
The Services list shows:
| Column | Description |
|---|
| Name | Service name |
| Namespace | Kubernetes namespace |
| Type | ClusterIP, NodePort, LoadBalancer, ExternalName |
| Cluster IP | Internal cluster IP address |
| External IP | External IP (for LoadBalancer) |
| Ports | Port mappings (port:targetPort/protocol) |
| Age | Time since creation |
Service Details
Click a service to view:
- Selector - Labels used to find backend pods
- Ports - Port configurations
- Endpoints - Current backend pod IPs
- Session Affinity - Sticky session configuration
- Events - Recent service events
Ingresses
Ingresses expose HTTP/HTTPS routes from outside the cluster.
Viewing Ingresses
| Column | Description |
|---|
| Name | Ingress name |
| Namespace | Kubernetes namespace |
| Class | Ingress controller class |
| Hosts | Hostnames configured |
| Address | External IP/hostname |
| Age | Time since creation |
Ingress Details
Click an ingress to view:
- Rules - Host and path routing rules
- TLS - Certificate configuration
- Backend - Default backend service
- Annotations - Controller-specific settings
- Status - Load balancer addresses
Ingress Rules
Each rule defines routing:
Host: app.example.com
/api/* → api-service:8080
/ → frontend-service:80
Ingress Classes
Ingress Classes determine which controller handles an Ingress.
Viewing Ingress Classes
| Column | Description |
|---|
| Name | Class name |
| Controller | Controller implementation |
| Default | Whether this is the default class |
- nginx - NGINX Ingress Controller
- traefik - Traefik
- alb - AWS ALB Ingress Controller
- gce - Google Cloud Load Balancer
Endpoints
Endpoints are the actual pod IPs backing a Service.
Viewing Endpoints
| Column | Description |
|---|
| Name | Endpoint name (matches Service) |
| Namespace | Kubernetes namespace |
| Endpoints | List of pod IP:port pairs |
| Age | Time since creation |
Endpoint Details
- Subsets - Groups of ready and not-ready addresses
- Ports - Port configurations
- Addresses - Pod IPs and node information
Troubleshooting with Endpoints
If a Service isn’t routing traffic:
- Check if Endpoints exist for the Service
- Verify pod IPs appear in the Endpoints
- If empty, check the Service’s selector matches pod labels
- Verify pods are in Running state
Network Policies
Network Policies are firewall rules for pod-to-pod traffic.
Viewing Network Policies
| Column | Description |
|---|
| Name | Policy name |
| Namespace | Kubernetes namespace |
| Pod Selector | Which pods this policy applies to |
| Policy Types | Ingress, Egress, or both |
Network Policy Details
- Pod Selector - Labels that select target pods
- Ingress Rules - Allowed incoming traffic sources
- Egress Rules - Allowed outgoing traffic destinations
- Policy Types - Whether ingress/egress are enforced
Policy Example
# Allow traffic only from pods with label app=frontend
ingress:
- from:
- podSelector:
matchLabels:
app: frontend
ports:
- port: 8080
Common Tasks
Troubleshooting Service Connectivity
- Navigate to Services and find the service
- Click to view details
- Check Endpoints:
- If empty: Verify pod selectors and pod labels match
- If present: Verify pods are running and healthy
- Check Events for errors
Checking Ingress Configuration
- Navigate to Ingresses
- Click the ingress to view rules
- Verify:
- Host matches your domain
- Paths route to correct services
- TLS is configured if using HTTPS
- Check the Address for the external endpoint
Debugging Network Policies
- Navigate to Network Policies
- Find policies in the affected namespace
- Check if policies are blocking expected traffic
- Verify pod selectors and allowed sources/destinations
Tips
Check Endpoints First: Empty Endpoints usually mean a selector mismatch between Service and Pods.
Ingress Annotations: Most ingress functionality is configured via annotations specific to your controller.
Default Deny: If using Network Policies, start with a default-deny policy and explicitly allow required traffic.
Still have questions? Join our Slack community and we’ll help out.
