> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ankra.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Kubernetes Networking

> Manage Services, Ingresses, Endpoints, and Network Policies in Ankra

<Note>
  The Networking section provides visibility into how traffic flows to and within your Kubernetes cluster.
</Note>

## Overview

Kubernetes networking resources control how applications communicate:

* **Services** - Stable endpoints for accessing pods
* **Ingresses** - HTTP/HTTPS routing from outside the cluster
* **Ingress Classes** - Configure which ingress controller handles routes
* **Endpoints** - Backend targets for services
* **Network Policies** - Firewall rules between pods

***

## Accessing Networking Resources

Navigate to your cluster and click **Kubernetes** in the sidebar. Networking resources include:

| Resource         | Path                          |
| ---------------- | ----------------------------- |
| Services         | Kubernetes → Services         |
| Ingresses        | Kubernetes → Ingresses        |
| Ingress Classes  | Kubernetes → Ingress Classes  |
| Endpoints        | Kubernetes → Endpoints        |
| Network Policies | Kubernetes → Network Policies |

***

## Services

Services provide stable network identities for pods.

### Service Types

| Type             | Description                                |
| ---------------- | ------------------------------------------ |
| **ClusterIP**    | Internal-only access (default)             |
| **NodePort**     | Exposes on each node's IP at a static port |
| **LoadBalancer** | Provisions external load balancer          |
| **ExternalName** | Maps to external DNS name                  |

### Viewing Services

The Services list shows:

| Column      | Description                                     |
| ----------- | ----------------------------------------------- |
| Name        | Service name                                    |
| Namespace   | Kubernetes namespace                            |
| Type        | ClusterIP, NodePort, LoadBalancer, ExternalName |
| Cluster IP  | Internal cluster IP address                     |
| External IP | External IP (for LoadBalancer)                  |
| Ports       | Port mappings (port:targetPort/protocol)        |
| Age         | Time since creation                             |

### Service Details

Click a service to view:

* **Selector** - Labels used to find backend pods
* **Ports** - Port configurations
* **Endpoints** - Current backend pod IPs
* **Session Affinity** - Sticky session configuration
* **Events** - Recent service events

***

## Ingresses

Ingresses expose HTTP/HTTPS routes from outside the cluster.

### Viewing Ingresses

| Column    | Description              |
| --------- | ------------------------ |
| Name      | Ingress name             |
| Namespace | Kubernetes namespace     |
| Class     | Ingress controller class |
| Hosts     | Hostnames configured     |
| Address   | External IP/hostname     |
| Age       | Time since creation      |

### Ingress Details

Click an ingress to view:

* **Rules** - Host and path routing rules
* **TLS** - Certificate configuration
* **Backend** - Default backend service
* **Annotations** - Controller-specific settings
* **Status** - Load balancer addresses

### Ingress Rules

Each rule defines routing:

```yaml theme={null}
Host: app.example.com
  /api/* → api-service:8080
  /     → frontend-service:80
```

***

## Ingress Classes

Ingress Classes determine which controller handles an Ingress.

### Viewing Ingress Classes

| Column     | Description                       |
| ---------- | --------------------------------- |
| Name       | Class name                        |
| Controller | Controller implementation         |
| Default    | Whether this is the default class |

Common controllers:

* **nginx** - NGINX Ingress Controller
* **traefik** - Traefik
* **alb** - AWS ALB Ingress Controller
* **gce** - Google Cloud Load Balancer

***

## Endpoints

Endpoints are the actual pod IPs backing a Service.

### Viewing Endpoints

| Column    | Description                     |
| --------- | ------------------------------- |
| Name      | Endpoint name (matches Service) |
| Namespace | Kubernetes namespace            |
| Endpoints | List of pod IP:port pairs       |
| Age       | Time since creation             |

### Endpoint Details

* **Subsets** - Groups of ready and not-ready addresses
* **Ports** - Port configurations
* **Addresses** - Pod IPs and node information

### Troubleshooting with Endpoints

If a Service isn't routing traffic:

1. Check if Endpoints exist for the Service
2. Verify pod IPs appear in the Endpoints
3. If empty, check the Service's selector matches pod labels
4. Verify pods are in Running state

***

## Network Policies

Network Policies are firewall rules for pod-to-pod traffic.

### Viewing Network Policies

| Column       | Description                       |
| ------------ | --------------------------------- |
| Name         | Policy name                       |
| Namespace    | Kubernetes namespace              |
| Pod Selector | Which pods this policy applies to |
| Policy Types | Ingress, Egress, or both          |

### Network Policy Details

* **Pod Selector** - Labels that select target pods
* **Ingress Rules** - Allowed incoming traffic sources
* **Egress Rules** - Allowed outgoing traffic destinations
* **Policy Types** - Whether ingress/egress are enforced

### Policy Example

```yaml theme={null}
# Allow traffic only from pods with label app=frontend
ingress:
  - from:
    - podSelector:
        matchLabels:
          app: frontend
    ports:
    - port: 8080
```

***

## Common Tasks

### Troubleshooting Service Connectivity

1. Navigate to **Services** and find the service
2. Click to view details
3. Check **Endpoints**:
   * If empty: Verify pod selectors and pod labels match
   * If present: Verify pods are running and healthy
4. Check **Events** for errors

### Checking Ingress Configuration

1. Navigate to **Ingresses**
2. Click the ingress to view rules
3. Verify:
   * Host matches your domain
   * Paths route to correct services
   * TLS is configured if using HTTPS
4. Check the **Address** for the external endpoint

### Debugging Network Policies

1. Navigate to **Network Policies**
2. Find policies in the affected namespace
3. Check if policies are blocking expected traffic
4. Verify pod selectors and allowed sources/destinations

***

## Tips

<Tip>
  **Check Endpoints First:** Empty Endpoints usually mean a selector mismatch between Service and Pods.
</Tip>

<Tip>
  **Ingress Annotations:** Most ingress functionality is configured via annotations specific to your controller.
</Tip>

<Tip>
  **Default Deny:** If using Network Policies, start with a default-deny policy and explicitly allow required traffic.
</Tip>

***

Still have questions? [Join our Slack community](https://join.slack.com/t/ankra-community/shared_invite/zt-3a5rem8f8-cUho4epX2MoLT83bFf~VSA) and we'll help out.
