Skip to content

Archive Topic Map

Networking

Networking is rarely one thing. It is a chain: edge → controller → service → endpoints → pods → policy. Break the chain into proofs.

All topic mapsShrine ArchiveLearning Path

Orientation

A curated shelf for study and for retrieval.

The chain of routing

Most routing failures are not deep. They are mismatches in selectors, readiness, ports, or ingress rules. The discipline is to check endpoints before you debate CNI internals.

Treat each hop as a proof point. If you can’t prove the hop, you can’t trust the next.

  • Service routing depends on label selectors and Ready endpoints.
  • Ingress is a contract interpreted by a controller; without the controller, rules are inert.
  • DNS failures can be policy failures and egress failures wearing DNS symptoms.

Fast proofs

Prove endpoints. Prove ports. Prove ingress rule match.

kubectl

shell

kubectl get svc,ep,endpointslices -n <ns>
kubectl describe svc <svc> -n <ns>
kubectl describe ingress <ing> -n <ns>
kubectl get pods -n <ns> -o wide

Core texts

Service discovery, ingress gates, and boundary discipline.

Tenet

Tenet

Tenet IV: Service and Network

Communication, service discovery, ingress, and trust boundaries.

Text

Codex Gigas

Ingress, Egress, and the Borders of the Mesh

Edge posture, egress governance, and the cost of implicit pathways.

Text

Codex Gigas

Network Policy and the Discipline of Isolation

Isolation as a first principle: blast radius and service-level boundaries.

Text

Codex Gigas

Services, Service Discovery, and Traffic Flow

Selectors, EndpointSlices, readiness gating, and the operator proof chain.

Labs and atlas

Where routing fails in practice, structured for speed.

Lab

Lab

Fix a Broken Service Selector

Endpoints-first diagnosis: selectors, labels, readiness, and ports.

Lab

Lab

Ingress Returns 404

Controller health → rule match → service → endpoints → pods.

Atlas

Troubleshoot

Ingress Returns 502/503

Upstream missing/unhealthy/slow: endpoints, readiness, and timeouts.

Text

Codex Gigas

DNS in Kubernetes: What Fails and Why

Classify NXDOMAIN vs timeout vs SERVFAIL; prove from inside the namespace.

Related maps

Adjacent shelves for continued study.

Topic map

Map

Troubleshooting

Continue with the adjacent shelf.

Topic map

Map

Security

Continue with the adjacent shelf.

Topic map

Map

Observability

Continue with the adjacent shelf.

Canonical link

Canonical URL: /library/topics/networking