Archive Topic Map
Networking
Networking is rarely one thing. It is a chain: edge → controller → service → endpoints → pods → policy. Break the chain into proofs.
Orientation
A curated shelf for study and for retrieval.
The chain of routing
Most routing failures are not deep. They are mismatches in selectors, readiness, ports, or ingress rules. The discipline is to check endpoints before you debate CNI internals.
Treat each hop as a proof point. If you can’t prove the hop, you can’t trust the next.
- Service routing depends on label selectors and Ready endpoints.
- Ingress is a contract interpreted by a controller; without the controller, rules are inert.
- DNS failures can be policy failures and egress failures wearing DNS symptoms.
Fast proofs
Prove endpoints. Prove ports. Prove ingress rule match.
kubectl
shell
kubectl get svc,ep,endpointslices -n <ns>
kubectl describe svc <svc> -n <ns>
kubectl describe ingress <ing> -n <ns>
kubectl get pods -n <ns> -o wideCore texts
Service discovery, ingress gates, and boundary discipline.
Tenet
TenetTenet IV: Service and Network
Communication, service discovery, ingress, and trust boundaries.
Text
Codex GigasIngress, Egress, and the Borders of the Mesh
Edge posture, egress governance, and the cost of implicit pathways.
Text
Codex GigasNetwork Policy and the Discipline of Isolation
Isolation as a first principle: blast radius and service-level boundaries.
Labs and atlas
Where routing fails in practice, structured for speed.
Related maps
Adjacent shelves for continued study.
Topic map
MapTroubleshooting
Continue with the adjacent shelf.
Topic map
MapSecurity
Continue with the adjacent shelf.
Topic map
MapObservability
Continue with the adjacent shelf.
Canonical link
Canonical URL: /library/topics/networking