Manage Kubernetes networking

Suggest edits

This how-to guide explains how to manage Kubernetes networking components that support Hybrid Manager and EDB-managed Postgres services.

For background on recommended networking architecture, see Kubernetes networking best practices. For troubleshooting guidance, see Troubleshooting Kubernetes.

Important: Networking behavior differs across cloud providers and Kubernetes platforms. Before managing networking in production environments, review platform-specific operator guidance:

Common networking management tasks

Typical networking tasks for Hybrid Manager on Kubernetes include:

Inspecting and managing Services (ClusterIP, LoadBalancer)
Managing Ingress resources
Applying and validating NetworkPolicies
Debugging connectivity issues
Monitoring service endpoints

Inspect and manage Services

Hybrid Manager and Postgres services use Kubernetes Services for connectivity:

ClusterIP Services → internal communication (Postgres primary, replicas, Hybrid Manager components)
LoadBalancer Services → external access (UI/API endpoints if configured)

To inspect Services:

Use kubectl get svc -n <namespace> to list Services.
Verify EXTERNAL-IP is assigned correctly for LoadBalancer Services.
Check Endpoints to ensure correct Pods are attached.
Review Service annotations for cloud provider-specific behavior.

Managing Services:

Avoid manual edits to Services created by operators — these are managed declaratively.
Use Service annotations to control LoadBalancer behavior where supported.
Validate firewall rules and cloud SecurityGroups match Service exposure.

Manage Ingress resources

Hybrid Manager can use Ingress to expose services:

OpenShift: Routes are used instead of Ingress.
EKS/GKE/AKS: NGINX Ingress or ALB Ingress commonly used.

Managing Ingress:

Inspect Ingress resources with kubectl get ingress -n <namespace>.
Validate Ingress controller health and configuration.
Check Ingress annotations for behavior tuning (timeouts, TLS settings, WAF integration).

Managing TLS:

Use cert-manager to automate TLS certificate management where possible.
Validate that Ingress resources correctly reference TLS secrets.

Apply and validate NetworkPolicies

Use Kubernetes NetworkPolicies to control Pod-to-Pod and Pod-to-external traffic.

Managing NetworkPolicies:

Define NetworkPolicies per namespace or per component.
Test policies carefully to avoid blocking necessary traffic (especially replication and monitoring).
Validate NetworkPolicy enforcement using test Pods (e.g. busybox).

Typical patterns:

Allow Hybrid Manager components to communicate with each other and with Postgres.
Deny all unnecessary traffic by default.
Allow monitoring traffic from observability stack to Pods.

Validating policies:

Use tools like kubectl get networkpolicy -n <namespace> to inspect policies.
Test connectivity with simple tools (e.g. netcat, curl) inside Pods.

Debug connectivity issues

When troubleshooting network issues:

Check Service Endpoints → missing endpoints often indicate Pod readiness problems.
Validate DNS resolution inside the cluster → use tools like nslookup or dig inside Pods.
Inspect Ingress controller logs for errors.
Validate cloud LoadBalancer health checks and status.
Check NetworkPolicies → look for unintentionally blocked traffic.

For detailed troubleshooting guidance, see Troubleshooting Kubernetes.

Monitor service endpoints

Best practices:

Monitor Kubernetes Service Endpoints for expected readiness.
Monitor LoadBalancer health status (cloud provider dashboards or metrics).
Validate Ingress availability and TLS validity.
Set up synthetic monitoring for key user-facing endpoints (Hybrid Manager UI/API).

Service-level monitoring complements Pod-level and infrastructure monitoring.

Summary checklist

Regularly inspect and validate Services and Endpoints.
Manage Ingress and TLS carefully per platform conventions.
Apply and validate NetworkPolicies to enforce security boundaries.
Debug connectivity issues systematically across layers.
Monitor service availability continuously.

Could this page be better? Report a problem or suggest an addition!