Back to Details

k8s-networking

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Kubernetes Networking

Kubernetes 网络管理

Manage Kubernetes networking resources using kubectl-mcp-server's networking tools.
使用kubectl-mcp-server的网络工具管理Kubernetes网络资源。

When to Apply

适用场景

Use this skill when:
  • User mentions: "service", "ingress", "endpoint", "network policy", "load balancer"
  • Operations: exposing applications, configuring routing, network isolation
  • Keywords: "connectivity", "DNS", "traffic", "port", "firewall"
在以下场景中使用本技能:
  • 用户提及:"service"、"ingress"、"endpoint"、"network policy"、"load balancer"
  • 操作场景:暴露应用、配置路由、网络隔离
  • 关键词:"connectivity"、"DNS"、"traffic"、"port"、"firewall"

Priority Rules

优先级规则

PriorityRuleImpactTools
1Check endpoints before troubleshooting servicesCRITICAL
get_endpoints
2Verify service selector matches pod labelsHIGH
get_services
, 
get_pods
3Review network policies for isolationHIGH
get_network_policies
4Test DNS resolution from within podsMEDIUM
kubectl_exec
优先级规则影响级别工具
1排查Service问题前先检查Endpoints关键
get_endpoints
2验证Service选择器与Pod标签匹配
get_services
, 
get_pods
3检查Network Policy以确认隔离配置
get_network_policies
4在Pod内部测试DNS解析
kubectl_exec

Quick Reference

快速参考

TaskToolExample
List services
get_services
get_services(namespace)
Check backends
get_endpoints
get_endpoints(namespace)
List ingresses
get_ingresses
get_ingresses(namespace)
Network policies
get_network_policies
get_network_policies(namespace)
任务工具示例
列出Services
get_services
get_services(namespace)
检查后端
get_endpoints
get_endpoints(namespace)
列出Ingresses
get_ingresses
get_ingresses(namespace)
管理Network Policies
get_network_policies
get_network_policies(namespace)

Services

Services

python
get_services(namespace="default")

describe_service(name="my-service", namespace="default")

create_service(
    name="my-service",
    namespace="default",
    selector={"app": "my-app"},
    ports=[{"port": 80, "targetPort": 8080}]
)

create_service(
    name="my-lb",
    namespace="default",
    type="LoadBalancer",
    selector={"app": "my-app"},
    ports=[{"port": 443, "targetPort": 8443}]
)
python
get_services(namespace="default")

describe_service(name="my-service", namespace="default")

create_service(
    name="my-service",
    namespace="default",
    selector={"app": "my-app"},
    ports=[{"port": 80, "targetPort": 8080}]
)

create_service(
    name="my-lb",
    namespace="default",
    type="LoadBalancer",
    selector={"app": "my-app"},
    ports=[{"port": 443, "targetPort": 8443}]
)

Endpoints

Endpoints

python
get_endpoints(namespace="default")
python
get_endpoints(namespace="default")

Ingress

Ingress

python
get_ingresses(namespace="default")

describe_ingress(name="my-ingress", namespace="default")

kubectl_apply(manifest="""
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  namespace: default
spec:
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80
""")
python
get_ingresses(namespace="default")

describe_ingress(name="my-ingress", namespace="default")

kubectl_apply(manifest="""
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  namespace: default
spec:
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80
""")

Network Policies

Network Policies

python
get_network_policies(namespace="default")

describe_network_policy(name="deny-all", namespace="default")

kubectl_apply(manifest="""
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all
  namespace: default
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
""")

kubectl_apply(manifest="""
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-web
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: web
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: frontend
    ports:
    - port: 80
""")
python
get_network_policies(namespace="default")

describe_network_policy(name="deny-all", namespace="default")

kubectl_apply(manifest="""
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all
  namespace: default
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
""")

kubectl_apply(manifest="""
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-web
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: web
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: frontend
    ports:
    - port: 80
""")

Troubleshooting Connectivity

连接性排查

python
get_endpoints(namespace="default")

get_network_policies(namespace="default")

kubectl_exec(
    pod="debug-pod",
    namespace="default",
    command="nslookup my-service.default.svc.cluster.local"
)
python
get_endpoints(namespace="default")

get_network_policies(namespace="default")

kubectl_exec(
    pod="debug-pod",
    namespace="default",
    command="nslookup my-service.default.svc.cluster.local"
)

Related Skills

相关技能

  • k8s-service-mesh - Istio traffic management
  • k8s-cilium - Cilium network policies
  • k8s-service-mesh - Istio流量管理
  • k8s-cilium - Cilium网络策略