Networking

Aether clusters ship with the Cilium CNI pre-installed, so pod networking is ready the moment your cluster is Ready. You don’t install or configure a CNI yourself.

Network policies

Because Cilium is the CNI, you can use standard Kubernetes NetworkPolicy resources to control traffic between pods, and Cilium’s CiliumNetworkPolicy for richer, identity-aware rules. Apply them like any other manifest with kubectl.

Exposing workloads with a load balancer

Creating a Kubernetes Service of type LoadBalancer provisions a managed load balancer with an external IP, automatically. You don’t have to configure anything outside the cluster:

apiVersion: v1
kind: Service
metadata:
  name: web
spec:
  type: LoadBalancer
  selector:
    app: web
  ports:
    - port: 80
      targetPort: 8080

After you apply this, watch for the external IP to be assigned:

kubectl get service web -w

Once EXTERNAL-IP is populated, your service is reachable at that address.

Ingress and L7 routing

Ingress controllers and L7 (HTTP) routing inside the cluster are your responsibility. Install whichever ingress controller you prefer — for example ingress-nginx — and define your Ingress or gateway resources against it. Typically you’d expose the ingress controller itself with a single LoadBalancer service and route all your HTTP traffic through it.

Tip

Running one ingress controller behind a single managed load balancer is usually cheaper and simpler than giving every service its own LoadBalancer.

Learn more

• Networking model — isolation, the API server endpoint, and outbound access in depth.