The Kubernetes interactive network map displays the namespaces in the cluster and their network connections.


System namespaces are filtered out by default. To see system namespaces in the map, click Manage map settings and toggle View system namespaces ON.

System namespaces are:

  • kube-system
  • kube-public
  • cbcontainers-dataplane
  • vmware-system
  • gatekeeper-system
  • tanzu-system
  • tanzu-observability-saas

To view more information for a namespace, click its visual representation in the map.

The map graphically displays the selected namespace and shows all the workloads running in it. For example:

Namespace visual representation in the Kubernetes network map

Within the map, you can:

Namespace Details Panel

The panel to the right of the map provides detailed information on all egress and ingress connections for that namespace, inbound and outbound cross namespace traffic going to and from the namespace, and internal traffic inside the namespace.

Namespace details in the Kubernetes network map

Alerts are indicated in the following ways:

  • In the Runtime section.
  • In the bar chart in the Network Connections section. Alert results from the last 24 hours are included.
  • In the map, an alerted connection is indicated by an exclamation mark icon on its edge.

The panel offers the following views:

  • To view the associated runtime policy, click the hyperlinked policy name. Similarly, you can view scope summary details by clicking the hyperlinked scope name.
  • Clicking View all in the Runtime section of the panel opens the Alerts page, which shows the network connection alerts for this namespace.
  • To view additional network data, click View all in the Network Connections section of the panel:

    Kubernetes namespace on the network map - view all network connections

    In this panel, you can:

    • View ingress, egress, inbound, outbound, and internal network connections.
    • Search for specific network connections
    • Filter table results. For example, in the Egress tab, you can filter results by Public, Private, or Alerts only.
    • Export the network connection data into a CSV file; for example:

      Image of a text file containing Egress network connection data