How to troubleshoot Kubernetes networking?

· Category: Kubernetes

Short answer

Troubleshoot Kubernetes networking by verifying Pod status, checking Services and Endpoints, testing DNS resolution, and inspecting network policies and CNI configuration.

Steps

  1. Check Pod status and logs.
  2. Verify the Service exists and has Endpoints.
  3. Test DNS from inside a Pod.
  4. Check NetworkPolicies for blocked traffic.
  5. Inspect CNI plugin logs.

Example

kubectl get pods -o wide
kubectl get svc
kubectl get endpoints <service>
kubectl run -it --rm debug --image=nicolaka/netshoot

Inside the debug pod:

nslookup kubernetes.default
curl -v http://<service>.<namespace>.svc.cluster.local
ping <Pod IP>

Tips

  • Use a debug sidecar or ephemeral containers for troubleshooting.
  • Check kube-proxy logs if service routing fails.
  • Verify MTU settings match between nodes and the overlay network.

Common issues

  • Missing Endpoints indicate the service selector does not match any Pods.
  • DNS failures often mean CoreDNS is down or misconfigured.
  • NetworkPolicies can silently drop traffic without logging.
  • CNI plugin misconfiguration causes node-wide network failures.