Kubernetes Network Debugging Cheat Sheet

Kubernetes Debugging•Permalink

Debug Services, DNS, Ingress, network policies, connectivity, endpoints, and port-forwarding issues.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

Services and Endpoints

List services

Check Service types, ports, and cluster IPs.

↗#

bashANYservicesnetworking

bash

kubectl get svc -A

Describe a service

Inspect selectors, target ports, and events.

↗#

bashANYservicesdescribe

bash

kubectl describe svc <service> -n <namespace>

List endpoints

Verify which backends a Service resolves to.

↗#

bashANYendpointsservices

bash

kubectl get endpoints -A

List EndpointSlices

Inspect endpoint slice distribution for a Service.

↗#

bashANYendpointslicesservices

bash

kubectl get endpointslices -A

Describe an EndpointSlice

Inspect ready addresses and ports at slice level.

↗#

bashANYendpointslicesdescribe

bash

kubectl describe endpointslice <name> -n <namespace>

Show Service selector

Verify that pod labels match the Service selector.

↗#

bashANYservicesselectors

bash

kubectl get svc <service> -n <namespace> -o jsonpath='{.spec.selector}{"
"}'

DNS and Ingress

List Ingress objects

Inspect ingress addresses and classes.

↗#

bashANYingressnetworking

bash

kubectl get ingress -A

Describe an Ingress

Check backend mapping, TLS, and events.

↗#

bashANYingressdescribe

bash

kubectl describe ingress <name> -n <namespace>

Launch a temporary DNS utility pod

Create an interactive pod for nslookup and dig style checks.

↗#

bashANYdnsdebug-pod

bash

kubectl run dnsutils -n <namespace> --image=registry.k8s.io/e2e-test-images/agnhost:2.39 --restart=Never -it --rm -- /bin/sh

Resolve a service from inside a pod

Check internal DNS resolution using the full service name.

↗#

bashANYdnsservices

bash

kubectl exec -it <pod> -n <namespace> -- nslookup <service>.<namespace>.svc.cluster.local

Resolve a service with getent

Alternate DNS check inside Linux-based containers.

↗#

bashANYdnscontainers

bash

kubectl exec -it <pod> -n <namespace> -- getent hosts <service>.<namespace>.svc.cluster.local

Check CoreDNS pods

Verify DNS control-plane pods are healthy.

↗#

bashANYdnscoredns

bash

kubectl get pods -n kube-system -l k8s-app=kube-dns

Read CoreDNS logs

Inspect DNS errors and upstream resolution problems.

↗#

bashANYdnslogs

bash

kubectl logs -n kube-system -l k8s-app=kube-dns --all-containers=true --prefix

Connectivity Testing

Port-forward to a service

Test an internal service from your workstation.

↗#

bashANYport-forwardservice

bash

kubectl port-forward svc/<service> -n <namespace> 8080:80

Test forwarded service with curl

Call the forwarded endpoint locally.

↗#

bashANYcurlservice

bash

curl -i http://127.0.0.1:8080/

Call a service from another pod

Validate in-cluster connectivity and service routing.

↗#

bashANYcurlnetworking

bash

kubectl exec -it <pod> -n <namespace> -- curl -i http://<service>.<namespace>.svc.cluster.local:<port>/

Call a service with wget

Useful in images that have wget but not curl.

↗#

bashANYwgetnetworking

bash

kubectl exec -it <pod> -n <namespace> -- wget -S -O- http://<service>:<port>/

Test TCP connectivity with nc

Check if a target port is reachable from inside the cluster.

↗#

bashANYtcpnc

bash

kubectl exec -it <pod> -n <namespace> -- nc -vz <service> <port>

Show listening ports inside a pod

Inspect which ports the container is actually listening on.

↗#

bashANYportsnetworking

bash

kubectl exec -it <pod> -n <namespace> -- ss -lntup

Network Policies

List NetworkPolicies

See which policies apply in a namespace.

↗#

bashANYnetworkpolicysecurity

bash

kubectl get networkpolicies -A

Describe a NetworkPolicy

Inspect ingress and egress selectors and ports.

↗#

bashANYnetworkpolicydescribe

bash

kubectl describe networkpolicy <name> -n <namespace>

Show pod labels

Verify whether labels match network policy selectors.

↗#

bashANYlabelsnetworkpolicy

bash

kubectl get pod <pod> -n <namespace> --show-labels

Test outbound access from a pod

Validate whether egress is blocked by policy or firewall.

↗#

bashANYegressnetworkpolicy

bash

kubectl exec -it <pod> -n <namespace> -- curl -I https://example.com

Service Debug Playbook

Find pods selected by a service

Confirm that backend pods actually match the selector.

↗#

bashANYservicesselectors

bash

kubectl get pods -n <namespace> -l app=<label> -o wide

Check pod readiness gates for service endpoints

Non-ready pods usually do not appear as ready endpoints.

↗#

bashANYservicesreadiness

bash

kubectl get pod <pod> -n <namespace> -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}{"
"}'

Compare service and endpoints quickly

Display selector and endpoints in separate quick commands.

↗#

bashANYservicesendpoints

bash

kubectl get svc <service> -n <namespace> -o yaml && kubectl get endpoints <service> -n <namespace> -o yaml

More in Kubernetes Debugging

Kubernetes Logs and Events Cheat Sheet

Find pod logs, previous container logs, event timelines, kube-system logs, and cluster incident evidence quickly.

Kubernetes Node Debugging Cheat Sheet

Diagnose node readiness, kubelet issues, pressure conditions, cordon/drain, and node-level debugging with kubectl debug.

Kubernetes Pod Debugging Cheat Sheet

Troubleshoot Pending, CrashLoopBackOff, image pull, readiness, liveness, and init container problems.

Kubernetes Debugging Cheat Sheet

Core kubectl troubleshooting commands for pods, deployments, services, events, logs, exec sessions, and ephemeral debugging.

Recommended next

No recommendations yet.

Browse all sheets →