Kubernetes Network Debugging Cheat Sheet

Kubernetes Debugging•Permalink

Debug Services, DNS, Ingress, network policies, connectivity, endpoints, and port-forwarding issues.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

## Services and Endpoints

List services

↗#

kubectl get svc -A

# Check Service types, ports, and cluster IPs.

Describe a service

↗#

kubectl describe svc <service> -n <namespace>

# Inspect selectors, target ports, and events.

List endpoints

↗#

kubectl get endpoints -A

# Verify which backends a Service resolves to.

List EndpointSlices

↗#

kubectl get endpointslices -A

# Inspect endpoint slice distribution for a Service.

Describe an EndpointSlice

↗#

kubectl describe endpointslice <name> -n <namespace>

# Inspect ready addresses and ports at slice level.

Show Service selector

↗#

kubectl get svc <service> -n <namespace> -o jsonpath='{.spec.selector}{"
"}'

# Verify that pod labels match the Service selector.

## DNS and Ingress

List Ingress objects

↗#

kubectl get ingress -A

# Inspect ingress addresses and classes.

Describe an Ingress

↗#

kubectl describe ingress <name> -n <namespace>

# Check backend mapping, TLS, and events.

Launch a temporary DNS utility pod

↗#

kubectl run dnsutils -n <namespace> --image=registry.k8s.io/e2e-test-images/agnhost:2.39 --restart=Never -it --rm -- /bin/sh

# Create an interactive pod for nslookup and dig style checks.

Resolve a service from inside a pod

↗#

kubectl exec -it <pod> -n <namespace> -- nslookup <service>.<namespace>.svc.cluster.local

# Check internal DNS resolution using the full service name.

Resolve a service with getent

↗#

kubectl exec -it <pod> -n <namespace> -- getent hosts <service>.<namespace>.svc.cluster.local

# Alternate DNS check inside Linux-based containers.

Check CoreDNS pods

↗#

kubectl get pods -n kube-system -l k8s-app=kube-dns

# Verify DNS control-plane pods are healthy.

Read CoreDNS logs

↗#

kubectl logs -n kube-system -l k8s-app=kube-dns --all-containers=true --prefix

# Inspect DNS errors and upstream resolution problems.

## Connectivity Testing

Port-forward to a service

↗#

kubectl port-forward svc/<service> -n <namespace> 8080:80

# Test an internal service from your workstation.

Test forwarded service with curl

↗#

curl -i http://127.0.0.1:8080/

# Call the forwarded endpoint locally.

Call a service from another pod

↗#

kubectl exec -it <pod> -n <namespace> -- curl -i http://<service>.<namespace>.svc.cluster.local:<port>/

# Validate in-cluster connectivity and service routing.

Call a service with wget

↗#

kubectl exec -it <pod> -n <namespace> -- wget -S -O- http://<service>:<port>/

# Useful in images that have wget but not curl.

Test TCP connectivity with nc

↗#

kubectl exec -it <pod> -n <namespace> -- nc -vz <service> <port>

# Check if a target port is reachable from inside the cluster.

Show listening ports inside a pod

↗#

kubectl exec -it <pod> -n <namespace> -- ss -lntup

# Inspect which ports the container is actually listening on.

## Network Policies

List NetworkPolicies

↗#

kubectl get networkpolicies -A

# See which policies apply in a namespace.

Describe a NetworkPolicy

↗#

kubectl describe networkpolicy <name> -n <namespace>

# Inspect ingress and egress selectors and ports.

Show pod labels

↗#

kubectl get pod <pod> -n <namespace> --show-labels

# Verify whether labels match network policy selectors.

Test outbound access from a pod

↗#

kubectl exec -it <pod> -n <namespace> -- curl -I https://example.com

# Validate whether egress is blocked by policy or firewall.

## Service Debug Playbook

Find pods selected by a service

↗#

kubectl get pods -n <namespace> -l app=<label> -o wide

# Confirm that backend pods actually match the selector.

Check pod readiness gates for service endpoints

↗#

kubectl get pod <pod> -n <namespace> -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}{"
"}'

# Non-ready pods usually do not appear as ready endpoints.

Compare service and endpoints quickly

↗#

kubectl get svc <service> -n <namespace> -o yaml && kubectl get endpoints <service> -n <namespace> -o yaml

# Display selector and endpoints in separate quick commands.

More in Kubernetes Debugging

Kubernetes Logs and Events Cheat Sheet

Find pod logs, previous container logs, event timelines, kube-system logs, and cluster incident evidence quickly.

Kubernetes Node Debugging Cheat Sheet

Diagnose node readiness, kubelet issues, pressure conditions, cordon/drain, and node-level debugging with kubectl debug.

Kubernetes Pod Debugging Cheat Sheet

Troubleshoot Pending, CrashLoopBackOff, image pull, readiness, liveness, and init container problems.

Kubernetes Debugging Cheat Sheet

Core kubectl troubleshooting commands for pods, deployments, services, events, logs, exec sessions, and ephemeral debugging.

Recommended next

No recommendations yet.

Browse all sheets →