Kubernetes Network Debugging Cheat Sheet

Kubernetes Debugging•Permalink

Debug Services, DNS, Ingress, network policies, connectivity, endpoints, and port-forwarding issues.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

Services and Endpoints

List services

Check Service types, ports, and cluster IPs.

bashANYservicesnetworking

↗#

bash

kubectl get svc -A

Describe a service

Inspect selectors, target ports, and events.

bashANYservicesdescribe

↗#

bash

kubectl describe svc <service> -n <namespace>

List endpoints

Verify which backends a Service resolves to.

bashANYendpointsservices

↗#

bash

kubectl get endpoints -A

List EndpointSlices

Inspect endpoint slice distribution for a Service.

bashANYendpointslicesservices

↗#

bash

kubectl get endpointslices -A

Describe an EndpointSlice

Inspect ready addresses and ports at slice level.

bashANYendpointslicesdescribe

↗#

bash

kubectl describe endpointslice <name> -n <namespace>

Show Service selector

Verify that pod labels match the Service selector.

bashANYservicesselectors

↗#

bash

kubectl get svc <service> -n <namespace> -o jsonpath='{.spec.selector}{"
"}'

DNS and Ingress

List Ingress objects

Inspect ingress addresses and classes.

bashANYingressnetworking

↗#

bash

kubectl get ingress -A

Describe an Ingress

Check backend mapping, TLS, and events.

bashANYingressdescribe

↗#

bash

kubectl describe ingress <name> -n <namespace>

Launch a temporary DNS utility pod

Create an interactive pod for nslookup and dig style checks.

bashANYdnsdebug-pod

↗#

bash

kubectl run dnsutils -n <namespace> --image=registry.k8s.io/e2e-test-images/agnhost:2.39 --restart=Never -it --rm -- /bin/sh

Resolve a service from inside a pod

Check internal DNS resolution using the full service name.

bashANYdnsservices

↗#

bash

kubectl exec -it <pod> -n <namespace> -- nslookup <service>.<namespace>.svc.cluster.local

Resolve a service with getent

Alternate DNS check inside Linux-based containers.

bashANYdnscontainers

↗#

bash

kubectl exec -it <pod> -n <namespace> -- getent hosts <service>.<namespace>.svc.cluster.local

Check CoreDNS pods

Verify DNS control-plane pods are healthy.

bashANYdnscoredns

↗#

bash

kubectl get pods -n kube-system -l k8s-app=kube-dns

Read CoreDNS logs

Inspect DNS errors and upstream resolution problems.

bashANYdnslogs

↗#

bash

kubectl logs -n kube-system -l k8s-app=kube-dns --all-containers=true --prefix

Connectivity Testing

Port-forward to a service

Test an internal service from your workstation.

bashANYport-forwardservice

↗#

bash

kubectl port-forward svc/<service> -n <namespace> 8080:80

Test forwarded service with curl

Call the forwarded endpoint locally.

bashANYcurlservice

↗#

bash

curl -i http://127.0.0.1:8080/

Call a service from another pod

Validate in-cluster connectivity and service routing.

bashANYcurlnetworking

↗#

bash

kubectl exec -it <pod> -n <namespace> -- curl -i http://<service>.<namespace>.svc.cluster.local:<port>/

Call a service with wget

Useful in images that have wget but not curl.

bashANYwgetnetworking

↗#

bash

kubectl exec -it <pod> -n <namespace> -- wget -S -O- http://<service>:<port>/

Test TCP connectivity with nc

Check if a target port is reachable from inside the cluster.

bashANYtcpnc

↗#

bash

kubectl exec -it <pod> -n <namespace> -- nc -vz <service> <port>

Show listening ports inside a pod

Inspect which ports the container is actually listening on.

bashANYportsnetworking

↗#

bash

kubectl exec -it <pod> -n <namespace> -- ss -lntup

Network Policies

List NetworkPolicies

See which policies apply in a namespace.

bashANYnetworkpolicysecurity

↗#

bash

kubectl get networkpolicies -A

Describe a NetworkPolicy

Inspect ingress and egress selectors and ports.

bashANYnetworkpolicydescribe

↗#

bash

kubectl describe networkpolicy <name> -n <namespace>

Show pod labels

Verify whether labels match network policy selectors.

bashANYlabelsnetworkpolicy

↗#

bash

kubectl get pod <pod> -n <namespace> --show-labels

Test outbound access from a pod

Validate whether egress is blocked by policy or firewall.

bashANYegressnetworkpolicy

↗#

bash

kubectl exec -it <pod> -n <namespace> -- curl -I https://example.com

Service Debug Playbook

Find pods selected by a service

Confirm that backend pods actually match the selector.

bashANYservicesselectors

↗#

bash

kubectl get pods -n <namespace> -l app=<label> -o wide

Check pod readiness gates for service endpoints

Non-ready pods usually do not appear as ready endpoints.

bashANYservicesreadiness

↗#

bash

kubectl get pod <pod> -n <namespace> -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}{"
"}'

Compare service and endpoints quickly

Display selector and endpoints in separate quick commands.

bashANYservicesendpoints

↗#

bash

kubectl get svc <service> -n <namespace> -o yaml && kubectl get endpoints <service> -n <namespace> -o yaml

More in Kubernetes Debugging

Kubernetes Logs and Events Cheat Sheet

Find pod logs, previous container logs, event timelines, kube-system logs, and cluster incident evidence quickly.

Kubernetes Node Debugging Cheat Sheet

Diagnose node readiness, kubelet issues, pressure conditions, cordon/drain, and node-level debugging with kubectl debug.

Kubernetes Pod Debugging Cheat Sheet

Troubleshoot Pending, CrashLoopBackOff, image pull, readiness, liveness, and init container problems.

Kubernetes Debugging Cheat Sheet

Core kubectl troubleshooting commands for pods, deployments, services, events, logs, exec sessions, and ephemeral debugging.

Recommended next

No recommendations yet.

Browse all sheets →