Whisperly Logo
Whisperly
Back to Blog
Kubernetes
Tutorial

Kubernetes Network Debugging for Application Developers

Common Kubernetes networking issues that affect your applications and how to diagnose them without deep k8s knowledge.

whisperly Team
15 min read
December 28, 2023

The Developer's Dilemma

When your application works perfectly in development but fails in Kubernetes, networking issues are often the culprit. This guide helps you identify and resolve common Kubernetes networking problems without needing deep Kubernetes expertise.

Understanding Kubernetes Networking

Before diving into debugging, let's understand how Kubernetes networking works at a high level:

Kubernetes Networking Components

1

Pod Networking

Each pod gets its own IP address and can communicate directly with other pods

2

Service Networking

Services provide stable endpoints for accessing pods, handling load balancing and discovery

3

Ingress Controllers

Ingress controllers manage external access to services, typically HTTP/HTTPS routing

4

Network Policies

Network policies control traffic flow between pods, implementing security boundaries

Common Kubernetes Networking Issues

Here are the most common networking problems developers encounter in Kubernetes:

Connectivity Issues

Pod-to-Pod Communication Failures

Pods cannot reach other pods in the same or different namespaces

Service Connection Timeouts

Applications cannot connect to services via their DNS names

External Access Problems

Unable to reach services from outside the cluster

Performance Issues

High Latency

Network requests between services are significantly slower than expected

Intermittent Connection Failures

Connections sometimes work, sometimes fail without clear pattern

Bandwidth Limitations

Network throughput is lower than expected for data-intensive operations

Real-World Case Study: The Mysterious Database Connection Failure

A development team deployed their application to Kubernetes but could not connect to their database:

Symptoms

Application Logs

  • • "Failed to connect to database: connection timed out"
  • • "Database connection pool exhausted"
  • • "Unable to resolve database host"

Environment Details

  • • Application running in Kubernetes cluster
  • • Database hosted outside cluster (AWS RDS)
  • • Database accessible from developer laptops
  • • Same configuration worked in previous environment

Investigation Process

1
Basic Connectivity Check

Used kubectl exec to run network commands inside the application pod

2
DNS Resolution Test

Discovered that DNS resolution was failing for external domains

3
Network Policy Discovery

Found that a default-deny network policy was blocking egress traffic

Debugging Kubernetes Networking Issues

Follow this systematic approach to identify and resolve Kubernetes networking problems:

1

Check Basic Pod Connectivity

Start by testing basic network connectivity from within your pods:

# Get a shell in your pod
kubectl exec -it <pod-name> -- /bin/sh

# Test basic connectivity
ping 8.8.8.8

# Test DNS resolution
nslookup kubernetes.default

# Test connectivity to a service
curl -v http://<service-name>:<port>

# Test external connectivity
curl -v https://google.com
2

Examine Services and Endpoints

Verify that your services are correctly configured and pointing to the right pods:

# Check service configuration
kubectl get service <service-name> -o wide

# Check endpoints for the service
kubectl get endpoints <service-name>

# Describe service for detailed info
kubectl describe service <service-name>

# Check if pods are correctly labeled
kubectl get pods --show-labels | grep <label-selector>
3

Review Network Policies

Check if network policies are blocking traffic:

# List all network policies
kubectl get networkpolicies --all-namespaces

# Describe a specific network policy
kubectl describe networkpolicy <policy-name> -n <namespace>

# Check policies in your namespace
kubectl get networkpolicies -n <your-namespace>

# Temporarily remove a policy for testing
kubectl delete networkpolicy <policy-name> -n <namespace>
4

Inspect Ingress Configuration

If external access is failing, examine your ingress resources:

# Check ingress resources
kubectl get ingress

# Describe ingress for detailed info
kubectl describe ingress <ingress-name>

# Check ingress controller logs
kubectl logs -n <ingress-namespace> -l app=<ingress-controller-label>

# Test ingress endpoint
curl -H "Host: <your-host>" http://<ingress-controller-ip>
5

Analyze with Network Tools

Use specialized tools for deeper network analysis:

Network Debugging Pod

# Create a debug pod
kubectl run debug --image=nixery.dev/shell/curl/telnet/dig/netcat/tcpdump --restart=Never --rm -it -- sh

# Run network diagnostics
ip route
netstat -tuln
traceroute <target>

Packet Capture

# Capture traffic in a pod
kubectl exec <pod-name> -- tcpdump -i any -w /tmp/capture.pcap

# Copy capture file to local
kubectl cp <namespace>/<pod-name>:/tmp/capture.pcap ./capture.pcap

# Analyze with Wireshark or whisperly

Prevention Best Practices

Implement these practices to prevent networking issues in Kubernetes:

Configuration Management

  • Use consistent service naming conventions
  • Document network policies and their purposes
  • Implement health checks for all services
  • Use namespaces to isolate environments

Monitoring and Alerting

  • Monitor service availability and response times
  • Set up alerts for network policy violations
  • Track ingress controller performance
  • Monitor DNS resolution success rates

Testing and Validation

  • Create test pods for network validation
  • Implement end-to-end connectivity tests
  • Validate network policies with test traffic
  • Regularly audit network configurations

Incident Response

  • Document common networking troubleshooting steps
  • Maintain a list of critical network endpoints
  • Establish communication channels for network issues
  • Create runbooks for common network problems

Quick Reference: Common Commands

TaskCommandPurpose
Check pod connectivitykubectl exec -it <pod> -- ping <target>Test basic network connectivity from pod
Check service endpointskubectl get endpoints <service>Verify service is pointing to correct pods
List network policieskubectl get networkpolicies -ASee all network policies in cluster
Test DNS resolutionkubectl exec -it <pod> -- nslookup <service>Verify DNS resolution within cluster
Capture network traffickubectl exec <pod> -- tcpdump -i any -w /tmp/cap.pcapCapture packets for detailed analysis
Check ingress statuskubectl get ingress <name> -o wideView ingress controller and endpoint info

Diagnose Kubernetes Network Issues Automatically

Upload your PCAP file to whisperly and get instant insights into Kubernetes networking problems. No Kubernetes expertise required.

Try whisperly - Free K8s AnalysisKubernetes Networking Guide

Related Articles

Database Connection Timeouts

Why your database "timeouts" aren't actually database problems.

Read Article

API Timeout Debugging Guide

Step-by-step process to diagnose API timeouts without learning Wireshark.

Read Article

DNS Issues: The Silent Killer

Why DNS problems are the #1 cause of mysterious "network timeouts".

Read Article