Bird
Raised Fist0
Kubernetesdevops~5 mins

Debugging service connectivity in Kubernetes - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is the first step to check when a Kubernetes service is not reachable?
Check if the pods behind the service are running and ready using kubectl get pods and kubectl describe pod <pod-name>.
Click to reveal answer
beginner
How can you verify the endpoints associated with a Kubernetes service?
Use kubectl get endpoints <service-name> to see which pod IPs and ports the service routes to.
Click to reveal answer
intermediate
What command helps you test connectivity from inside a pod to a service?
Use kubectl exec -it <pod-name> -- curl <service-name>:<port> to test if the service is reachable from the pod.
Click to reveal answer
intermediate
Why is checking the service type important when debugging connectivity?
Because service types like ClusterIP, NodePort, and LoadBalancer expose services differently, affecting how you can access them.
Click to reveal answer
advanced
What role do Network Policies play in service connectivity?
Network Policies can restrict or allow traffic to pods, so misconfigured policies can block service access.
Click to reveal answer
Which command shows the pods behind a Kubernetes service?
Akubectl get services
Bkubectl get endpoints <service-name>
Ckubectl get nodes
Dkubectl describe pod <pod-name>
What does a ClusterIP service type do?
ABlocks all traffic to the service
BExposes the service on each node's IP at a static port
CExposes the service only inside the cluster
DExposes the service externally using a cloud provider's load balancer
How can you test if a pod can reach a service?
Akubectl logs <pod-name>
Bkubectl get pods
Ckubectl describe service <service-name>
Dkubectl exec -it <pod-name> -- curl <service-name>:<port>
What might cause a service to be unreachable despite pods running?
ANetwork Policies blocking traffic
BPods are in Running state
CService has endpoints
Dkubectl is installed
Which command helps you see detailed info about a pod's status?
Akubectl describe pod <pod-name>
Bkubectl get service <service-name>
Ckubectl get nodes
Dkubectl get endpoints <service-name>
Explain the steps you would take to debug why a Kubernetes service is not reachable from inside the cluster.
Think about checking pods, endpoints, connectivity tests, and network rules.
You got /5 concepts.
    Describe how Network Policies can affect service connectivity in Kubernetes and how to verify if they are causing issues.
    Focus on traffic rules and testing connectivity.
    You got /4 concepts.

      Practice

      (1/5)
      1. What is the primary command to check if a Kubernetes service has endpoints assigned?
      easy
      A. kubectl describe nodes
      B. kubectl get pods
      C. kubectl get endpoints
      D. kubectl get configmaps

      Solution

      1. Step 1: Understand service connectivity basics

        Services route traffic to endpoints, so checking endpoints shows if pods are linked.

      2. Step 2: Use the correct command to list endpoints

        kubectl get endpoints lists endpoints for services, showing if pods are ready.

      3. Final Answer:

        kubectl get endpoints -> Option C

      4. Quick Check:

        Check endpoints = kubectl get endpoints [OK]
      Hint: Use 'kubectl get endpoints' to verify service pod connections [OK]
      Common Mistakes:
      • Using 'kubectl get pods' which shows pods but not service endpoints
      • Checking nodes or configmaps which are unrelated to service endpoints
      • Confusing 'kubectl describe svc' with listing endpoints
      2. Which of the following commands correctly tests DNS resolution inside a Kubernetes pod named web-123?
      easy
      A. kubectl exec web-123 -- nslookup myservice
      B. kubectl exec web-123 nslookup myservice
      C. kubectl exec -it web-123 nslookup myservice
      D. kubectl exec web-123 -- curl myservice

      Solution

      1. Step 1: Understand kubectl exec syntax

        The correct syntax to run a command inside a pod is kubectl exec [pod] -- [command].

      2. Step 2: Identify the command to test DNS

        nslookup tests DNS resolution, so kubectl exec web-123 -- nslookup myservice is correct.

      3. Final Answer:

        kubectl exec web-123 -- nslookup myservice -> Option A

      4. Quick Check:

        Correct exec syntax + nslookup = kubectl exec web-123 -- nslookup myservice [OK]
      Hint: Use '--' before command in kubectl exec to run inside pod [OK]
      Common Mistakes:
      • Omitting '--' which causes command to fail
      • Using '-it' without need for interactive shell
      • Using curl instead of nslookup for DNS test
      3. You run kubectl describe svc myservice and see no endpoints listed. What will be the output of kubectl get endpoints myservice?
      medium
      A. Error from server (NotFound): endpoints "myservice" not found
      B. NAME ENDPOINTS AGE myservice 10.0.0.5:80,10.0.0.6:80 10m
      C. NAME ENDPOINTS AGE myservice 127.0.0.1:80 10m
      D. NAME ENDPOINTS AGE myservice <none> 10m

      Solution

      1. Step 1: Interpret service describe output

        No endpoints means no pods are linked to the service, so endpoints list is empty.

      2. Step 2: Predict endpoints output

        kubectl get endpoints myservice will show the service name with <none> under ENDPOINTS.

      3. Final Answer:

        NAME ENDPOINTS AGE myservice <none> 10m -> Option D

      4. Quick Check:

        No endpoints = <none> shown [OK]
      Hint: No endpoints in describe means endpoints show <none> [OK]
      Common Mistakes:
      • Assuming endpoints will list IPs even if none exist
      • Expecting an error when endpoints exist but are empty
      • Confusing endpoints with pod IPs
      4. A pod cannot reach a service by its DNS name. You run kubectl exec pod1 -- nslookup myservice and get a timeout. What is the most likely cause?
      medium
      A. The pod is missing the DNS policy or DNS is misconfigured
      B. The service has no endpoints, so DNS resolves but no response
      C. The service selector labels do not match any pods
      D. The pod is running in a different namespace without DNS search path

      Solution

      1. Step 1: Analyze DNS timeout symptom

        A DNS timeout means the pod cannot resolve the service name, indicating DNS issues.

      2. Step 2: Identify DNS misconfiguration causes

        Missing DNS policy or broken DNS config in pod causes nslookup timeout, unlike no endpoints which still resolve DNS.

      3. Final Answer:

        The pod is missing the DNS policy or DNS is misconfigured -> Option A

      4. Quick Check:

        DNS timeout = DNS config issue [OK]
      Hint: DNS timeout means DNS config or policy problem, not endpoints [OK]
      Common Mistakes:
      • Confusing DNS resolution failure with no endpoints
      • Assuming label mismatch causes DNS timeout instead of no response
      • Ignoring namespace DNS search path issues
      5. You have a service myservice in namespace prod. A pod in namespace dev tries to connect using curl myservice but fails. Which is the best way to debug this connectivity issue?
      hard
      A. Run kubectl describe pod -n prod myservice to check pod details
      B. Run kubectl exec -n dev pod -- curl myservice.prod.svc.cluster.local to test full DNS name
      C. Run kubectl get svc -n dev myservice to check service in dev namespace
      D. Run kubectl exec -n prod pod -- curl myservice to test from the service namespace

      Solution

      1. Step 1: Understand cross-namespace service access

        Pods in different namespaces must use the full DNS name including namespace to reach a service.

      2. Step 2: Test connectivity using full DNS name from the pod in dev namespace

        Running kubectl exec -n dev pod -- curl myservice.prod.svc.cluster.local tests correct DNS and connectivity.

      3. Final Answer:

        Run kubectl exec -n dev pod -- curl myservice.prod.svc.cluster.local to test full DNS name -> Option B

      4. Quick Check:

        Cross-namespace access needs full DNS name [OK]
      Hint: Use full DNS name with namespace for cross-namespace service access [OK]
      Common Mistakes:
      • Trying to curl service without namespace from another namespace
      • Checking service in wrong namespace
      • Describing pod instead of testing connectivity