0
0
Kubernetesdevops~10 mins

Debugging service connectivity in Kubernetes - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Debugging service connectivity
Start: Service unreachable
Check Pod status
Check Service endpoints
Check Network Policies
Check DNS resolution
Check Logs and Events
Fix issue or escalate
End
This flow shows the step-by-step checks to find why a Kubernetes service is not reachable.
Execution Sample
Kubernetes
kubectl get pods
kubectl get svc my-service
kubectl describe svc my-service
kubectl get endpoints my-service
kubectl exec -it pod-name -- curl http://my-service
kubectl logs pod-name
Commands to check pod status, service details, endpoints, test connectivity, and view logs.
Process Table
StepCommandActionResultNext Step
1kubectl get podsCheck if pods are runningPods are RunningCheck service endpoints
2kubectl get svc my-serviceCheck service existence and typeService exists, ClusterIP assignedCheck endpoints
3kubectl get endpoints my-serviceCheck if endpoints are readyEndpoints list is emptyCheck pod labels and selectors
4kubectl describe svc my-serviceVerify selector labelsSelector labels do not match pod labelsFix pod labels or service selector
5kubectl exec -it pod-name -- curl http://my-serviceTest connectivity from podConnection refusedCheck network policies
6kubectl get networkpoliciesCheck network policiesNo restrictive policies foundCheck DNS resolution
7kubectl exec -it pod-name -- nslookup my-serviceCheck DNS resolutionDNS resolves to ClusterIPCheck pod logs
8kubectl logs pod-nameCheck pod logs for errorsNo errors foundFix labels and redeploy
9Fix pod labels to match service selectorUpdate pod labelsPods now match service selectorRecheck endpoints
10kubectl get endpoints my-serviceVerify endpoints after fixEndpoints list shows pod IPsTest connectivity again
11kubectl exec -it pod-name -- curl http://my-serviceTest connectivity from podSuccessful responseIssue resolved
12---End of debugging
💡 Connectivity issue resolved after fixing pod labels to match service selector, endpoints populated, and successful curl test.
Status Tracker
VariableStartAfter Step 3After Step 9Final
Pods statusUnknownRunningRunningRunning
Service selector labelsmismatchmismatchmatchmatch
Endpoints listUnknownEmptyPopulatedPopulated
Connectivity testNot testedFailedFailedSuccessful
Key Moments - 3 Insights
Why do endpoints show empty even though pods are running?
Because the service selector labels do not match the pod labels, so Kubernetes cannot link pods to the service (see execution_table step 3 and 4).
Why does curl to the service fail even when pods are running?
Because no endpoints are associated with the service due to label mismatch, so traffic cannot reach pods (see execution_table step 5).
How do we confirm DNS is not the issue?
By running nslookup inside a pod and seeing the service resolves to the correct ClusterIP (see execution_table step 7).
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, at which step do endpoints become populated?
AStep 3
BStep 10
CStep 9
DStep 7
💡 Hint
Check the 'Endpoints list' column in execution_table rows for when it changes from empty to populated.
According to variable_tracker, what is the state of 'Connectivity test' after step 5?
AFailed
BSuccessful
CNot tested
DUnknown
💡 Hint
Look at the 'Connectivity test' row and the value under 'After Step 3' and 'After Step 9' columns.
If pod labels were correct from the start, which step would be unnecessary?
AStep 4 - Describe service
BStep 6 - Check network policies
CStep 9 - Fix pod labels
DStep 7 - Check DNS resolution
💡 Hint
Refer to the step where pod labels are fixed and consider if that would be needed if labels matched initially.
Concept Snapshot
Debugging service connectivity in Kubernetes:
- Check pod status with 'kubectl get pods'
- Verify service and endpoints with 'kubectl get svc' and 'kubectl get endpoints'
- Ensure service selectors match pod labels
- Test connectivity inside pods using 'curl'
- Check network policies and DNS if needed
- Fix label mismatches to restore connectivity
Full Transcript
When a Kubernetes service is unreachable, start by checking if pods are running using 'kubectl get pods'. Then verify the service exists and has a ClusterIP with 'kubectl get svc'. Next, check if endpoints are populated with 'kubectl get endpoints'. If endpoints are empty, describe the service to check if its selector labels match pod labels. A mismatch means the service cannot route traffic to pods. Fix pod labels or service selectors accordingly. Test connectivity from a pod using curl to the service. If connection fails, check network policies and DNS resolution. Finally, check pod logs for errors. After fixing label mismatches, endpoints populate and connectivity succeeds, resolving the issue.