Networking Troubleshooting¶
Network connectivity and service discovery issues.
LoadBalancer IP Pending¶
Service not receiving external IP.
# Check MetalLB
kubectl get pods -n kmetal-metallb
kubectl logs -n kmetal-metallb -l app.kubernetes.io/component=speaker
# Check IP pools
kubectl get ipaddresspool -n kmetal-metallb
# Create pool if missing
cat <<EOF | kubectl apply -f -
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: default-pool
namespace: kmetal-metallb
spec:
addresses:
- 192.168.1.100-192.168.1.200
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: default-l2
namespace: kmetal-metallb
spec:
ipAddressPools:
- default-pool
EOF
DNS Not Working¶
Pods cannot resolve names.
# Check CoreDNS
kubectl get pods -n kube-system -l k8s-app=kube-dns
kubectl logs -n kube-system -l k8s-app=kube-dns
# Test DNS
kubectl run debug --rm -it --image=busybox -- nslookup kubernetes.default
# Restart if needed
kubectl rollout restart deployment coredns -n kube-system
Pod-to-Pod Connection Fails¶
Pods cannot reach each other.
# Test connectivity
kubectl run debug --rm -it --image=nicolaka/netshoot -- ping <pod-ip>
# Check network policies
kubectl get networkpolicy -n <namespace>
kubectl describe networkpolicy <policy> -n <namespace>
# Check under-cluster CNI (Flannel primary + Kube-OVN secondary via Multus)
kubectl get pods -n kube-flannel -l app=flannel
kubectl get pods -n kube-system -l app=kube-ovn-cni
kubectl get pods -n kube-system -l app=multus
Ingress 404 Errors¶
Ingress returns 404.
# Check ingress configuration
kubectl get ingress <name> -n <namespace>
kubectl describe ingress <name> -n <namespace>
# Verify backend service
kubectl get svc,endpoints <backend> -n <namespace>
# Check ingress controller logs (namespace depends on how you installed it)
kubectl get pods -A | grep ingress
TLS Certificate Issues¶
HTTPS connections fail.
# Check certificate
kubectl get certificate -n <namespace>
kubectl describe certificate <cert> -n <namespace>
# Check cert-manager
kubectl get pods -n kmetal-cert-manager
kubectl logs -n kmetal-cert-manager -l app.kubernetes.io/name=cert-manager
# Delete to retry
kubectl delete certificate <cert> -n <namespace>