Skip to content

Networking Troubleshooting

Network connectivity and service discovery issues.

LoadBalancer IP Pending

Service not receiving external IP.

# Check MetalLB
kubectl get pods -n kmetal-metallb
kubectl logs -n kmetal-metallb -l app.kubernetes.io/component=speaker

# Check IP pools
kubectl get ipaddresspool -n kmetal-metallb

# Create pool if missing
cat <<EOF | kubectl apply -f -
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  name: default-pool
  namespace: kmetal-metallb
spec:
  addresses:

  - 192.168.1.100-192.168.1.200
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
  name: default-l2
  namespace: kmetal-metallb
spec:
  ipAddressPools:

  - default-pool
EOF

DNS Not Working

Pods cannot resolve names.

# Check CoreDNS
kubectl get pods -n kube-system -l k8s-app=kube-dns
kubectl logs -n kube-system -l k8s-app=kube-dns

# Test DNS
kubectl run debug --rm -it --image=busybox -- nslookup kubernetes.default

# Restart if needed
kubectl rollout restart deployment coredns -n kube-system

Pod-to-Pod Connection Fails

Pods cannot reach each other.

# Test connectivity
kubectl run debug --rm -it --image=nicolaka/netshoot -- ping <pod-ip>

# Check network policies
kubectl get networkpolicy -n <namespace>
kubectl describe networkpolicy <policy> -n <namespace>

# Check under-cluster CNI (Flannel primary + Kube-OVN secondary via Multus)
kubectl get pods -n kube-flannel -l app=flannel
kubectl get pods -n kube-system -l app=kube-ovn-cni
kubectl get pods -n kube-system -l app=multus

Ingress 404 Errors

Ingress returns 404.

# Check ingress configuration
kubectl get ingress <name> -n <namespace>
kubectl describe ingress <name> -n <namespace>

# Verify backend service
kubectl get svc,endpoints <backend> -n <namespace>

# Check ingress controller logs (namespace depends on how you installed it)
kubectl get pods -A | grep ingress

TLS Certificate Issues

HTTPS connections fail.

# Check certificate
kubectl get certificate -n <namespace>
kubectl describe certificate <cert> -n <namespace>

# Check cert-manager
kubectl get pods -n kmetal-cert-manager
kubectl logs -n kmetal-cert-manager -l app.kubernetes.io/name=cert-manager

# Delete to retry
kubectl delete certificate <cert> -n <namespace>