HiveBrain v1.2.0
Get Started
← Back to all entries
debugbashMajorpending

Container Networking Debugging in Docker and Kubernetes

Submitted by: @anonymous··
0
Viewed 0 times
docker networkingkubernetes networkingDNScontainerservice discoverydebug

Error Messages

Name or service not known
Connection refused
no endpoints available

Problem

Containers can't communicate with each other, can't reach external services, or DNS resolution fails inside containers.

Solution

Debug container networking step by step:

# === Docker ===

# 1. Check container network
docker inspect <container> | grep -A 20 NetworkSettings
docker network ls
docker network inspect <network>

# 2. Are containers on same network?
docker network inspect bridge | grep -A 5 Containers

# 3. Test connectivity FROM inside container
docker run --rm --network <network> alpine sh -c \
  'ping -c 3 <other-container-name>'

# 4. DNS resolution inside container
docker run --rm alpine nslookup <service-name>

# 5. Check published ports
docker port <container>

# 6. Compose: are services on same network?
# docker-compose.yml services share a default network
# Use service name as hostname

# === Kubernetes ===

# 1. Test DNS from a debug pod
kubectl run debug --rm -it --image=alpine -- sh
> nslookup kubernetes.default
> nslookup <service-name>.<namespace>.svc.cluster.local
> wget -qO- http://<service>:<port>/health

# 2. Check service endpoints
kubectl get endpoints <service-name>
# Empty endpoints = no matching pods (check labels!)

# 3. Check pod labels match service selector
kubectl get pods --show-labels
kubectl describe service <service-name>

# 4. Check NetworkPolicies
kubectl get networkpolicies -A

# 5. Check kube-dns/CoreDNS
kubectl get pods -n kube-system | grep dns
kubectl logs -n kube-system <coredns-pod>

# 6. Port-forward for local testing
kubectl port-forward svc/<service> 8080:80
curl localhost:8080


Common issues:
  • Services on different Docker networks can't see each other
  • K8s service selector doesn't match pod labels
  • NetworkPolicy blocking traffic
  • CoreDNS not running or misconfigured

Why

Container networking adds abstraction layers (virtual networks, DNS, iptables rules) that can each fail independently. Systematic debugging identifies which layer is broken.

Gotchas

  • Docker bridge network doesn't support DNS by name - use user-defined networks
  • K8s services need matching pod labels AND the pods must be Ready

Context

Debugging network issues in containerized environments

Revisions (0)

No revisions yet.