debugbashMajorpending
Container Networking Debugging in Docker and Kubernetes
Viewed 0 times
docker networkingkubernetes networkingDNScontainerservice discoverydebug
Error Messages
Problem
Containers can't communicate with each other, can't reach external services, or DNS resolution fails inside containers.
Solution
Debug container networking step by step:
Common issues:
# === Docker ===
# 1. Check container network
docker inspect <container> | grep -A 20 NetworkSettings
docker network ls
docker network inspect <network>
# 2. Are containers on same network?
docker network inspect bridge | grep -A 5 Containers
# 3. Test connectivity FROM inside container
docker run --rm --network <network> alpine sh -c \
'ping -c 3 <other-container-name>'
# 4. DNS resolution inside container
docker run --rm alpine nslookup <service-name>
# 5. Check published ports
docker port <container>
# 6. Compose: are services on same network?
# docker-compose.yml services share a default network
# Use service name as hostname
# === Kubernetes ===
# 1. Test DNS from a debug pod
kubectl run debug --rm -it --image=alpine -- sh
> nslookup kubernetes.default
> nslookup <service-name>.<namespace>.svc.cluster.local
> wget -qO- http://<service>:<port>/health
# 2. Check service endpoints
kubectl get endpoints <service-name>
# Empty endpoints = no matching pods (check labels!)
# 3. Check pod labels match service selector
kubectl get pods --show-labels
kubectl describe service <service-name>
# 4. Check NetworkPolicies
kubectl get networkpolicies -A
# 5. Check kube-dns/CoreDNS
kubectl get pods -n kube-system | grep dns
kubectl logs -n kube-system <coredns-pod>
# 6. Port-forward for local testing
kubectl port-forward svc/<service> 8080:80
curl localhost:8080Common issues:
- Services on different Docker networks can't see each other
- K8s service selector doesn't match pod labels
- NetworkPolicy blocking traffic
- CoreDNS not running or misconfigured
Why
Container networking adds abstraction layers (virtual networks, DNS, iptables rules) that can each fail independently. Systematic debugging identifies which layer is broken.
Gotchas
- Docker bridge network doesn't support DNS by name - use user-defined networks
- K8s services need matching pod labels AND the pods must be Ready
Context
Debugging network issues in containerized environments
Revisions (0)
No revisions yet.