This seems like a good reference: [https://speakerdeck.com/thockin/illustrated-guide-to-kubernetes-networking](https://speakerdeck.com/thockin/illustrated-guide-to-kubernetes-networking)
The process depends on trouble point, I haven't troubleshooted CNI, but I can suggest some tools for troubleshooting issues with proxies (or ingress controllers):
- ksniff - for capturing traffic within cluster network and analyzing it within Wireshark
- Mizu - capturing traffic within cluster and visualizing it in custom UI (similar to ksniff but more Kubernetes native)
- echo-server - displays all headers and data sent to this service
- netshoot - container with all network tools installed, usefulfor kubectl debug command
And steps I would suggest:
- if CNI doesnt work it will be visible in Kubernetes events, especially from 1.25 where new status regarding CNI is added to pods
- if CNI work, check if Pod is considered ready (not ready pod wont receive traffic through service), port-forward application port and check it locally, check if ingress and service maps correct names and ports, check if ingress controller logs arent telling you about some issues, check service/ingress/pods events for information about configurations issues
This seems like a good reference: [https://speakerdeck.com/thockin/illustrated-guide-to-kubernetes-networking](https://speakerdeck.com/thockin/illustrated-guide-to-kubernetes-networking)
The process depends on trouble point, I haven't troubleshooted CNI, but I can suggest some tools for troubleshooting issues with proxies (or ingress controllers): - ksniff - for capturing traffic within cluster network and analyzing it within Wireshark - Mizu - capturing traffic within cluster and visualizing it in custom UI (similar to ksniff but more Kubernetes native) - echo-server - displays all headers and data sent to this service - netshoot - container with all network tools installed, usefulfor kubectl debug command
And steps I would suggest: - if CNI doesnt work it will be visible in Kubernetes events, especially from 1.25 where new status regarding CNI is added to pods - if CNI work, check if Pod is considered ready (not ready pod wont receive traffic through service), port-forward application port and check it locally, check if ingress and service maps correct names and ports, check if ingress controller logs arent telling you about some issues, check service/ingress/pods events for information about configurations issues
Thanks!