Services, Endpoints, and Cluster DNS

Debug service routing end-to-end: selectors, endpoints, kube-proxy, and DNS; detect why traffic does not reach pods.

On this page

Service Routing Model

Service selects pods via labels → creates Endpoints/EndpointSlices.
kube-proxy (or eBPF) routes to endpoint IPs.
Cluster DNS resolves service names to ClusterIP.

Debug Checklist: Selector → Endpoints → Pod

kubectl -n <ns> get svc <svc> -o yaml | sed -n '1,120p'
kubectl -n <ns> get endpoints <svc> -o yaml 2>/dev/null || true
kubectl -n <ns> get endpointslices -l kubernetes.io/service-name=<svc>
kubectl -n <ns> get pods -l <selector> -o wide

In-Cluster Connectivity Test

kubectl -n <ns> run tmp-curl --rm -it --image=curlimages/curl -- sh
# inside:
# nslookup <svc>
# curl -sS -m 2 http://<svc>:<port>/health || true

Failure Modes

No endpoints: selector mismatch or pods not Ready.
DNS ok, curl fails: NetworkPolicy/CNI issue, wrong targetPort.
Intermittent: readiness flapping, node networking issues.

← Deployments and Rollouts (readiness, rollback)

Ingress and Service Exposure →