AKS pods communication with service

Question

AKS pods communication with service

Satish Thamarana 20

In an Azure Kubernetes Service (AKS) cluster, some pods are unable to communicate with services in other namespaces or with external endpoints. The cluster uses Azure CNI for networking. What could be the possible causes of this issue, and how would you troubleshoot and resolve it?

Satish Thamarana 20 Reputation points

2025-05-21T01:15:45.9633333+00:00

After verifying that network policies, service definitions, and endpoints are correctly configured in my AKS cluster, but the pods still cannot resolve DNS names of services or external domains. What could be causing DNS resolution failures in AKS, and how can i troubleshoot and fix this issue?
Pramidha Yathipathi 1,140 Reputation points Microsoft External Staff Moderator

2025-05-21T17:56:08.5866667+00:00
Hi Satish Thamarana,

Ensure that your CoreDNS pod is running properly. You can check its status with the following command:

kubectl get pods -n kube-system | grep coredns

If the CoreDNS pods are not running or have restarted, you may want to check the logs for errors:

kubectl logs <coredns-pod-name> -n kube-system

Sometimes, the Network Security Groups (NSGs) attached to your AKS nodes might be blocking DNS traffic. Make sure that the NSGs allow traffic on port 53 for both UDP and TCP.

Check whether the DNS IP is correctly configured in your cluster. Verify the kubeadm configuration, if you're managing the configuration directly, to ensure that the service IP is within the expected CIDR range.

If you're using custom DNS settings in your pods or a different DNS policy, ensure these settings do not interfere with the default DNS resolution. You can check the DNS policy of a pod with:

kubectl get pod <pod-name> -o=jsonpath='{.spec.dnsPolicy}'

As a last resort, you can run a test pod with DNS utilities and try resolving a domain:

kubectl run -it --rm aks-dns-test --namespace <namespace> --image=debian:stable -- /bin/bash apt-get update -y && apt-get install dnsutils -y

Then try running:

nslookup <service-name>.<namespace>.svc.cluster.local

If you found information helpful, please click "Upvote" and "Accept Answer" on the post to let us know.

If the issue still persist feel free to ask us we are happy to assist you.

Thank You.

Answer accepted by question author

0 additional answers

Your answer

Satish Thamarana 20 Reputation points

2025-05-21T01:15:45.9633333+00:00

After verifying that network policies, service definitions, and endpoints are correctly configured in my AKS cluster, but the pods still cannot resolve DNS names of services or external domains. What could be causing DNS resolution failures in AKS, and how can i troubleshoot and fix this issue?
Pramidha Yathipathi 1,140 Reputation points Microsoft External Staff Moderator

2025-05-21T17:56:08.5866667+00:00

Hi Satish Thamarana,

Ensure that your CoreDNS pod is running properly. You can check its status with the following command:

kubectl get pods -n kube-system | grep coredns

If the CoreDNS pods are not running or have restarted, you may want to check the logs for errors:

kubectl logs <coredns-pod-name> -n kube-system

Sometimes, the Network Security Groups (NSGs) attached to your AKS nodes might be blocking DNS traffic. Make sure that the NSGs allow traffic on port 53 for both UDP and TCP.

Check whether the DNS IP is correctly configured in your cluster. Verify the kubeadm configuration, if you're managing the configuration directly, to ensure that the service IP is within the expected CIDR range.

If you're using custom DNS settings in your pods or a different DNS policy, ensure these settings do not interfere with the default DNS resolution. You can check the DNS policy of a pod with:

kubectl get pod <pod-name> -o=jsonpath='{.spec.dnsPolicy}'

As a last resort, you can run a test pod with DNS utilities and try resolving a domain:

kubectl run -it --rm aks-dns-test --namespace <namespace> --image=debian:stable -- /bin/bash apt-get update -y && apt-get install dnsutils -y

Then try running:

nslookup <service-name>.<namespace>.svc.cluster.local

If you found information helpful, please click "Upvote" and "Accept Answer" on the post to let us know.

If the issue still persist feel free to ask us we are happy to assist you.

Thank You.

Answer 1

Hi Satish Thamarana,

If you have implemented network policies, they might be blocking communication. Run the command:

kubectl get networkpolicies -A

Look for any custom policies that may restrict traffic between namespaces.

Confirm that the service definitions are correct and that the pods are properly registered as endpoints for those services:

kubectl get services -n <namespace-name>

Then check if the pod IPs are included in the service's endpoints:

kubectl describe services <service-name> -n <namespace-name>

Check the logs of the pods that cannot communicate. This can provide insights into any errors they might be encountering:

kubectl logs <pod-name> -n <namespace-name>

Use a test pod to verify connectivity between the pods. You can create a test pod and install necessary utilities:

kubectl run -it --rm aks-ssh --namespace <namespace> --image=debian:stable -- /bin/bash apt-get update -y && apt-get install dnsutils curl netcat-openbsd -y

Then, try reaching the target pod:

curl -Iv http://<pod-ip-address>:<port>

If you're communicating with external endpoints, check any associated Network Security Groups (NSGs) to ensure the necessary ports are open.

Finally, if you’re using Azure services that the pods need to access, ensure that the proper service endpoints or private links are configured correctly.

https://learn.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/connectivity/troubleshoot-connection-pods-services-same-cluster

If you found information helpful, please click "Upvote" on the post to let us know.

If the issue still persist feel free to ask us we are happy to assist you.

Thank You.

Share via

AKS pods communication with service

0 additional answers

Your answer