Skip to content

Troubleshoot pod network with nsenter


This process should be applicable to any Kubernetes environment.


Kubernetes is a widely-used platform for managing containerized applications. As networking is a critical component of any Kubernetes cluster, issues may arise that necessitate troubleshooting. nsenter, a Linux utility that allows entry into the namespaces of other processes, can be a helpful tool in these situations.

In a Kubernetes cluster, each pod has its own network namespace. Thus, nsenter can be used to enter a pod’s network namespace and troubleshoot networking issues from the host node of the pod. This is particularly useful in scenarios where pods lack a shell to exec into or in environments that don’t provide access to a network utility pod for troubleshooting.


Issue: Unable to Connect to a Service

If you’re unable to connect to a service running in a Kubernetes cluster, use nsenter to troubleshoot the issue from the pod’s host node. Here’s how:

  1. Identify the pod running the service using the kubectl get pods command. This lists all the pods in your cluster and their current status.
  2. Find the PID of the container running the pod using the ps aux command.
  3. After identifying the PID, enter the container’s network namespace using the nsenter command. The network namespace is located at /proc/{PID}/ns/net. For example, nsenter -t {PID} -n.
  4. Inside the container’s network namespace, use standard networking tools (like ping, curl, or telnet) to test connectivity to the service.

Issue: Pod Cannot Reach the Internet

If a pod cannot reach the internet, follow the same steps to use nsenter for troubleshooting. However, in the final step, use standard networking tools to test connectivity to external hosts instead of a service.

By using nsenter, you can easily troubleshoot networking issues in your Kubernetes cluster without having to exec into the pod or install additional utilities.