Loading source

Preparing the source view

Pulling the file list, source metadata, and syntax-aware rendering for this listing.

Marketplace

Source from repo

Azure Diagnostics

Debug and troubleshoot Azure Container Apps and Function Apps using logs, KQL, and health checks.

microsoftGitHub microsoftOfficialSource repo Original GitHub link Publisher page

Files

Skill

n/a

Size

105.0 KB

Entrypoint

SKILL.md

Format

git-repo

Open file

troubleshooting/aks/network-policy.md

Syntax-highlighted preview of this file as included in the skill package.

Rendered Source

markdown16 linesFree

Network Policy Troubleshooting

Use this guide when pod-to-pod or pod-to-service traffic is selectively blocked and the symptom points at ingress or egress filtering.

# List all policies in the namespace - check both ingress and egress
kubectl get networkpolicy -n <ns> -o yaml

# Check for a default-deny policy (blocks everything unless explicitly allowed)
kubectl get networkpolicy -n <ns> -o jsonpath='{range .items[?(@.spec.podSelector=={})]}{.metadata.name}{"\n"}{end}'

AKS network policy engine check: Azure NPM (Azure CNI): kubectl get pods -n kube-system -l k8s-app=azure-npm. Calico: kubectl get pods -n calico-system.

Policy audit: source labels, destination labels, destination ingress rules, and source egress rules must all line up. With default-deny, explicitly allow UDP/TCP 53 to kube-dns.