Source from repo

Azure Diagnostics

Debug and troubleshoot Azure Container Apps and Function Apps using logs, KQL, and health checks.

microsoftGitHub microsoftOfficialSource repo Original GitHub link Publisher page

Files

Skill

n/a

Size

105.0 KB

Entrypoint

SKILL.md

Format

git-repo

Open file

troubleshooting/aks/network-policy.md

Syntax-highlighted preview of this file as included in the skill package.

Rendered Source

markdown16 linesFree

troubleshooting/aks/network-policy.md

1# Network Policy Troubleshooting
2 
3Use this guide when pod-to-pod or pod-to-service traffic is selectively blocked and the symptom points at ingress or egress filtering.
4 
5```bash
6# List all policies in the namespace - check both ingress and egress
7kubectl get networkpolicy -n <ns> -o yaml
8 
9# Check for a default-deny policy (blocks everything unless explicitly allowed)
10kubectl get networkpolicy -n <ns> -o jsonpath='{range .items[?(@.spec.podSelector=={})]}{.metadata.name}{"\n"}{end}'
11```
12 
13**AKS network policy engine check:** Azure NPM (Azure CNI): `kubectl get pods -n kube-system -l k8s-app=azure-npm`. Calico: `kubectl get pods -n calico-system`.
14 
15Policy audit: source labels, destination labels, destination ingress rules, and source egress rules must all line up. With default-deny, explicitly allow UDP/TCP 53 to kube-dns.
16

Loading source

Preparing the source view

Pulling the file list, source metadata, and syntax-aware rendering for this listing.

Marketplace

Source from repo

Azure Diagnostics

Debug and troubleshoot Azure Container Apps and Function Apps using logs, KQL, and health checks.

microsoftGitHub microsoftOfficialSource repo Original GitHub link Publisher page

Files

Skill

n/a

Size

105.0 KB

Entrypoint

SKILL.md

Format

git-repo

Open file

troubleshooting/aks/network-policy.md

Syntax-highlighted preview of this file as included in the skill package.

Rendered Source

markdown16 linesFree

troubleshooting/aks/network-policy.md

1# Network Policy Troubleshooting
2 
3Use this guide when pod-to-pod or pod-to-service traffic is selectively blocked and the symptom points at ingress or egress filtering.
4 
5```bash
6# List all policies in the namespace - check both ingress and egress
7kubectl get networkpolicy -n <ns> -o yaml
8 
9# Check for a default-deny policy (blocks everything unless explicitly allowed)
10kubectl get networkpolicy -n <ns> -o jsonpath='{range .items[?(@.spec.podSelector=={})]}{.metadata.name}{"\n"}{end}'
11```
12 
13**AKS network policy engine check:** Azure NPM (Azure CNI): `kubectl get pods -n kube-system -l k8s-app=azure-npm`. Calico: `kubectl get pods -n calico-system`.
14 
15Policy audit: source labels, destination labels, destination ingress rules, and source egress rules must all line up. With default-deny, explicitly allow UDP/TCP 53 to kube-dns.
16