How to debug a pod

kubectl debug
Terminal window
kubectl debug <pod-id> -ti --image=nicolaka/netshoot --target=<pod-name> --profile=sysadmin

Check list

  1. Check open connections (signs of saturation)
Terminal window
ss -s                          # quick summary (states: ESTAB, TIME-WAIT, SYN-RECV)
ss -tuna | grep 8080 | wc -l   # total connections to the app port
ss -tuna | grep SYN_RECV       # half-open connections (possible overload)
ss -tuna | grep TIME_WAIT | wc -l  # connections closing slowly
  1. Check for socket leaks or system limits
Terminal window
cat /proc/sys/net/ipv4/ip_local_port_range
cat /proc/sys/net/ipv4/tcp_fin_timeout
cat /proc/sys/net/ipv4/tcp_tw_reuse
ulimit -n                      # file descriptor limit
  1. Test local endpoint (no network involved)
Terminal window
# If this is slow, the issue is inside the container, not the network.
time curl -v http://127.0.0.1:8080/health
time curl -v http://127.0.0.1:8080/predict
  1. Test access from another service (within the cluster)
Terminal window
# If this is slow but the local one isn’t, it’s a network or connection bottleneck.
time curl -v http://<service>:<port>/status
  1. Monitor process usage (signs of CPU/memory saturation)
Terminal window
ps auxf | grep python
top -p <PID>
cat /proc/<PID>/status | egrep 'Threads|VmRSS'
  1. If you suspect too many client connections
Terminal window
lsof -p <PID> | grep TCP | wc -l
netstat -anp | grep 8080 | grep ESTAB | wc -l
  1. Check if real traffic is reaching and its volume
Terminal window
# Measures if requests are actually arriving when latency increases.
tcpdump -i any -nn port 8080 -c 100
  1. (optional) Inspect specific connections
Terminal window
ss -tp state established | grep <service-name>
  1. Bonus: use watch
Terminal window
watch -n1 ss -s