u/GGOSRS

1. Outside of debugging policy because live traffic is failing, are pre-flight checks common?
2. What are you using besides manually reading yaml?
3. What are some common reasons?

The only scenarios I can think of are:
new deployment. Need to make sure it won't be blocked.
Audit/Cleanup.

Not trying to dodge the "new tool" thread. Fully understand if this is deleted by mods.

Hoping to find a few people to test my module so I can figure out 3 main things.

1. edge cases I missed
2. is it actually useful
3. where it falls short

Comment or msg me if interested and I'll send you the repo link.

What it's purpose?:
debug the exact reason A -> B is failing in under 60 seconds using only information exposed by the Kubernetes API or your pod.

Isn't that just kubectl ?
Yes but with a deterministic diagnostic engine capable of telling you things like:

>Primary issue: Cilium egress policy does not allow the tested target Service.
Source: client-dev/client-55d9bd6876-snjxk
Target Service: app/web
Policy/policies: client-dev/service-label-mismatch
Why it failed: egress toServices.k8sServiceSelector does not match the tested target Service. Target service 'app/web' has app=web, which is not allowed by the policy selector.

it only requires kubectl and powershell. There's no other dependencies, AI or outside nonsense.

I've got a workflow for troubleshooting network stuff but not sure how useful it actually is on a day to day. Any thoughts?

• Kubernetes API/server reachability
• Node readiness/cluster health
• Namespace/resource existence checks
• Pod deployment/scheduling status
• CNI/network overlay validation
• Service existence and selector validation
• Endpoint/EndpointSlice population
• CoreDNS health validation
• DNS resolution inside cluster
• Pod-to-Pod connectivity
• Pod-to-Service connectivity
• kube-proxy health/rules validation
• NetworkPolicy detection/checks
• NodePort/LoadBalancer reachability
• Ingress/path testing (optional)
• Route/table/interface inspection