✅ Scenario #4 — Debugging with Ephemeral Debug Containers in Kubernetes

✅ Scenario #4 — Debugging with Ephemeral Debug Containers in Kubernetes

Ephemeral containers let you attach a temporary debug container to a running Pod without restarting it.

Create file nginx-ephemeral.yaml: 

apiVersion: v1 kind: Pod metadata: name: nginx-ephemeral labels: app: nginx-ephemeral spec: containers: - name: nginx image: nginx:latest ports: - containerPort: 80

Apply it: 

kubectl apply -f nginx-ephemeral.yaml

🟩 Step 2 — Verify Pod Status 

kubectl get pods -o wide

Expected: 

nginx-ephemeral 1/1 Running 0 10s

Wait until ready (recommended): 

kubectl wait --for=condition=Ready pod/nginx-ephemeral --timeout=60s

1

🟩 Step 3 — Launch an Ephemeral Debug Container

Use a debug image with complete tools (e.g., busybox, ubuntu, distroless, nicolaka/netshoot).

Best option for debugging network and DNS: 

kubectl debug -it nginx-ephemeral --image=nicolaka/netshoot --target=nginx

This creates a temporary container inside the same Pod namespace.

You will land inside the debug terminal: 

bash-5.1#

2

🟩 Step 4 — Debug the Running NGINX Pod (Real-Time Tasks)

Now you can perform advanced debugging.

🔎 4.1 Check network connectivity inside Pod 

curl http://localhost

Test cluster DNS: 

nslookup kubernetes.default

Ping another Pod or Service: 

ping google.com

4

🔎 4.2 Use tcpdump to analyze traffic

Extremely useful in firewall/VPC debugging 

tcpdump -i any port 80 -n

🔎 4.3 Check open ports 

netstat -tulnp

You should see: 

tcp 0 0 0.0.0.0:80 LISTEN nginx

5

🔎 4.4 Check original container processes 

ps aux

You will see:

  • your debug container processes
  • NGINX master + worker processes

6

🔎 4.5 Inspect filesystem shared with the original container

Because it’s the same Pod: 

ls -l /usr/share/nginx/html cat /etc/nginx/nginx.conf

🔎 4.6 Test outbound connectivity to external world 

curl https://google.com

Check DNS resolution: 

dig google.com

7

🟩 Step 5 — Exit the Ephemeral Debug Session

This removes only the terminal, not the debug container itself: 

exit

The ephemeral container still exists until the Pod is deleted.

🟩 Step 6 — Confirm the Debug Container Is Attached 

kubectl describe pod nginx-ephemeral

🟩 Step 7 — Cleanup (Optional) 

kubectl delete pod nginx-ephemeral

🌟 Thanks for reading! If this post added value, a like ❤️, follow, or share would encourage me to keep creating more content.

— Latchu | Senior DevOps & Cloud Engineer

☁️ AWS | GCP | ☸️ Kubernetes | 🔐 Security | ⚡ Automation
📌 Sharing hands-on guides, best practices & real-world cloud solutions

Source: DEV Community.

almond

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.