DEV Community

Cover image for ✅ Scenario #4 — Debugging with Ephemeral Debug Containers in Kubernetes
Latchu@DevOps
Latchu@DevOps

Posted on

✅ Scenario #4 — Debugging with Ephemeral Debug Containers in Kubernetes

#kubernetes #devops #cicd #containers

Ephemeral containers let you attach a temporary debug container to a running Pod without restarting it.

🟩 Step 1 — Create a Simple NGINX Pod (to Debug)

Create file nginx-ephemeral.yaml:

apiVersion: v1
kind: Pod
metadata:
  name: nginx-ephemeral
  labels:
    app: nginx-ephemeral
spec:
  containers:
    - name: nginx
      image: nginx:latest
      ports:
        - containerPort: 80
Enter fullscreen mode Exit fullscreen mode

Apply it:

kubectl apply -f nginx-ephemeral.yaml
Enter fullscreen mode Exit fullscreen mode

🟩 Step 2 — Verify Pod Status 

kubectl get pods -o wide
Enter fullscreen mode Exit fullscreen mode

Expected:

nginx-ephemeral   1/1   Running   0   10s
Enter fullscreen mode Exit fullscreen mode

Wait until ready (recommended):

kubectl wait --for=condition=Ready pod/nginx-ephemeral --timeout=60s
Enter fullscreen mode Exit fullscreen mode

1

🟩 Step 3 — Launch an Ephemeral Debug Container

Use a debug image with complete tools (e.g., busybox, ubuntu, distroless, nicolaka/netshoot).

Best option for debugging network and DNS:

kubectl debug -it nginx-ephemeral --image=nicolaka/netshoot --target=nginx
Enter fullscreen mode Exit fullscreen mode

This creates a temporary container inside the same Pod namespace.

You will land inside the debug terminal:

bash-5.1#
Enter fullscreen mode Exit fullscreen mode

2

🟩 Step 4 — Debug the Running NGINX Pod (Real-Time Tasks)

Now you can perform advanced debugging.

🔎 4.1 Check network connectivity inside Pod

curl http://localhost
Enter fullscreen mode Exit fullscreen mode

Test cluster DNS:

nslookup kubernetes.default
Enter fullscreen mode Exit fullscreen mode

Ping another Pod or Service:

ping google.com
Enter fullscreen mode Exit fullscreen mode

4

🔎 4.2 Use tcpdump to analyze traffic

Extremely useful in firewall/VPC debugging

tcpdump -i any port 80 -n
Enter fullscreen mode Exit fullscreen mode

🔎 4.3 Check open ports

netstat -tulnp
Enter fullscreen mode Exit fullscreen mode

You should see:

tcp 0 0 0.0.0.0:80  LISTEN nginx
Enter fullscreen mode Exit fullscreen mode

5

🔎 4.4 Check original container processes

ps aux
Enter fullscreen mode Exit fullscreen mode

You will see:

  • your debug container processes
  • NGINX master + worker processes

6

🔎 4.5 Inspect filesystem shared with the original container

Because it's the same Pod:

ls -l /usr/share/nginx/html
cat /etc/nginx/nginx.conf
Enter fullscreen mode Exit fullscreen mode

🔎 4.6 Test outbound connectivity to external world

curl https://google.com
Enter fullscreen mode Exit fullscreen mode

Check DNS resolution:

dig google.com
Enter fullscreen mode Exit fullscreen mode

7

🟩 Step 5 — Exit the Ephemeral Debug Session

This removes only the terminal, not the debug container itself:

exit
Enter fullscreen mode Exit fullscreen mode

The ephemeral container still exists until the Pod is deleted.

🟩 Step 6 — Confirm the Debug Container Is Attached 

kubectl describe pod nginx-ephemeral
Enter fullscreen mode Exit fullscreen mode

🟩 Step 7 — Cleanup (Optional) 

kubectl delete pod nginx-ephemeral
Enter fullscreen mode Exit fullscreen mode

🌟 Thanks for reading! If this post added value, a like ❤️, follow, or share would encourage me to keep creating more content.

— Latchu | Senior DevOps & Cloud Engineer

☁️ AWS | GCP | ☸️ Kubernetes | 🔐 Security | ⚡ Automation
📌 Sharing hands-on guides, best practices & real-world cloud solutions

Top comments (0)