{"id":481734,"date":"2022-08-06T11:04:34","date_gmt":"2022-08-06T08:04:34","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-to-investigate-kubernetes-container-issues-with-kubectl-debug\/"},"modified":"2022-08-06T11:04:34","modified_gmt":"2022-08-06T08:04:34","slug":"how-to-investigate-kubernetes-container-issues-with-kubectl-debug","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-to-investigate-kubernetes-container-issues-with-kubectl-debug\/","title":{"rendered":"#How to Investigate Kubernetes Container Issues With \u201cKubectl Debug\u201d"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a253d036ad02\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a253d036ad02\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-investigate-kubernetes-container-issues-with-kubectl-debug\/#%E2%80%9CHow_to_Investigate_Kubernetes_Container_Issues_With_%E2%80%9CKubectl_Debug%E2%80%9D%E2%80%9D\" >&#8220;How to Investigate Kubernetes Container Issues With \u201cKubectl Debug\u201d&#8221;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-investigate-kubernetes-container-issues-with-kubectl-debug\/#Preparing_to_Use_Kubectl_Debug\" >Preparing to Use Kubectl Debug<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-investigate-kubernetes-container-issues-with-kubectl-debug\/#Using_Kubectl_Debug\" >Using Kubectl Debug<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-investigate-kubernetes-container-issues-with-kubectl-debug\/#Copying_Pods\" >Copying Pods<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-investigate-kubernetes-container-issues-with-kubectl-debug\/#Optional_Arguments\" >Optional Arguments<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-investigate-kubernetes-container-issues-with-kubectl-debug\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CHow_to_Investigate_Kubernetes_Container_Issues_With_%E2%80%9CKubectl_Debug%E2%80%9D%E2%80%9D\"><\/span>&#8220;How to Investigate Kubernetes Container Issues With \u201cKubectl Debug\u201d&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div>\n<img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage alignnone size-full wp-image-803403\" data-pagespeed-no-defer=\"\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/05\/Kubernetes.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Kubernetes logo\" width=\"1602\" height=\"902\"\/><\/p>\n<p>It can be tricky to diagnose problems with running Kubernetes workloads. You might be lucky and find the cause in your <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lication\u2019s logs, via the <code>kubectl logs<\/code> command. In some cases there\u2019s no avoiding a live debugging session though, where you interactively engage with your Pods to uncover issues.<\/p>\n<p>The <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/kubernetes.io\/docs\/tasks\/debug\/debug-application\/debug-running-pod\"><code>kubectl debug<\/code> command<\/a> simplifies these debugging tasks by providing a new ephemeral container inside your Pod. This can be used to inspect the Pod\u2019s environment so you can start troubleshooting problems that are surfacing in your existing containers.<\/p>\n<h2 id=\"preparing-to-use-kubectl-debug\"><span class=\"ez-toc-section\" id=\"Preparing_to_Use_Kubectl_Debug\"><\/span>Preparing to Use Kubectl Debug<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><code>kubectl debug<\/code> was launched with v1.18 of Kubernetes and Kubectl. It relies on <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/kubernetes.io\/docs\/concepts\/workloads\/pods\/ephemeral-containers\">ephemeral containers<\/a> being available in your cluster. Ephemeral containers became a beta feature in Kubernetes v1.23 and are now enabled by default. You\u2019ll need to manually enable the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/kubernetes.io\/docs\/reference\/command-line-tools-reference\/feature-gates\">feature gate<\/a> if your cluster runs an older Kubernetes version.<\/p>\n<p>Ephemeral containers are designed for transitory tasks where you need to temporarily connect an extra container to an existing Pod. This is ideal for debugging operations where you want to accurately inspect a Pod without affecting live container instances.<\/p>\n<p>Most container images lack debugging tools; installing them within a running container would mutate its environment and potentially cause side effects. Attaching an ephemeral container to your Pod is a safer way to debug that gives you a clean working environment. You can use a heavier image that includes all the tools you need.<\/p>\n<p>Although ephemeral containers become part of their host Pod, there are still some differences to be aware of. Ephemeral containers don\u2019t support port binds, probes, or resource reservations as they\u2019re only temporary in nature. They\u2019ll never be automatically restarted and can\u2019t be changed once they\u2019ve been created. A complete list of supported capabilities is available <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/kubernetes.io\/docs\/reference\/generated\/kubernetes-api\/v1.24\/#ephemeralcontainer-v1-core\">in the documentation<\/a>.<\/p>\n<h2 id=\"using-kubectl-debug\"><span class=\"ez-toc-section\" id=\"Using_Kubectl_Debug\"><\/span>Using Kubectl Debug<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Before continuing, create a basic deployment to use for testing purposes:<\/p>\n<pre>$ kubectl create deployment nginx --image=nginx:latest&#13;\ndeployment.apps\/nginx created<\/pre>\n<p>Next use the <code>get pods<\/code> command to find the name of your deployment\u2019s Pod:<\/p>\n<pre>$ kubectl get pods&#13;\nNAME                     READY   STATUS    RESTARTS   AGE&#13;\nnginx-55649fd747-qsnr2   1\/1     Running   0          5s<\/pre>\n<p>Our deployment\u2019s Pod is called <code>nginx-55649fd747-qsnr2<\/code>.<\/p>\n<p>Now you can use the <code>kubectl debug<\/code> command to start a debugging session inside your Pod:<\/p>\n<pre>$ kubectl debug -it --image=ubuntu:20.04 nginx-55649fd747-qsnr2<\/pre>\n<p>The command\u2019s syntax is similar to a hybrid of <code>kubectl create<\/code> and <code>kubectl debug<\/code>. The unnamed argument supplied to the command identifies an existing Pod to attach to. The <code>--image<\/code> argument specifies the image to use for the new container. We\u2019re using <code>ubuntu:20.04<\/code> here to obtain access to the familiar commands included in the Ubuntu Linux distribution.<\/p>\n<p>The <code>-it<\/code> flag is equivalent to <code>--stdin --tty<\/code>. Including these arguments will allocate a TTY to the container, attach to it, and connect your terminal\u2019s stdin stream. This gives you an interactive shell inside your new container.<\/p>\n<p>Now you can carry out your debugging tasks from within your ephemeral container.<\/p>\n<h2 id=\"copying-pods\"><span class=\"ez-toc-section\" id=\"Copying_Pods\"><\/span>Copying Pods<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Another way to use <code>kubectl debug<\/code> is with a <code>--copy-to<\/code> argument. This creates a copy of the target Pod and adds the ephemeral container to the copy. The original Pod is left intact.<\/p>\n<pre>$ kubectl debug -it --image=ubuntu:20.04 --copy-to nginx-debug nginx-555649fd747-qsnr2<\/pre>\n<p>This feature gives you even greater assurance that changes made during debugging won\u2019t directly impact your production application.<\/p>\n<p>Copying the Pod also lets you activate process namespace sharing. This makes the existing processes in your Pod visible to your ephemeral container. It can\u2019t be used with existing containers as their <code>spec.shareProcessNamespace<\/code> field will usually be set to <code>false<\/code>. Running <code>kubectl debug<\/code> with the <code>--copy-to<\/code> and <code>--share-processes<\/code> flag will enable process sharing on the copied Pod, making this procedure much more intuitive:<\/p>\n<pre>$ kubectl debug -it --image=ubuntu:20.04 --copy-to nginx-debug --share-processes nginx-555649fd747-qsnr2<\/pre>\n<p>The process list visible to your ephemeral Ubuntu container will now include an NGINX process:<\/p>\n<pre>$ ps ax&#13;\nPID   USER     TIME  COMMAND&#13;\n    1 root      0:00 \/pause&#13;\n    9 root      0:00 nginx: master process nginx -g daemon off;<\/pre>\n<p>This process is still running in the separate NGINX container within your Pod. Namespace sharing also provides access to the target container\u2019s filesystem via <code>\/proc<\/code>:<\/p>\n<pre>$ ls \/proc\/9\/root\/etc\/nginx&#13;\nconf.d fastcgi_params mime.types modules nginx.conf ...<\/pre>\n<p>Copying the Pod in this way is therefore a powerful debugging tool. You can readily inspect the Pod\u2019s files and processes using a separate container that\u2019s prepared with familiar tools.<\/p>\n<h2 id=\"optional-arguments\"><span class=\"ez-toc-section\" id=\"Optional_Arguments\"><\/span>Optional Arguments<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The <code>--copy-to<\/code> flag always leaves the original Pod intact by default. You can make the operation act as a replacement instead using <code>--replace<\/code>. This will stop the first Pod.<\/p>\n<pre>$ kubectl debug -it --image=ubuntu:20.04 --copy-to nginx-debug --replace nginx-555649fd747-qsnr2<\/pre>\n<p>Kubernetes will schedule the copied Pod to any available Node. This can be problematic if you want to ensure a consistent test environment. Adding <code>--same-node<\/code> will schedule the copy to the existing Pod\u2019s Node, eliminating any differences that may exist between machines in your cluster.<\/p>\n<pre>$ kubectl debug -it --image=ubuntu:20.04 --copy-to nginx-debug --same-node nginx-555649fd747-qsnr2<\/pre>\n<p>Another useful option is <code>--env<\/code> to set extra environment variables inside your ephemeral container. You may need to use this to configure debugging tools or override values inherited from your target Pod.<\/p>\n<pre>$ kubectl debug -it --image=ubuntu:20.04 --copy-to nginx-debug --env EDITOR=\/usr\/bin\/nano nginx-555649fd747-qsnr2<\/pre>\n<p>Finally, remember that containers created by <code>kubectl debug<\/code> don\u2019t have to be interactive. You can easily run one-off commands against your Pods using <code>kubectl exec<\/code>-like syntax. The <code>--attach<\/code> argument is supported to control whether your shell\u2019s connected to the container when you\u2019re not running with <code>-i<\/code> (<code>--stdin<\/code>).<\/p>\n<pre>$ kubectl debug --image=ubuntu:20.04 --copy-to nginx-debug --share-processes --attach true nginx-555649fd747-qsnr2 -- ls \/proc\/9\/root\/etc\/nginx&#13;\nconf.d fastcgi_params mime.types modules nginx.conf ...<\/pre>\n<h2 id=\"conclusion\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Ephemeral containers and the <code>kubectl debug<\/code> command provide a simplified debugging experience for Kubernetes workloads. You can run commands inside a Pod using a different image to your regular containers. This lets you access debugging tools that aren\u2019t included in your application\u2019s image.<\/p>\n<p><code>kubectl debug<\/code> can also create copies of Pods and share their processes with the original. This mechanism lets you inspect the processes in the target Pod\u2019s containers, from a separate ephemeral container that you\u2019ve got full control over. It provides more advanced debugging options when you need to interrogate running processes.<\/p>\n<\/div>\n<p><script>\n setTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s) } (window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n   fbq('init', '335401813750447');\n   fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.howtogeek.com\/devops\/how-to-investigate-kubernetes-container-issues-with-kubectl-debug\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;How to Investigate Kubernetes Container Issues With \u201cKubectl Debug\u201d&#8221; It can be tricky to diagnose problems with running Kubernetes workloads. You might be lucky and find the cause in your application\u2019s logs, via the kubectl logs command. In some cases there\u2019s no avoiding a live debugging session though, where you interactively engage with your Pods&#8230;<\/p>\n","protected":false},"author":1,"featured_media":481735,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/05\/Kubernetes.jpg?height=200p&trim=2,2,2,2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-481734","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/481734","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=481734"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/481734\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/481735"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=481734"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=481734"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=481734"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}