Different ways to debug your Kubernetes apps

To learn about the different ways to debug your Kubernetes applications

This blog will briefly discuss what I typically use for debugging Kubernetes apps. I hope you will find it helpful too.

Exploring different ways to debug Kubernetes apps

In this section, we will be going through some of the ways like kubectl exec, sharing namespaces, and ephemeral containers to debug k8s applications.

Using plain old “exec”

# exec-demo.yaml
apiVersion: v1
kind: Pod
metadata:
  name: exec-demo
  labels:
     app: nginx
spec:
  containers:
  - name: nginx
    image: teamcloudyuga/nginx:alpine
    ports:
    - containerPort: 80
kubectl apply -f exec-demo.yaml
kubectl get pods
kubectl exec -it -c nginx exec-demo -- ls

This approach will not work for environments where exec is disabled or for container images without a shell.

Let’s look at other approaches.

Using a sidecar

Enable process namespace sharing so that you can view processes in the app container from your debug container. You’ll generally need this for debugging.

  • An example POD YAML using a sidecar image with network debugging tools.
# pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: nginx-demo
spec:
  shareProcessNamespace: true
  containers:
  - name: nginx
    image: bitnami/nginx
  - name: debug
    image: wbitt/network-multitool
    securityContext:
      capabilities:     
        add: ["NET_ADMIN"]  
kubectl apply -f pod.yaml
kubectl get pods

Using ephemeral containers

This is the latest Kubernetes feature and the most preferred.

You can create a debug container on the fly without pre-provisioning a sidecar. More details are available in the official documentation.

  • Let’s see this in action. In the following example, I will create a debug container with perf tools.
# nginx-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
spec:
  shareProcessNamespace: true  
  containers:
  - name: nginx
    image: bitnami/nginx
kubectl apply -f nginx-pod.yaml
kubectl get pods
  • Now I will create an ephemeral container by using kubectl debug
kubectl debug --image=quay.io/bpradipt/perf-amd64 -it --share-processes=true nginx-pod -- /bin/bash

Now you can perform your debugging tasks.

If you are wondering what’s happening behind the scenes, then the best place to look at is the POD spec — kubectl get pod nginx -o yaml

kubectl get pod nginx-pod -o yaml

You’ll see a new section added for ephemeral containers, as shown below:

...  
  ephemeralContainers:
  - command:
    - /bin/bash
    image: quay.io/bpradipt/perf-amd64
    imagePullPolicy: Always
    name: debugger-mxtpf
    resources: {}
    stdin: true
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    tty: true
...
  • You can also create an entirely new debug POD as shown below:
kubectl debug --image=quay.io/bpradipt/perf-amd64 -it --share-processes=true --copy-to=debug-nginx nginx-pod -- /bin/bash

You’ll see a new debug POD created.

kubectl get pods

  I’m sure you’ll find ephemeral containers handy for debugging.

Conclusion

In this blog, we have explored different ways to debug the Kubernetes applications and the most efficient way is to use ephemeral containers for it.

Join Our Newsletter

Share this article:

Oshi Gupta

Oshi Gupta

All Posts
Table of Contents

Want to Master your Cloud Career ?

Show me How

We are on a mission to empower careers and uplift businesses through modern cloud education, ensuring excellence in today’s digital landscape.

GitHub Rss

Company

Resources

Subscribe to Newsletter

© Copyright CloudYuga 2023. All rights reserved.

Terms & Conditions

Privacy Policy

Refund Policy