๐Ÿ› Debugging Containers in Kubernetes

๐Ÿ” Introduction

Kubernetes provides a powerful command called kubectl debug that allows you to troubleshoot issues within running pods. It enables you to attach a temporary debugging container to an existing pod, giving you access to the podโ€™s environment without affecting the running application.

Slim containers are faster (less stuff to move around) and more secure. However, these benefits of slim containers come at a price - such containers lack (the much-needed at times) exploration and debugging tools. It might be quite challenging to tap into a container that was built from a distroless or slim base image

In this guide, we will learn how to debug a CoreDNS pod in the kube-system namespace using a BusyBox container.

namespace

โš™๏ธ Debugging CoreDNS

1๏ธโƒฃ Attaching a Debugging Container

๐Ÿ› ๏ธ Use the kubectl debug command to attach a debugging container:

kubectl debug -it <coredns-pod-name> --image=busybox:1.28 --target=coredns -n kube-system

exec-container

  • coredns-5bd47f77ff-npvsp: The name of the CoreDNS pod you want to debug.
  • --image=busybox:1.28: The temporary debugging container image.
  • --target=coredns: Targets the coredns container in the pod.
  • -n kube-system: Specifies the namespace where the CoreDNS pod is running.

๐Ÿ”„ After running this command, youโ€™ll be attached to the debugging container with an interactive shell.

2๏ธโƒฃ Inspecting the CoreDNS Pod

Once inside the debugging container, you can perform various commands to inspect the CoreDNS podโ€™s environment and files.

๐Ÿ”ธ Check Running Processes

# command to install ps in debian
apt-get update; apt-get install -y procps
ps

This command lists the running processes in the debugging container, helping you identify the services running in the pod.

๐Ÿ”ธ Inspect CoreDNS Configuration Navigate to the CoreDNS configuration directory in the podโ€™s filesystem:

ls -la /proc/1/root/etc/coredns/

/proc/1/root/: Refers to the root filesystem of the target container (CoreDNS in this case).

/etc/coredns/: The directory where CoreDNS configuration files, such as the Corefile, are stored.

๐Ÿ”ธ View the Corefile To examine the CoreDNS configuration file, use:

cat /proc/1/root/etc/coredns/Corefile

This will display the contents of the Corefile, which contains the DNS configuration for the cluster.

๐Ÿ›ก๏ธ Key Notes

1) Debugging Containers: * The debugging container runs alongside the targeted container in the pod. * It shares the same namespaces and volumes as the target container.

2) Read-Only Access: * Debugging containers often have read-only access to the target containerโ€™s filesystem to avoid unintended changes.

3) Cleaning Up: * Once youโ€™re done debugging, exit the container, and Kubernetes will automatically clean up the temporary debugging container.

๐Ÿ“ธ Visual Reference

container-commands

๐Ÿค” When to Use Debugging Containers?

  • Slim containers
  • Investigating Application Errors
  • Troubleshooting Network Connectivity Issues
  • Analyzing Resource Usage
  • Debugging Deployment Issues
  • Security Investigations
With the kubectl debug command, Kubernetes simplifies troubleshooting, allowing you to analyze and resolve issues efficiently! ๐Ÿš€

© 2025 Jatin Sharma. All rights reserved.