Ephemeral containers let you attach a temporary debug container to a running Pod without restarting it.
🟩 Step 1 — Create a Simple NGINX Pod (to Debug)
Create file nginx-ephemeral.yaml:
apiVersion: v1
kind: Pod
metadata:
name: nginx-ephemeral
labels:
app: nginx-ephemeral
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
Apply it:
kubectl apply -f nginx-ephemeral.yaml
🟩 Step 2 — Verify Pod Status
kubectl get pods -o wide
Expected:
nginx-ephemeral 1/1 Running 0 10s
Wait until ready (recommended):
kubectl wait --for=condition=Ready pod/nginx-ephemeral --timeout=60s
🟩 Step 3 — Launch an Ephemeral Debug Container
Use a debug image with complete tools (e.g., busybo…
Ephemeral containers let you attach a temporary debug container to a running Pod without restarting it.
🟩 Step 1 — Create a Simple NGINX Pod (to Debug)
Create file nginx-ephemeral.yaml:
apiVersion: v1
kind: Pod
metadata:
name: nginx-ephemeral
labels:
app: nginx-ephemeral
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
Apply it:
kubectl apply -f nginx-ephemeral.yaml
🟩 Step 2 — Verify Pod Status
kubectl get pods -o wide
Expected:
nginx-ephemeral 1/1 Running 0 10s
Wait until ready (recommended):
kubectl wait --for=condition=Ready pod/nginx-ephemeral --timeout=60s
🟩 Step 3 — Launch an Ephemeral Debug Container
Use a debug image with complete tools (e.g., busybox, ubuntu, distroless, nicolaka/netshoot).
Best option for debugging network and DNS:
kubectl debug -it nginx-ephemeral --image=nicolaka/netshoot --target=nginx
This creates a temporary container inside the same Pod namespace.
You will land inside the debug terminal:
bash-5.1#
🟩 Step 4 — Debug the Running NGINX Pod (Real-Time Tasks)
Now you can perform advanced debugging.
🔎 4.1 Check network connectivity inside Pod
curl http://localhost
Test cluster DNS:
nslookup kubernetes.default
Ping another Pod or Service:
ping google.com
🔎 4.2 Use tcpdump to analyze traffic
Extremely useful in firewall/VPC debugging
tcpdump -i any port 80 -n
🔎 4.3 Check open ports
netstat -tulnp
You should see:
tcp 0 0 0.0.0.0:80 LISTEN nginx
🔎 4.4 Check original container processes
ps aux
You will see:
- your debug container processes
- NGINX master + worker processes
🔎 4.5 Inspect filesystem shared with the original container
Because it’s the same Pod:
ls -l /usr/share/nginx/html
cat /etc/nginx/nginx.conf
🔎 4.6 Test outbound connectivity to external world
curl https://google.com
Check DNS resolution:
dig google.com
🟩 Step 5 — Exit the Ephemeral Debug Session
This removes only the terminal, not the debug container itself:
exit
The ephemeral container still exists until the Pod is deleted.
🟩 Step 6 — Confirm the Debug Container Is Attached
kubectl describe pod nginx-ephemeral
🟩 Step 7 — Cleanup (Optional)
kubectl delete pod nginx-ephemeral
🌟 Thanks for reading! If this post added value, a like ❤️, follow, or share would encourage me to keep creating more content.
— Latchu | Senior DevOps & Cloud Engineer
☁️ AWS | GCP | ☸️ Kubernetes | 🔐 Security | ⚡ Automation 📌 Sharing hands-on guides, best practices & real-world cloud solutions