Ephemeral containers let you attach a temporary debug container to a running Pod without restarting it.
π© Step 1 β Create a Simple NGINX Pod (to Debug)
Create file nginx-ephemeral.yaml:
apiVersion: v1
kind: Pod
metadata:
name: nginx-ephemeral
labels:
app: nginx-ephemeral
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
Apply it:
kubectl apply -f nginx-ephemeral.yaml
π© Step 2 β Verify Pod Status
kubectl get pods -o wide
Expected:
nginx-ephemeral 1/1 Running 0 10s
Wait until ready (recommended):
kubectl wait --for=condition=Ready pod/nginx-ephemeral --timeout=60s
π© Step 3 β Launch an Ephemeral Debug Container
Use a debug image with complete tools (e.g., busyboβ¦
Ephemeral containers let you attach a temporary debug container to a running Pod without restarting it.
π© Step 1 β Create a Simple NGINX Pod (to Debug)
Create file nginx-ephemeral.yaml:
apiVersion: v1
kind: Pod
metadata:
name: nginx-ephemeral
labels:
app: nginx-ephemeral
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
Apply it:
kubectl apply -f nginx-ephemeral.yaml
π© Step 2 β Verify Pod Status
kubectl get pods -o wide
Expected:
nginx-ephemeral 1/1 Running 0 10s
Wait until ready (recommended):
kubectl wait --for=condition=Ready pod/nginx-ephemeral --timeout=60s
π© Step 3 β Launch an Ephemeral Debug Container
Use a debug image with complete tools (e.g., busybox, ubuntu, distroless, nicolaka/netshoot).
Best option for debugging network and DNS:
kubectl debug -it nginx-ephemeral --image=nicolaka/netshoot --target=nginx
This creates a temporary container inside the same Pod namespace.
You will land inside the debug terminal:
bash-5.1#
π© Step 4 β Debug the Running NGINX Pod (Real-Time Tasks)
Now you can perform advanced debugging.
π 4.1 Check network connectivity inside Pod
curl http://localhost
Test cluster DNS:
nslookup kubernetes.default
Ping another Pod or Service:
ping google.com
π 4.2 Use tcpdump to analyze traffic
Extremely useful in firewall/VPC debugging
tcpdump -i any port 80 -n
π 4.3 Check open ports
netstat -tulnp
You should see:
tcp 0 0 0.0.0.0:80 LISTEN nginx
π 4.4 Check original container processes
ps aux
You will see:
- your debug container processes
- NGINX master + worker processes
π 4.5 Inspect filesystem shared with the original container
Because itβs the same Pod:
ls -l /usr/share/nginx/html
cat /etc/nginx/nginx.conf
π 4.6 Test outbound connectivity to external world
curl https://google.com
Check DNS resolution:
dig google.com
π© Step 5 β Exit the Ephemeral Debug Session
This removes only the terminal, not the debug container itself:
exit
The ephemeral container still exists until the Pod is deleted.
π© Step 6 β Confirm the Debug Container Is Attached
kubectl describe pod nginx-ephemeral
π© Step 7 β Cleanup (Optional)
kubectl delete pod nginx-ephemeral
π Thanks for reading! If this post added value, a like β€οΈ, follow, or share would encourage me to keep creating more content.
β Latchu | Senior DevOps & Cloud Engineer
βοΈ AWS | GCP | βΈοΈ Kubernetes | π Security | β‘ Automation π Sharing hands-on guides, best practices & real-world cloud solutions