Kubernetes - Ephemeral containers

Pods are fundamental units in kubernetes. All applications that we run inside a container run inside a Pod. Many times developers build containers with small base images, most of the times with distroless images based on slimmed versions of distributions. These images will not have a package manager or shell. Only the application and its dependencies are packed and run as containers.

Things go well with the above packed containers until issues come. These issues can be application issues and troubleshooting them can be hard as we don’t have any tools to troubleshoot or package manager to install these tools. The only way is to rebuild the image with troubleshooting tools and re-run the application to troubleshoot the issue. 

Another option provided by Docker is to attach a container to the existing application container on the same network and use the tools available. For instance, we can attach a container which has troubleshooting tools to an application container on the same network space and use tools to troubleshoot things. This is the same concept for Ephemeral containers.

We create a container image with all troubleshooting tools and when needed for debugging, we can deploy this ephemeral container into a running pod and troubleshoot things. Ephemeral containers are an alpha feature in Kubernetes 1.22, so the official recommendation is not to use it in production environments.

In this article, we will see how to use ephemeral containers for debugging things in a running container of pod. 

A simple pod with a ubuntu container looks as below,

[root@ec2-3-138-100-101 ~]# cat ephemeral-example.yml 

apiVersion: v1

kind: Pod

metadata:

  name: single-pod

  labels:

    env: dev

spec:

  containers:

  - name: testing-service

    image: ubuntu

    command: [ "/bin/bash", "-c", "--" ]

    args: [ "while true; do sleep 30; done;" ]

Run the “kubectl create -f ephemeral-example.yml” to create the pod. Now consider for instance we want to test the internet from this container in the pod as below,

We can see that the ping command is not available to troubleshoot our network issues. Now lets create a ephemeral container and attach to this running pod single-pod as below,

[root@ec2-3-138-100-101 ~]# kubectl debug -it single-pod --image=alpine:latest --target=testing-service

In the above command, iam running a ephemeral container with image alpine:latest and attaching to the pod single-pod and to container testing-service running inside the single-pod. Once the ephemeral container is added to the running testing-service container, we can use the ping tool to perform our troubleshooting as below,

Now if come out the command prompt by pressing CTRL P+Q , and describe the pod we can see new entries as Ephemeral container as below,

This is how Ephemeral containers work. We Can create a container image which contains all troubleshooting tools and use when we need to troubleshoot the application containers as above.

Hope this helps you in understanding Ephemeral Containers.