DEV Community

Dmitry Romanoff
Dmitry Romanoff

Posted on

Ephemeral Containers

#kubernetes #devops #ephemeral #distroless

In this blog I want to talk about ephemeral containers.

Ephemeral containers: a special type of container that runs temporarily in an existing Pod to accomplish user-initiated actions such as troubleshooting. You use ephemeral containers to inspect services rather than to build applications.

Ephemeral containers are useful for debugging and for interactive troubleshooting when kubectl exec is insufficient because a container has crashed or a container image doesn't include debugging utilities.

Ephemeral containers share process namespaces and resources with the pod. They are especially useful for lightweight distroless containers.

Ephemeral container:

  • live until exit
  • never auto restarts
  • does not have ports, livenessProbe, readinessProbe
  • immutable - resources setting not allowed

Deploy PostgreSQL in Kubernetes:

See my blog

Make sure the PostgreSQL pod is running:

kubectl get pods
NAME                        READY   STATUS    RESTARTS       AGE
postgres-5c7d8b656d-xj5b2   1/1     Running   1 (7m2s ago)   45h
Enter fullscreen mode Exit fullscreen mode

Get container name(s), image for each pod in the k8s cluster:

kubectl get pods -o=custom-columns=PodName:.metadata.name,Containers:.spec.containers[*].name,Image:.spec.containers[*].image

PodName                     Containers                  Image
postgres-5c7d8b656d-xj5b2   postgres                    postgres:latest
Enter fullscreen mode Exit fullscreen mode

Here is example how to run ephemeral container with a busybox shell to debug our pod postgres-5c7d8b656d-xj5b

kubectl debug -it postgres-5c7d8b656d-xj5b2 --image=busybox --target=postgres
Enter fullscreen mode Exit fullscreen mode

This command adds a new busybox container and attaches to it. The --target parameter targets the process namespace of another container.

Now we can see processes from the “original” pod that are sharing the same namespace.

/ # ps aux
PID   USER     TIME  COMMAND
    1 999       0:00 postgres
   26 999       0:00 postgres: checkpointer
   27 999       0:00 postgres: background writer
   29 999       0:00 postgres: walwriter
   30 999       0:00 postgres: autovacuum launcher
   31 999       0:00 postgres: logical replication launcher
   46 root      0:00 sh
   52 root      0:00 ps aux
   …
Enter fullscreen mode Exit fullscreen mode

The ephemeral container is running in the same network context as the “original” container. It allows us to inspect what is going on inside of this pod from its network perspective, run ping, etc.

/ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=114 time=16.472 ms
64 bytes from 8.8.8.8: seq=1 ttl=114 time=16.484 ms
…
Enter fullscreen mode Exit fullscreen mode

Here is example how to run ephemeral container with a ubuntu injected to debug our pod postgres-5c7d8b656d-xj5b

kubectl debug -it postgres-5c7d8b656d-xj5b2 --image=ubuntu --target=postgres

apt-get update

apt-get install -y tcpdump
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

bbylumi profile image

The Sweet Taste of Victory!

OLUWAPELUMI -

ervin_szilagyi profile image

Terragrunt for Multi-Region/Multi-Account Deployments

Ervin Szilagyi -

piyushsachdeva profile image

Top 3 Cloud and DevOps Projects To Supercharge Your Resume

piyushsachdeva -

akpevwe11 profile image

Demystify google search

Akpevwe11 -