Kubernetes debug

how to debug application running in kubernetes?

access running container

get a shell inside the running container.

kubectl exec my-app -ti -- /bin/sh

debug container

A (productive) container should only contain the bare minimum of software required to run the application. It should not contain a debugger, etc. There are specialized images that do not even contain a shell (mainly for golang based software) and small java runtime images. We are not there yet (and might never go there), but even our fat aco/base image is not complete.

Don't build an image containing gdb just in case you might want to debug it. Build a second image containing everything you need and attach it to the running pod.

For example attach a second busybox to a running application pod (my-app).

kubectl debug my-app -c my-container --image=busybox:1.28 -it

(if there is only one container inside the pod we can leave out -c my-container)

external access to ports

KubernetesServices explains how to expose as a regular service.

But maybe we want to access a port temporarily while we poke around in our setup. For example we want to connect a jconsole to a running java process. For debug purposes we can forward local port via kubectl. With the example of the http-echo service we can access the port 80 from outside using

[handel@asl503 k8s]$ kubectl port-forward pod/ch-echo 8080:80
Forwarding from 127.0.0.1:8080 -> 80

now a curl/wget to localhost:8080 will end up inside the pod port 80.

If we want to expose the port for anyone we can use

[handel@asl503 k8s]$ kubectl port-forward pod/ch-echo --address 0.0.0.0 8080:80
Forwarding from 0.0.0.0:8080 -> 80

But be aware of security implications if you expose internal pods to external access.

-- ChristophHandel - 25 May 2022