pploug
3 months ago
Docker Debug was previously a paid-for feature, now available for free since v4.49
Debugging containers that have no shell
31 pointsposted 3 months ago
by pploug8 Comments
kunley
3 months ago
Please note the analogous mechanism on kubernetes ("ephemeral containers") works only with the pod's shareProcessNamespace: true setting, which is usually off. So you won't be able to do this out of the box with your deployment already running on a typical stack
dixie_land
3 months ago
this is not true, `kubectl debug` attaches to the namespace of a container of your choosing (`--target` argument). You don't have to enable process namespace sharing at the pod level
kunley
3 months ago
Last time I've checked, kubectl debug would not attach if namespace sharing wasn't enabled in the first place. Has it changed? What k8s version are you using?
PS. Even without checking again, it would be surprising if it changed. Even the official documentation is mentioning that this is needed
benterix
3 months ago
Does podman contain or plan to implement something similar? Seems very useful.
kitd
3 months ago
Not that I could find. There is always the option to use a sidecar container, eg:
https://matthewsanabria.dev/posts/no-shell-for-you-container...
https://iximiuz.com/en/series/mastering-container-debugging/
pella
3 months ago
Only for "Docker Desktop 4.49 and later"
wrxd
3 months ago
[dead]