[SOLVED] Debug Alpine Image in K8s: No `netstat`, no `ip`, no `apk`

Debug Alpine Image in K8s: No `netstat`, no `ip`, no `apk`

There is a container in my Kubernetes cluster which I want to debug.

But there is nonetstat, no ip and no apk.

Is there a way to upgrade this image, so that the common tools are installed?

In this case it is the nginx container image in a K8s 1.23 cluster.

Solution

Alpine is a stripped-down version of the image to reduce the footprint. So the absence of those tools is expected. Although since Kubernetes 1.23, you can use the kubectl debug command to attach a debug pod to the subject pod. Syntax:

kubectl debug -it <POD_TO_DEBUG> --image=ubuntu --target=<CONTAINER_TO_DEBUG> --share-processes

Example: In the below example, the ubuntu container is attached to the Nginx-alpine pod, requiring debugging. Also, note that the ps -eaf output shows nginx process running and the cat /etc/os-release shows ubuntu running. The indicating process is shared/visible between the two containers.

ps@kube-master:~$ kubectl debug -it nginx --image=ubuntu --target=nginx --share-processes
Targeting container "nginx". If you don't see processes from this container, the container runtime doesn't support this feature.
Defaulting debug container name to debugger-2pgtt.
If you don't see a command prompt, try pressing enter.
root@nginx:/# ps -eaf
UID          PID    PPID  C STIME TTY          TIME CMD
root           1       0  0 19:50 ?        00:00:00 nginx: master process nginx -g daemon off;
101           33       1  0 19:50 ?        00:00:00 nginx: worker process
101           34       1  0 19:50 ?        00:00:00 nginx: worker process
101           35       1  0 19:50 ?        00:00:00 nginx: worker process
101           36       1  0 19:50 ?        00:00:00 nginx: worker process
root         248       0  1 20:00 pts/0    00:00:00 bash
root         258     248  0 20:00 pts/0    00:00:00 ps -eaf
root@nginx:/#

Debugging as ubuntu as seen here, this arm us with all sort of tools:

root@nginx:/# cat /etc/os-release
NAME="Ubuntu"
VERSION="20.04.3 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.3 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
root@nginx:/#

In case ephemeral containers need to be enabled in your cluster, then you can enable it via feature gates as described here.