Seeing is Believing: Debugging with Ephemeral Containers


Authors:   Aaron Alpar


The presentation discusses the use of ephemeral containers for debugging running pods in Kubernetes clusters.
  • Ephemeral containers allow for dynamic deployment of a container that shares pod resources
  • They use Linux namespaces to share network and process resources for debugging
  • Ephemeral containers provide privileged access to pods for complete debugging capabilities
  • They also allow for running commands like ls and ps in containers for easier debugging
  • Ephemeral containers can remain listed in the pod after exiting with an exit status
  • Restarting the pod will remove any ephemeral containers
The speaker demonstrated the use of privileged containers for complete debugging access, including the ability to use s trace and view network resources. They also discussed the benefits of using ephemeral containers for running commands like ls and ps without needing all the tools required within the container itself.


Most Kuberrnetes developers are familiar with the painful process of debugging a pod within a cluster. Fortunately, a new, cutting-edge approach — ephemeral containers — simplifies debugging running pods and more! With ephemeral containers, you can dynamically deploy a container that shares pod resources. These containers use Linux namespaces to share network and process resources so debugging can occur using a container image of your choosing. During this talk, Aaron will cover the what, why and how of ephemeral containers, and the underlying mechanics that make ephemeral containers useful for debugging and testing.Click here to view captioning/translation in the MeetingPlay platform!