![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 75%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,447 questions
@Sundar Pasupathy , thank you for your question.
While the ask is definitely understandable, the standard of utilities/command-line tools is very subjective when it comes to open source technologies (like Linux), varying across the needs of different use cases and different degrees of security concerns. Also different Linux distributions have different utilities to handle the same objective and not every user might be well versed with a particular distribution.
So ultimately, the responsibility of creating a reasonably secure container image with all required utilities lies with the user of the Kubernetes cluster.
For instance, you can set up your own Ubuntu debugging image as follows:
- Create a file
./Dockerfile. [Dockerfile reference]: FROM library/centos:7
RUN yum update -y
RUN yum install nmap git net-tools iproute -y # You can install more tools if you want to CMD ["bash"] - Build the container image: docker build -t <RegistryName>/<RepositoryName>:<tag> .
- Login to the Container Registry: docker login <registry-server>
- Push the container image: docker push <RegistryName>/<RepositoryName>:<tag>
From AKS v1.23 one can expect to be able to use ephemeral containers with Pods on-demand.
Pods are the fundamental building block of Kubernetes applications. Since Pods are intended to be disposable and replaceable, you cannot add a container to a Pod once it has been created. Instead, you usually delete and replace Pods in a controlled fashion using deployments.
Sometimes it's necessary to inspect the state of an existing Pod, however, for example to troubleshoot a hard-to-reproduce bug. In these cases you can run an ephemeral container in an existing Pod to inspect its state and run arbitrary commands. [Reference]
Debugging with an ephemeral debug container
FEATURE STATE:
Kubernetes v1.23 [beta]
Ephemeral containers (a container that you can run temporarily inside a Pod) are useful for interactive troubleshooting when kubectl exec is insufficient because a container has crashed or a container image doesn't include debugging utilities, such as with distroless images.
For examples please check here. You can also run kubectl debug --help.
Hope this helps.
Please "Accept as Answer" if it helped, so that it can help others in the community looking for help on similar topics.