Container Debug with Ephemeral Containers

Intermediate10 minTrending

Debug running containers by attaching an ephemeral debug shell or inspecting container internals without modifying the original image.

Prerequisites

-Docker installed
-A running container to debug

Steps

List running containers

Identify the container you want to debug.

$ docker ps --format 'table {{.ID}}\t{{.Names}}\t{{.Status}}\t{{.Image}}'

Exec into a running container

Open an interactive shell inside a running container.

$ docker exec -it <container-name> /bin/sh

Use /bin/sh if /bin/bash is not available (common in Alpine-based images).

Run a debug sidecar with full tools

Attach a debug container that shares the network and PID namespace of the target container.

$ docker run -it --rm --pid=container:<container-name> --net=container:<container-name> nicolaka/netshoot

nicolaka/netshoot includes curl, dig, nslookup, tcpdump, iptables, and many more network tools.

Copy files from a container for inspection

Extract files from a container to your local machine for analysis.

$ docker cp <container-name>:/app/logs/ ./debug-logs/

View container resource usage in real time

Monitor CPU, memory, and network I/O of running containers.

$ docker stats --format 'table {{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}'

Full Script

full-script.sh

#!/bin/bash
# Container Debug Workflow
set -euo pipefail

CONTAINER=${1:?"Usage: $0 <container-name>"}

echo "=== Container Info ==="
docker inspect "$CONTAINER" --format '{{.State.Status}} | Image: {{.Config.Image}} | PID: {{.State.Pid}}'

echo ""
echo "=== Container Logs (last 20 lines) ==="
docker logs --tail 20 "$CONTAINER"

echo ""
echo "=== Container Processes ==="
docker top "$CONTAINER"

echo ""
echo "=== Container Resource Usage ==="
docker stats --no-stream "$CONTAINER"

echo ""
echo "=== Debug Commands ==="
echo "Shell:     docker exec -it $CONTAINER /bin/sh"
echo "Netshoot:  docker run -it --rm --pid=container:$CONTAINER --net=container:$CONTAINER nicolaka/netshoot"
echo "Copy logs: docker cp $CONTAINER:/var/log/ ./container-logs/"

FAQ

Discussion

Loading comments...

#!/bin/bash # Container Debug Workflow set -euo pipefail CONTAINER=${1:?"Usage: $0 <container-name>"} echo "=== Container Info ===" docker inspect "$CONTAINER" --format '{{.State.Status}} | Image: {{.Config.Image}} | PID: {{.State.Pid}}' echo "" echo "=== Container Logs (last 20 lines) ===" docker logs --tail 20 "$CONTAINER" echo "" echo "=== Container Processes ===" docker top "$CONTAINER" echo "" echo "=== Container Resource Usage ===" docker stats --no-stream "$CONTAINER" echo "" echo "=== Debug Commands ===" echo "Shell: docker exec -it $CONTAINER /bin/sh" echo "Netshoot: docker run -it --rm --pid=container:$CONTAINER --net=container:$CONTAINER nicolaka/netshoot" echo "Copy logs: docker cp $CONTAINER:/var/log/ ./container-logs/"