Minimus images are built for security around the paradigm that production images, on principle, should not include a shell whenever possible. This paradigm requires a different approach when debugging. The solution will depend on your environment, whether Kubernetes or Docker, as detailed below.
Kubernetes environment
When there’s no shell…
Try to start a shell in your container
kubectl exec -it {container name} -- sh
Get an error
The error indicates that the executable file was not found.error: Internal error occurred: error executing command in container:
failed to exec in container: failed to start exec
"{container ID}": OCI runtime exec failed: exec failed: unable to start
container process: exec: "sh": executable file not found in $PATH:
unknown
Conclusion
The error indicates that your container does not have a shell.
Debugging with ephemeral containers
Ephemeral debug containers are the recommended method for debugging distroless containers in production. Ephemeral debug containers are used to temporarily attach to an existing Pod in order to troubleshoot and inspect running services. Learn more
Docker environment
When there’s no shell…
Try to start a shell in your container
docker exec -it {container ID} /bin/bash
Get an error
The error indicates that no such file or directory exists.OCI runtime exec failed: exec failed: unable to start container process:
exec: "/bin/bash": stat /bin/bash: no such file or directory: unknown
Conclusion
The error indicates that the container does not have a shell.
Mount a debugging container
You can mount debugging tools and take advantage of shared namespaces to use a docker exec command. Learn more
Another option is to use the Docker Debug utility. Docker Debug is available for signed-in Docker users with a paid, Pro, Team, or Business subscription (ref). Last modified on January 28, 2026
