Minimus images are built for security around the paradigm that production images, on principle, should not include a shell whenever possible. This paradigm requires a different approach when debugging. The solution will depend on your environment, whether Kubernetes or Docker, as detailed below.

Kubernetes environment

When there’s no shell…

1

Try to start a shell in your container

kubectl exec -it {container name} -- sh
2

Get an error

The error indicates that the executable file was not found.

error: Internal error occurred: error executing command in container: failed to exec in container: failed to start exec "676bd77ea0b82633233b3201b65970fbbd5164394b1170ac184deb9abec9b72c": OCI runtime exec failed: exec failed: unable to start container process: exec: "sh": executable file not found in $PATH: unknown
3

Conclusion

The error indicates that your container does not have a shell.

Debugging with ephemeral containers

Ephemeral debug containers are the recommended method for debugging distroless containers in production. Ephemeral debug containers are used to temporarily attach to an existing Pod in order to troubleshoot and inspect running services. Learn more

Docker environment

When there’s no shell…

1

Try to start a shell in your container

docker exec -it {container ID} /bin/bash
2

Get an error

The error indicates that no such file or directory exists.

OCI runtime exec failed: exec failed: unable to start container process: exec: "/bin/bash": stat /bin/bash: no such file or directory: unknown
3

Conclusion

The error indicates that the container does not have a shell.

Mount a debugging container

You can mount debugging tools and take advantage of shared namespaces to use a docker exec command. Learn more

Another option is to use the Docker Debug utility. Docker Debug is available for signed-in Docker users with a paid, Pro, Team, or Business subscription (ref).