> ## Documentation Index
> Fetch the complete documentation index at: https://docs.minimus.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Debug in Kubernetes

> Using ephemeral containers to interactively troubleshoot Kubernetes production environments

For your Kubernetes deployment, you can use ephemeral debug containers to debug distroless Minimus images. Ephemeral debug containers can be temporarily attached to existing Pods to troubleshoot and inspect running services and are commonly used to inspect and troubleshoot running services.

Ephemeral debug containers may be necessary, since copying debugging tools into running containers on-demand with `kubectl cp` is not possible for Minimus production images without `tar` included.

## Process namespace sharing

The ephemeral container needs to connect to the namespace of the Minimus container in order to sideload debugging tools that aren't available in the Minimus container itself.

To simplify the debugging process, it is recommended customers enable process namespace sharing in your Pod settings. If enabled, you will be able to access processes running in other containers on the Pod without having to specify a target. Access to the filesystem may also be affected, due to default user permissions. The attribute `ephemeralContainers` in the Pod spec can also be modified for existing Pod instances. [Learn more from Kubernetes](https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/)

## Nginx example

In this example we have an Nginx container in a Kubernetes cluster:

```bash theme={null}
kubectl run nginx --image=minimus/{token}/nginx:latest
```

```
# output 
pod/nginx created
```

The Minimus Nginx production image is distroless, and does not contain troubleshooting tools to limit the attack surface, including a shell - so you can't use `kubectl exec` to troubleshoot the container.

The solution is to add a debugging sidecar. The Minimus **generic base image** is designed just for that purpose, and is ideal for running as an ephemeral debug container along with another Minimus container. Run the following to add the image as an ephemeral container and connect it to the namespaces of your already-running nginx container:

```bash theme={null}
kubectl debug -it nginx --image=minimus/{token}/{minimus-base} --target=nginx
```

```
# output
Targeting container "nginx". If you don't see processes from this container it may be because the container runtime doesn't support this feature.
Defaulting debug container name to debugger-87792.
If you don't see a command prompt, try pressing enter.
nginx:/#
```

You can now inspect the container and its open ports:

<CodeGroup>
  ```bash Inspect container theme={null}
  ps aux
  ```

  ```bash Inspect open ports theme={null}
  netstat -lntu
  ```
</CodeGroup>

You are now ready to sideload debugging tools and get to work.