undefined | Better HN

0 pointsgravypod4y ago0 comments

There are some tools that allow you to copy debug tools into a container when needed. I think all that needs to be I'm the container is tar and it runs `kubectl exec ... tar` in the container. This allows you to get in when needed but still keep your production attack surface low.

Either way as long as all your containers share the same base layer it doesn't really matter since they will be deduplicate.

0 comments

theptip4y ago

I believe “Ephemeral containers” are intended to resolve this issue; you can attach a “debug container” to your pod with a shell and other tools.

https://kubernetes.io/docs/concepts/workloads/pods/ephemeral...

Still beta, I haven’t tried it yet myself. Looks interesting though.

j / k navigate · click thread line to collapse

0 pointsgravypod4y ago0 comments

Either way as long as all your containers share the same base layer it doesn't really matter since they will be deduplicate.

0 comments

theptip4y ago

I believe “Ephemeral containers” are intended to resolve this issue; you can attach a “debug container” to your pod with a shell and other tools.

https://kubernetes.io/docs/concepts/workloads/pods/ephemeral...

Still beta, I haven’t tried it yet myself. Looks interesting though.

j / k navigate · click thread line to collapse