Debugging Containers in Kubernetes — It’s Complicated
Several presentations at DockerCon this year focused on improving the developer experience, a theme Docker has promoted since its early days.
One challenge discussed: debugging containers in Kubernetes.
Docker Debug, launched at DockerCon, is a “language-independent, integrated toolbox for debugging local and remote containerized apps that speeds up the debug process,” writes The New Stack’s Loraine Lawson.
Docker focused on abstracting Kubernetes concepts like pods and namespaces to allow developers to debug like they would locally.
“Nobody wants to debug a container,” said Docker Principal Engineer Ivan Pedrazas. “Instead, they want to debug their application. What happens if we remove all the layers in a container and make them invisible, turning the focus to the application?”
That is what Docker Debug does, said Docker’s Pedrazas. “And you can do it locally and remotely. And soon in Kubernetes as well. It’s about the user experience.”
Constraints and dependencies pile up, making debugging a chore, Pedrazas said. And when people talk about shifting left? That means pushing all the complexity to developers. It’s just too much.
Pedrazas said Kubernetes makes debugging containers even more complex. Developers have to deal with many concerns. It’s different from developing applications, which entails writing, testing, packaging, and deploying responsibilities.
But what about the development process in Kubernetes? With Kubernetes, the API exposes production concerns that developers rarely see.
What is needed? Slim containers consisting of only the application dependencies, Pedrazas said.
Tape is a Docker project at Docker that simplifies deployment by bundling all the Kubernetes artifacts/configuration into a single package. It removes the need for developers to deal with multiple YAML files, images, etc.
“From the security point of view, that is great,” Pedrazas said. “We’ll reduce the blast radius; the surface attack is much smaller. However, debugging these images gets really hard. So Docker DeBug is adding something that allows you to use all these slim contents, all these decentralized applications, the way that you will do it in your machine.”
But how does this relate to Kubernetes?
Much of the work developers do get upended in Kubernetes. The operations tasks become onerous for developers. The challenge comes when platform engineering teams enter the picture. They expect a certain quality when people send the artifacts into the cluster. That’s a struggle. It takes time to convince a developer to do what platform engineering wants.