Should You Use Ephemeral Containers In Production Environments Or Not?

TechOps Examples

Hey — It's Govardhana MK 👋

Along with a use case deep dive, we identify the remote job opportunities, top news, tools, and articles in the TechOps industry.

👋 Before we begin... a big thank you to today's sponsor NOTOPS

⚡ Cloud-Native Without the Learning Curve
Skip the months of trial and error. NotOps.io gives you an ideal Kubernetes and AWS setup, so you’re production-ready on day one.

🔄 Automated Day-Two Operations
Focus on innovation, not maintenance. NotOps.io automates patching, upgrades, and updates for EKS control planes, nodes, and tools like Argo CD.

👀 Why NotOps.io?
From stability to security to speed, get results from day one.

Get Started For FREE

IN TODAY'S EDITION

🧠 Use Case

• Should You Use Ephemeral Containers In Production Environments Or Not?

🚀 Top News

• Amazon EKS expands upgrade insights to scan cluster health and flag version compatibility issues across Kubernetes, kubelet, kube-proxy, and EKS add-ons.

👀 Remote Jobs

• Direct US is hiring a DevOps Engineer

  Remote Location: Worldwide

• Netlify is hiring a Site Reliability Engineer

  Remote Location: USA, Canada

📚️ Resources

• systemctl logs: A Guide to Managing Logs in Linux

• k9s – manage your Kubernetes cluster and it’s objects like a pro!

• AWS step-by-step guide to help you calculate the optimal hourly commitment rate when replacing Savings Plans.

📢 Reddit Threads

• Passed AWS SAA-C03 and sharing my notes here

• How do you handle pre-deployment jobs with GitOps?

Writer RAG tool: build production-ready RAG apps in minutes

RAG in just a few lines of code? We’ve launched a predefined RAG tool on our developer platform, making it easy to bring your data into a Knowledge Graph and interact with it with AI. With a single API call, writer LLMs will intelligently call the RAG tool to chat with your data.

Integrated into Writer’s full-stack platform, it eliminates the need for complex vendor RAG setups, making it quick to build scalable, highly accurate AI workflows just by passing a graph ID of your data as a parameter to your RAG tool.

Learn more about our production ready RAG tooling here.

🛠️ TOOL OF THE DAY

skopeo -  Work with remote images registries - retrieving information, images, signing content.

• Copying an image from and to various storage mechanisms.

• Syncing an external image repository to an internal registry for air-gapped deployments.

🧠 USE CASE

Should You Use Ephemeral Containers In Production Environments Or Not?

For someone new, ephemeral containers are a Kubernetes feature introduced in v1.16 (graduated in v1.25), primarily designed to assist with debugging live Pods.

Unlike normal containers, they’re not defined in the Pod spec upfront but are dynamically injected at runtime into an already running Pod.

This ability makes them incredibly powerful for operational tasks like debugging.

Key Features of Ephemeral Containers

• Short-lived, transient containers.

• Easily injected into running Pods with kubectl debug.

• Share the same namespace and network as the main containers.

• Do not interfere with the Pod's lifecycle.

But it also raises questions about their suitability in production environments.

While It is true:

• They don’t require Pod restarts, they avoid downtime and application interruptions.

•  Debugging occurs in a dedicated container, protecting the application from accidental side effects.

• You can tailor ephemeral containers with preloaded tools to suit the troubleshooting needs (e.g., network sniffers, performance profilers).

• They’re only injected when needed and disappear after the issue is resolved.

Here - The Risks and Caveats of Using Ephemeral Containers

• No Restart Guarantee - meaning they are not ideal for persistent workflows.

• Security Concerns - can introduce vulnerabilities by exposing namespaces or sensitive data.

✅ Use Them When:

• Debugging critical live systems where you need isolation.

• Running diagnostics without modifying existing application containers.

• Temporarily inspecting environments or workloads.

🚫 Avoid Them When:

• Long-term fixes or monitoring tasks are needed.

• The debugging process risks sensitive production workloads.

• Your team lacks proper access controls for ephemeral containers.

Hands-On Guide to Ephemeral Containers:

# Launch an Ephemeral Container

kubectl debug <pod-name> -c debug-container --image=busybox --target=<main-container>

# Inspect Logs in the Ephemeral Container:

kubectl logs <pod-name> -c debug-container

# Run Commands in the Ephemeral Container:

kubectl exec -it <pod-name> -c debug-container -- sh

Refer to this guide, Debugging with an Ephemeral Debug Container, to enhance your expertise on this topic.

Looking to promote your company, product, service, or event to 28,000+ TechOps Professionals? Let's work together.