Having tools in a container might sometimes be useful for different debugging. Just exec into it and start the diagnostics. With a distroless/minimized image, it's not that easy. What we can do instead is attach a sidecar container:
docker run \
--rm \
-it \
--pid=container:<container id> \
--net=container:<container id> \
--cap-add sys_admin \
alpine \
shfrom: Minimal containers using Nix
This starts an Alpine container that attaches to the same PID and network namespaces, giving you visibility into what's running inside the original container.
To make this easier, you can define a Bash function:
sidecar-sh() {
local target_container="$1"
local container_id
container_id=$(docker inspect --format '{{.Id}}' "$target_container")
docker run --rm -it \
--pid=container:"$container_id" \
--net=container:"$container_id" \
--cap-add sys_admin \
alpine sh
}
Created 2025-06-18T13:43:16+02:00, updated 2025-06-23T17:08:13+02:00 · History · Edit