Since, distroless image does not contain additional commands so debuging is a little tough. You need additional arrangements for debuging.

Application debug has two parts:

- Debug of Image/OS - Where you wanted to tested the connectivity, network connections on specific port, file system as per mounted path etc. which are ancilliary for running application

Solution:

Option 1: To debug or rightly saying verify the the image related information, need to use tools docker's diff, export, inspect etc.

Option 2: Use debug distroless image for debuging which is provided by Google as tags e.g. for Java 11, distroless debug image available. gcr.io/distroless/java11-debian11:debug

It provides busybox which can be used for debugging related to image. To use it, simpley change base image tag to debug instead of version or latest tag. Once debug image will be running you can run commands like:

docker run --entrypoint busybox myimage5:latest ls

or for network:

docker run --entrypoint busybox myimage5:latest netstat -nlp

Option 3: Use of ephemeral container. Most of the Orchastrator provides debug functionality with ephemeral containers e.g. Kubernetes provides kubectl debug command which ignites ephemeral container (an additional debug container in same pod) e.g.

kubectl debug <pod name> --image=ubuntu -it --target=app

or

kubectl debug <pod name> -it --image=ubuntu --share-processes --copy-to=app-debug

- Application binary debug - Where application code need to debug itself e.g. debug application code.

Solution:

Most of the application runtime provides remote debuging like Java provides remote debugging which can be enabled using additional command line switch

-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=6006

It will open one port 6006 on which debugger need to connect from IDE and debug the applicaiton.

Hope it will answer your question.