CloudShell Academy LogoCloudShell Academy
Log InSign Up
AcademyContainment Breach: The Architect's ShipZone 3: Life Cycle Management

Lesson 2: The Black Box (Debugging Containers)

A container is a black box — it runs in isolation. But when things go wrong, you need to open the box and look inside. Docker gives you powerful tools for debugging.

Reading Logs: docker logs

Every output a container writes to stdout/stderr is captured by Docker:

docker logs webserver                # All logs
docker logs webserver --tail 20      # Last 20 lines
docker logs webserver -f             # Follow (like tail -f)
docker logs webserver --since 1h     # Logs from the last hour
docker logs webserver --timestamps   # Add timestamps

Executing Commands Inside: docker exec

Need to look inside a running container? docker exec runs a command inside it:

# Open a shell inside the container
docker exec -it webserver bash

# Run a single command
docker exec webserver cat /etc/nginx/nginx.conf

# Check what processes are running inside
docker exec webserver ps aux
  • -it — Interactive terminal (same as docker run).
  • The container must be running for exec to work.

Inspecting Container Metadata: docker inspect

docker inspect returns a JSON dump of everything about a container:

docker inspect webserver

This shows:

  • IP address of the container.
  • Port mappings.
  • Environment variables.
  • Mount points (volumes).
  • Network settings.

Extracting Specific Fields

Use --format (Go template syntax) to extract specific values:

# Get the container's IP address
docker inspect --format '{{.NetworkSettings.IPAddress}}' webserver

# Get the container status
docker inspect --format '{{.State.Status}}' webserver

Resource Monitoring: docker stats

Watch real-time CPU, memory, and network usage:

docker stats                      # All running containers
docker stats webserver            # Specific container

CONTAINER   CPU %   MEM USAGE / LIMIT   NET I/O         BLOCK I/O
webserver   0.05%   5.2MiB / 7.8GiB     1.2kB / 0B      0B / 0B

Copying Files In/Out: docker cp

docker cp webserver:/etc/nginx/nginx.conf ./nginx.conf   # Out
docker cp ./custom.conf webserver:/etc/nginx/nginx.conf  # In
booting...

Mission Objective

Debug like a DevOps engineer:

  1. Read the logs: Run docker logs webserver to see what the container is outputting.
  2. Get inside: Run docker exec -it webserver bash to explore the container.
  3. Full scan: Run docker inspect webserver to see all metadata.

Mission Control

View container logs

Expected Command

docker logs webserver

Execute a command inside a running container

Inspect container details

Previous: The Puppet Master: Controlling ContainersNext: The Bridge Builder: Basic Networking