Status & Quality
Container Registries
Security & Platform
Community
Docs: https://debugbox.ibtisam-iq.com
You need to debug a pod. You run kubectl debug my-pod --image=netshoot and wait for 201 MB to download.
On an edge cluster? Mobile network? Restricted bandwidth? Every MB costs time.
Worse still: you just need to check DNS. You don't need tcpdump, tshark, routing tools. But netshoot is all-or-nothing.
DebugBox is a Kubernetes-native debugging container that lets you choose exactly what you needβno more, no less.
Optimized for Kubernetes:
kubectl debugephemeral containers β launch in secondskubectx/kubenscontext switching β built-in cluster awareness- Shell helpers pre-loaded β json() and yaml() functions ready to use
- Pinned tool versions β deterministic, repeatable builds
Three sizes. Pick one:
- LITE (14.36 MB): DNS & connectivity
- BALANCED (46.16 MB): Daily Kubernetes debugging β
- POWER (104.45 MB): Packet analysis & forensics
No bloat. No waiting. Right-sized for your job.
Pick the right size for your task:
Need to analyze packets?
β
ββββββ΄ββββββ
β β
NO YES βββββββΊ POWER (104.45 MB)
β (tshark, iptables, bird)
β
Need tcpdump or K8s tools?
β
βββββ΄βββββ
β β
NO YES ββββββββββΊ BALANCED (46.16 MB) β
β (tcpdump, kubectx/ns)
β
YES βββββββββββββββββΊ LITE (14.36 MB)
(minimal, fast)
# Debug a running pod (default: balanced variant)
kubectl debug my-pod -it --image=ghcr.io/ibtisam-iq/debugbox
# Use lite variant (minimal, fastest pull)
kubectl debug my-pod -it --image=ghcr.io/ibtisam-iq/debugbox:lite
# Use power variant (full forensics toolkit)
kubectl debug my-pod -it --image=ghcr.io/ibtisam-iq/debugbox:power
# Standalone debugging session
kubectl run debug --rm -it --image=ghcr.io/ibtisam-iq/debugbox --restart=Never# Interactive session (latest balanced variant)
docker run -it ghcr.io/ibtisam-iq/debugbox
# Lite variant
docker run -it ghcr.io/ibtisam-iq/debugbox:lite
# Power variant
docker run -it ghcr.io/ibtisam-iq/debugbox:power| Image | Compressed Size |
|---|---|
| DebugBox lite | 14.36 MB |
| DebugBox balanced | 46.16 MB |
| DebugBox power | 104.45 MB |
| netshoot v0.15 | 201.67 MB |
DebugBox power is 97 MB smaller than netshoot (48% reduction). DebugBox lite is 14Γ smaller than netshoot.
On resource-constrained clusters (edge, IoT, Kubernetes on laptops), every MB counts. See detailed bandwidth analysis β
- Trivy scans block HIGH/CRITICAL on every release
- Alpine Linux base (minimal attack surface)
- No unnecessary packages
- Multi-architecture support (amd64, arm64)
What tools are included in each variant? β Complete tool list
| Category | Tools | Lite | Balanced | Power |
|---|---|---|---|---|
| Networking Basics | curl, netcat, iproute2, iputils, bind-tools (dig, nslookup) | β | β | β |
| Data Parsing | jq, yq | β | β | β |
| Shell | bash, bash-completion, less | β | β | β |
| Editors | vi / vim / nano | vi | β | β |
| Filesystem | git, file, tar, gzip | β | β | β |
| System | htop, strace, lsof, procps, psmisc | β | β | β |
| System Deep | ltrace | β | β | β |
| Networking | tcpdump, socat, nmap, mtr, iperf3, ethtool, iftop | β | β | β |
| Packet Analysis | tshark, ngrep, tcptraceroute, fping, speedtest-cli, nmap-nping | β | β | β |
| TLS/SSL | openssl | β | β | β |
| Routing | iptables, nftables, conntrack-tools, bird, bridge-utils | β | β | β |
| Kubernetes | kubectx, kubens | β | β | β |
| Scripting | Python 3 + pip3 | β | β | β |
| Helpers | json(), yaml(), ll() | β | β | β |
| Network Helpers | ports, connections, routes, k8s-info | β | β | β |
| Packet Helpers | sniff(), sniff-http(), sniff-dns(), cert-check(), conntrack-watch() | β | β | β |
β Detailed variant breakdown
| Feature | DebugBox | netshoot | busybox | Alpine |
|---|---|---|---|---|
| Smallest variant | 14.36 MB | 201.67 MB | 1.5 MB | 7.6 MB |
| Variants | β 3 sizes | β one size | β one size | β one size |
| Multi-arch | β amd64+arm64 | β amd64+arm64 | β amd64+arm64 | β amd64+arm64 |
| Pinned tools | β deterministic | β floating | β minimal | β minimal |
| Kubernetes helpers | β kubectx/ns | β none | β none | β none |
| Security scanned | β Trivy | β manual | β manual | β manual |
Why DebugBox wins:
- β Smaller when you need it (14.36 MB vs 201.67 MB)
- β Larger when you need it (104.45 MB for SRE workflows)
- β Kubernetes-first design (kubectx/kubens built-in)
- β Predictable (pinned tools, repeatable builds)
Ephemeral debugging with kubectl debug:
- β One-off troubleshooting sessions
- β Resource-constrained environments (edge, IoT, bandwidth-limited)
- β Multi-cluster operations (kubectx/kubens included)
- β Incident response (fast pull, ready to go)
- β Learning Kubernetes networking
- β SRE forensics workflows (power variant)
Not for:
- β Persistent sidecars β use for ephemeral debugging only
- β Production workloads β runs as root, for debugging only
- β Kubernetes control plane access β no kubectl, no kube-proxy config
DebugBox is published to two registries with 20 tags per release:
| Registry | URL |
|---|---|
| GHCR (Recommended) | ghcr.io/ibtisam-iq/debugbox |
| Docker Hub | docker.io/mibtisam/debugbox |
All three variants are in one repository with variant-based tags:
debugbox:lite # Latest lite variant
debugbox:balanced # Latest balanced variant (default)
debugbox:power # Latest power variantdebugbox:lite-latest # Latest lite
debugbox:balanced-latest # Latest balanced
debugbox:power-latest # Latest powerdebugbox:lite-1.0.0 # Lite v1.0.0
debugbox:balanced-1.0.0 # Balanced v1.0.0
debugbox:power-1.0.0 # Power v1.0.0debugbox:latest # Alias to balanced-latest (default)
debugbox:1.0.0 # Alias to balanced-1.0.0 (short form)Production: Always pin specific versions See Image Tags
Full docs: https://debugbox.ibtisam-iq.com
Essential guides:
- Kubernetes Usage β kubectl debug examples
- Docker Usage β Docker run examples
- Variants Overview β detailed tool breakdown
- Image Tags & Registries β tagging strategy
- Common Workflows β real debugging scenarios
- Local Development β build and test locally
- Contributing β how to contribute
Q: Can I use DebugBox in production?
A: No. DebugBox runs as root and is designed for ephemeral debugging containers only. Use kubectl debug or temporary pods.
Q: What if I need a tool not in DebugBox? A: You can extend DebugBox by creating your own Dockerfile or submitting a feature request. See Local Development.
Q: How do I pin a specific version in production?
A: Use the full tag: ghcr.io/ibtisam-iq/debugbox:1.0.0 (balanced) or ghcr.io/ibtisam-iq/debugbox:lite-1.0.0 (lite). See Image Tags for full strategy.
Q: Does DebugBox work on Kubernetes 1.18+?
A: Yes, works on Kubernetes 1.18+. Best experience with 1.20+ (has kubectl debug support).
Q: Can I use DebugBox outside Kubernetes?
A: Absolutely! docker run -it ghcr.io/ibtisam-iq/debugbox works perfectly for local debugging.
More questions? β Full Troubleshooting Guide
git clone https://github.com/ibtisam-iq/debugbox.git
cd debugbox
make build-all # All variants
make test-all # Smoke tests
make scan # Trivy scanSee Local Development for detailed setup.
Found a bug? Have an idea? We welcome contributions!
MIT License β Free to use, modify, and distribute.
v1.0.0 (Feb 2026)
- Public release
- 3 variants: lite, balanced, power
- Multi-arch support (amd64, arm64)
- Kubernetes-optimized with kubectx/kubens
- SRE-grade routing and analysis tools in power variant
β Full changelog
- π¬ GitHub Discussions β ask questions, share ideas
- π GitHub Issues β report bugs or request features
- π Documentation β https://debugbox.ibtisam-iq.com
- π€ Code of Conduct β CODE_OF_CONDUCT.md
Built with β€οΈ for Kubernetes debugging by @ibtisam-iq
Faster pulls. Faster debugging. Right-sized containers.