feat(kubernetes): enable containerd debugging in calico debug env

ssst0n3 · ssst0n3 · commit dce67a81b70e · 2026-03-13T09:56:07.000+08:00
diff --git a/README.md b/README.md
@@ -28,7 +28,7 @@
 
 | tag | version | alias | note |
 |-----|---------|-------|------|
-| [kubernetes-v1.35.1_containerd-v2.2.1_calico_debug](./kubernetes/v1.35.1/containerd/v2.2.1/calico/debug) | v0.1.0  | - | debug kubelet |
+| [kubernetes-v1.35.1_containerd-v2.2.1_calico_debug](./kubernetes/v1.35.1/containerd/v2.2.1/calico/debug) | v0.2.0  | - | debug kubelet,containerd |
 | [kubernetes-v1.35.1_containerd-v2.2.1_calico](./kubernetes/v1.35.1/containerd/v2.2.1/calico/default) | v0.1.0  | - | calico installed |
 | [kubernetes-v1.35.1_containerd-v2.2.1_init](./kubernetes/v1.35.1/containerd/v2.2.1/init) | v0.1.0  | - | kubeadm init, without CNI |
 | [kubernetes-v1.35.1_containerd-v2.2.1_base](./kubernetes/v1.35.1/containerd/v2.2.1/base) | v0.1.0  | - | k8s components installed  |
diff --git a/kubernetes/v1.35.1/containerd/v2.2.1/calico/debug/.env b/kubernetes/v1.35.1/containerd/v2.2.1/calico/debug/.env
@@ -1,3 +1,3 @@
-VERSION=v0.1.0
+VERSION=v0.2.0
 IMAGE=kubernetes-v1.35.1_containerd-v2.2.1_calico_debug
 COMPOSE_PROJECT_NAME=kubernetes-1-35-1_containerd-v2-2-1-calico-debug
diff --git a/kubernetes/v1.35.1/containerd/v2.2.1/calico/debug/Dockerfile b/kubernetes/v1.35.1/containerd/v2.2.1/calico/debug/Dockerfile
@@ -12,21 +12,20 @@ ARG VERSION_IMAGE=0.1.0
 # ================================
 ARG BASE_IMAGE=ghcr.io/ctrsploit/kubernetes-v${VERSION_KUBERNETES}_containerd-v${VERSION_CONTAINERD}_calico:ctr_v${VERSION_IMAGE}
 ARG URL_ARTIFACT_KUBELET_DEBUG=https://github.com/ssst0n3/container-debug-artifacts/releases/download/kubernetes/kubelet-v${VERSION_KUBERNETES}-debug
-# ARG URL_ARTIFACT_CONTAINERD_DEBUG=https://github.com/ssst0n3/container-debug-artifacts/releases/download/containerd/containerd-v${VERSION_CONTAINERD}-debug
+ARG URL_ARTIFACT_CONTAINERD_DEBUG=https://github.com/ssst0n3/container-debug-artifacts/releases/download/containerd/containerd-v${VERSION_CONTAINERD}-debug
 ARG URL_ARTIFACT_DLV=https://github.com/ssst0n3/container-debug-artifacts/releases/download/dlv/dlv-v${VERSION_DLV}
 
 # ================================
 # Build Stages
 # ================================
 FROM ${BASE_IMAGE}
 ARG URL_ARTIFACT_KUBELET_DEBUG
-# ARG URL_ARTIFACT_CONTAINERD_DEBUG
+ARG URL_ARTIFACT_CONTAINERD_DEBUG
 ARG URL_ARTIFACT_DLV
 ADD --chmod=755 ${URL_ARTIFACT_KUBELET_DEBUG} /usr/local/bin/kubelet.debug
-# ADD --chmod=755 ${URL_ARTIFACT_CONTAINERD_DEBUG} /usr/local/bin/containerd.debug
+ADD --chmod=755 ${URL_ARTIFACT_CONTAINERD_DEBUG} /usr/local/bin/containerd.debug
 ADD --chmod=755 ${URL_ARTIFACT_DLV} /usr/local/bin/dlv
 COPY --chmod=755 debug.sh /usr/local/bin/debug.sh
-# back up real kubelet binary
+# back up real binary
 RUN cp /usr/bin/kubelet /usr/local/bin/kubelet.real && \
-    # back up real containerd binary
     cp /usr/local/bin/containerd /usr/local/bin/containerd.real
diff --git a/kubernetes/v1.35.1/containerd/v2.2.1/calico/debug/README.md b/kubernetes/v1.35.1/containerd/v2.2.1/calico/debug/README.md
@@ -3,7 +3,9 @@
 | Type | Image | Notes |
 | ---- | ----- | ----- |
 | dqd | ghcr.io/ctrsploit/kubernetes-v1.35.1_containerd-v2.2.1_calico_debug:latest | -> `v0.2.0` |
+| dqd | ghcr.io/ctrsploit/kubernetes-v1.35.1_containerd-v2.2.1_calico_debug:v0.2.0 | debug kubelet,containerd |
 | dqd | ghcr.io/ctrsploit/kubernetes-v1.35.1_containerd-v2.2.1_calico_debug:v0.1.0 | debug kubelet |
+| ctr | ghcr.io/ctrsploit/kubernetes-v1.35.1_containerd-v2.2.1_calico_debug:ctr_v0.2.0 | - |
 | ctr | ghcr.io/ctrsploit/kubernetes-v1.35.1_containerd-v2.2.1_calico_debug:ctr_v0.1.0 | - |
 
 ## Usage
@@ -19,14 +21,27 @@ $ docker compose -f docker-compose.yml -f docker-compose.kvm.yml up -d
 
 ```shell
 $ ./ssh
-root@kubernetes-1-32-2-containerd-2-0-3:~# systemctl stop kubelet
-root@kubernetes-1-32-2-containerd-2-0-3:~# ln -sf /usr/local/bin/debug.sh /usr/bin/kubelet
-root@kubernetes-1-32-2-containerd-2-0-3:~# systemctl start kubelet
-root@kubernetes-1-32-2-containerd-2-0-3:~# journalctl -u kubelet -f
+root@kubernetes-1-35-1-containerd-2-2-1:~# systemctl stop kubelet
+root@kubernetes-1-35-1-containerd-2-2-1:~# ln -sf /usr/local/bin/debug.sh /usr/bin/kubelet
+root@kubernetes-1-35-1-containerd-2-2-1:~# systemctl start kubelet
+root@kubernetes-1-35-1-containerd-2-2-1:~# journalctl -u kubelet -f
 API server listening at: [::]:2345
 ...
 ```
 
+### Debug Containerd with Delve
+
+```shell
+$ ./ssh
+root@kubernetes-1-35-1-containerd-2-2-1:~# systemctl stop containerd
+root@kubernetes-1-35-1-containerd-2-2-1:~# ln -sf /usr/local/bin/debug.sh /usr/local/bin/containerd
+root@kubernetes-1-35-1-containerd-2-2-1:~# /usr/local/bin/containerd --config /etc/containerd/config.toml
+API server listening at: [::]:2346
+...
+```
+
+> Using `systemctl start containerd` is also ok, but will raise a systemctl's timeout error. It's as an expected behavior, because `containerd.service` uses `Type=notify`, and launching containerd via Delve can cause systemd startup timeout.
+
 ### GoLand remote attach
 
 kubelet
@@ -37,13 +52,30 @@ Host: 127.0.0.1
 Port: 13516
 ```
 
+containerd
+
+```text
+Run/Debug Configurations -> Go Remote
+Host: 127.0.0.1
+Port: 13517
+```
+
 ### Restore Kubelet
 
 ```shell
-root@kubernetes-1-32-2-containerd-2-0-3:~# systemctl stop kubelet
-root@kubernetes-1-32-2-containerd-2-0-3:~# cp /usr/local/bin/kubelet.real /usr/bin/kubelet
-root@kubernetes-1-32-2-containerd-2-0-3:~# chmod +x /usr/bin/kubelet
-root@kubernetes-1-32-2-containerd-2-0-3:~# systemctl start kubelet
+root@kubernetes-1-35-1-containerd-2-2-1:~# systemctl stop kubelet
+root@kubernetes-1-35-1-containerd-2-2-1:~# cp /usr/local/bin/kubelet.real /usr/bin/kubelet
+root@kubernetes-1-35-1-containerd-2-2-1:~# chmod +x /usr/bin/kubelet
+root@kubernetes-1-35-1-containerd-2-2-1:~# systemctl start kubelet
+```
+
+### Restore Containerd
+
+```shell
+root@kubernetes-1-35-1-containerd-2-2-1:~# systemctl stop containerd
+root@kubernetes-1-35-1-containerd-2-2-1:~# cp /usr/local/bin/containerd.real /usr/local/bin/containerd
+root@kubernetes-1-35-1-containerd-2-2-1:~# chmod +x /usr/local/bin/containerd
+root@kubernetes-1-35-1-containerd-2-2-1:~# systemctl start containerd
 ```
 
 ### Built-in Pods
@@ -128,7 +160,7 @@ make all ENV=kubernetes/v1.35.1/containerd/v2.2.1/calico/debug
 
 ```dockerfile
 # syntax=docker/dockerfile:1-labs
-FROM ghcr.io/ctrsploit/kubernetes-v1.35.1_containerd-v2.2.1_calico_debug:ctr_v0.1.0
+FROM ghcr.io/ctrsploit/kubernetes-v1.35.1_containerd-v2.2.1_calico_debug:ctr_v0.2.0
 ...
 RUN --security=insecure ["/sbin/init", "--log-target=kmsg"]
 ```
diff --git a/kubernetes/v1.35.1/containerd/v2.2.1/calico/debug/docker-compose.yml b/kubernetes/v1.35.1/containerd/v2.2.1/calico/debug/docker-compose.yml
@@ -6,10 +6,11 @@ services:
     environment:
       - "QEMU_NET=10.0.2.0/24"
       - "QEMU_DHCPSTART=10.0.2.16"
-      - "QEMU_HOSTFWD=hostfwd=tcp::6443-:6443,hostfwd=tcp::2345-:2345"
+      - "QEMU_HOSTFWD=hostfwd=tcp::6443-:6443,hostfwd=tcp::2345-:2345,hostfwd=tcp::2346-:2346"
     ports:
         - "13514:22"
         - "13515:6443"
         - "13516:2345"
+        - "13517:2346"
     tty: true
     stdin_open: true 
