[+] 更新 k3s 源

[-] 已安装docker的不执行重启

.gitea/workflows/docker.yaml

@@ -0,0 +1,29 @@
+name: Build Docker Image
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  Explore-Gitea-Actions:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: https://git.martin98.com/actions/checkout.git@v4
+
+      - name: Log in to Docker Hub
+        uses: https://git.martin98.com/actions/login-action.git@v3
+        with:
+          registry: ${{ vars.GIT_IMAGE_URL }}
+          username: ${{ vars.GIT_IMAGE_USERNAME }}
+          password: ${{ vars.GIT_IMAGE_PASSWORD }}
+
+      - name: Build and push
+        uses: https://git.martin98.com/actions/build-push-action.git@v4
+        with:
+          context: .
+          platforms: linux/amd64
+          push: true
+          tags: |
+            git.martin98.com/martinfarm/init:latest
+            git.martin98.com/martinfarm/init:${{ github.sha }}

Dockerfile

@@ -0,0 +1,3 @@
+FROM scratch
+
+COPY *.sh /scripts/

README.md

@@ -5,43 +5,44 @@
 curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-apt.sh | bash
 # docker-ce
 curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-docker.sh | bash
+# npm
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-npm.sh | bash
+# pip
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-pip.sh | bash
+# git
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-git.sh | bash
+
+
 # 初始化全部
 curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-all.sh | bash
 ```
+
+### 清理磁盘
+```bash
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/clean.sh | bash
+```
+
 #### Python 镜像源配置测试
+
 ```bash
 pip config set global.index-url https://mirrors.martin98.com/repository/pypi-group/simple
 ```
+
 #### NPM
+
 ```bash
 npm config set registry https://mirrors.martin98.com/repository/npm-group/
 ```
 
-##### docker 容器中
-```bash
-RUN --mount=type=cache,target=/var/cache/apt \
-    --mount=type=cache,target=/var/lib/apt \
-    sed -i '6,$d' /etc/apt/sources.list.d/dhttps://mirrors.mebian.sources && \
-    sed -i 's|http://deb.debian.org/debian|artin98.com/repository/debian-tsinghua/|g' /etc/apt/sources.list.d/debian.sources && \
-    apt update && \
-    apt install -y --no-install-recommends \
-      gcc \
-      g++ \
-      python3-dev
-```
+#### Rust(cargo 版本 >=1.68)
+linux:
+    ~/.cargo/config
+Windows:
+    %USERPROFILE%\.cargo\config
+```toml
+[source.crates-io]
+replace-with = 'mirrors'
 
-#### 进入容器
-```bash
-docker compose run debian bash
-```
-```bash
-docker compose run ubuntu bash
-```
-
-#### APT 镜像源配置测试
-```bash
-docker compose run debian ./init-apt.sh
-```
-```bash
-docker compose run ubuntu ./init-apt.sh
+[source.mirrors]
+registry = "sparse+https://mirrors.martin98.com/repository/rust/"
 ```

README_k8s.md

@@ -0,0 +1,107 @@
+## k3s
+> https://docs.k3s.io/zh/quick-start
+```bash
+curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -
+```
+
+## k8s 快速部署
+```bash
+# 网段配置
+export pod_subnet=10.101.0.0/16
+export service_subnet=10.100.0.0/16
+# 配置 高可用 VIP
+export vip_ip=10.1.3.100
+export vip=$vip_ip/16
+export masters=10.1.3.101,10.1.3.102,10.1.3.103
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-k8s.sh | bash
+
+# master 节点更新 helm 相关
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-helm.sh | bash
+```
+
+### 其他说明
+```bash
+# 拉取镜像失败可能导致节点不正常
+systemctl restart kubelet
+systemctl restart containerd  # 或 docker
+
+# 当前默认值
+export K8S_VERSION=1.32
+export CONTAINERD_VERSION=2.0.2
+export CALICO_VERSION=3.29.1
+export MIRRORS=docker.martin98.com/k8s
+```
+
+### 初始化 单 master 节点(不要配置 masters 只需要配置网段)
+```bash
+cat <<EOF > kubeadm-config.yaml
+apiVersion: kubeadm.k8s.io/v1beta4
+bootstrapTokens:
+- groups:
+  - system:bootstrappers:kubeadm:default-node-token
+  token: $(openssl rand -hex 3).$(openssl rand -hex 8)
+  ttl: 24h0m0s
+  usages:
+  - signing
+  - authentication
+kind: InitConfiguration
+localAPIEndpoint:
+  advertiseAddress: $(hostname -I | awk '{print $1}')
+  bindPort: 6443
+nodeRegistration:
+  criSocket: unix:///var/run/containerd/containerd.sock
+  imagePullPolicy: IfNotPresent
+  imagePullSerial: true
+  name: $(hostname)
+  taints: null
+timeouts:
+  controlPlaneComponentHealthCheck: 4m0s
+  discovery: 5m0s
+  etcdAPICall: 2m0s
+  kubeletHealthCheck: 4m0s
+  kubernetesAPICall: 1m0s
+  tlsBootstrap: 5m0s
+  upgradeManifests: 5m0s
+---
+apiServer: {}
+apiVersion: kubeadm.k8s.io/v1beta4
+caCertificateValidityPeriod: 87600h0m0s
+certificateValidityPeriod: 8760h0m0s
+certificatesDir: /etc/kubernetes/pki
+clusterName: kubernetes
+controllerManager: {}
+dns: 
+  imageRepository: $mirrors/coredns
+encryptionAlgorithm: RSA-2048
+etcd:
+  local:
+    dataDir: /var/lib/etcd
+imageRepository: $mirrors
+kind: ClusterConfiguration
+kubernetesVersion: $k8s_version
+networking:
+  dnsDomain: cluster.local
+  podSubnet: $pod_subnet
+  serviceSubnet: $service_subnet
+proxy: {}
+scheduler: {}
+EOF
+
+# 开始安装
+kubeadm init --config=kubeadm-config.yaml --upload-certs --v=9
+# 配置
+mkdir -p $HOME/.kube
+sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+sudo chown $(id -u):$(id -g) $HOME/.kube/config
+export KUBECONFIG=/etc/kubernetes/admin.conf
+
+# 安装 operator
+kubectl create -f https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/tigera-operator.yaml
+kubectl wait --for=condition=Ready pods --all -n tigera-operator --timeout=300s
+# 安装 calico
+curl https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/custom-resources.yaml -O
+sed -i "s|\(cidr: \).*|\1$pod_subnet|" custom-resources.yaml
+kubectl create -f custom-resources.yaml
+kubectl wait --for=condition=Ready pods --all -n calico-system --timeout=300s
+kubectl wait --for=condition=Ready pods --all -n calico-apiserver --timeout=300s
+```

clean.sh

@@ -0,0 +1,44 @@
+# 列出磁盘空间
+df -h
+# 清理 apt
+sudo apt-get autoremove -y
+sudo apt-get autoclean -y
+sudo apt-get clean -y
+# 清理 docker
+docker system prune -a -f --volumes
+# 清理日志
+sudo journalctl --vacuum-size=10M
+# 列出清理后容器大小
+docker ps -a --format "{{.ID}}\t{{.Image}}\t{{.Size}}"
+docker images --format "{{.Repository}}:{{.Tag}}\t{{.Size}}"
+
+# 查看占用磁盘
+# du -ah -d 1 /
+
+if [ -d "/root/act_runner" ] && docker images | grep -q "docker.martin98.com/library/gitea/act_runner"; then
+    echo "清理 act_runner"
+    docker volume rm act-toolcache
+    cd /root/act_runner
+    sh run.sh
+fi
+
+if [ -d "/root/git-proxy" ] && docker images | grep -q "docker.martin98.com/library/hunsh/gh-proxy-py:latest"; then
+    echo "清理 git-proxy"
+    cd /root/git-proxy
+    sh restart.sh
+fi
+
+if [ -d "/root/registry" ] && docker images | grep -q "registry"; then
+    echo "清理 registry"
+    cd /root/registry
+    sh restart.sh
+fi
+
+if [ -d "/root/registry" ] && docker ps --format '{{.ID}} {{.Image}}' | grep -q 'traefik'; then
+    echo "清理 Traefik"
+    container_id=$(docker ps --format '{{.ID}} {{.Image}}' | grep 'traefik' | awk '{print $1}')
+    docker exec -it $container_id sh -c "rm -rf /tmp/*"
+fi
+
+# 列出磁盘空间
+df -h

docker-compose.yaml

@@ -13,4 +13,8 @@ services:
 
   ubuntu:
     <<: *app-config
-    image: docker.martin98.com/library/ubuntu:latest
+    image: docker.martin98.com/library/ubuntu:latest
+
+  ubuntu-2204:
+    <<: *app-config
+    image: docker.martin98.com/library/ubuntu:22.04

init-all.sh

@@ -1,6 +1,29 @@
 #!/bin/bash
 
+download_and_run() {
+    local filename="$1"
+    local url="https://git.martin98.com/MartinFarm/init/raw/branch/main/$1"
+
+    if [ ! -f "$filename" ]; then
+        echo "文件 $filename 不存在，正在下载..."
+        curl -sSL "$url" -o "$filename"
+        if [ $? -ne 0 ]; then
+            echo "下载失败，请检查网络连接或URL是否正确。"
+            exit 1
+        fi
+    fi
+    bash "$filename"
+    rm "$filename"
+}
+
+
 # apt + ntp
-curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-apt.sh | bash
+download_and_run "init-apt.sh"
 # docker-ce
-curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-docker.sh | bash
+download_and_run "init-docker.sh"
+# npm
+download_and_run "init-npm.sh"
+# pip
+download_and_run "init-pip.sh"
+# git
+download_and_run "init-git.sh"

init-apt.sh

@@ -1,41 +1,50 @@
 #!/bin/bash
 
-# 配置 ubuntu 源
-if [ -f /etc/apt/sources.list.d/ubuntu.sources ]; then
-    cat > /etc/apt/sources.list.d/ubuntu.sources <<EOF
-Types: deb
-URIs: https://mirrors.martin98.com/repository/ubuntu-tsinghua/
-Suites: noble noble-updates noble-backports
-Components: main restricted universe multiverse
-Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
-EOF
-# 配置 debian 源
-elif [ -f /etc/apt/sources.list.d/debian.sources ]; then
-    cat > /etc/apt/sources.list.d/debian.sources <<EOF
-Types: deb
-URIs: https://mirrors.martin98.com/repository/debian-tsinghua/
-Suites: bookworm bookworm-updates bookworm-backports
-Components: main contrib non-free non-free-firmware
-Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
-EOF
-else
-    echo "没有找到合适的源"
-    exit 1
-fi
-
-# 更新证书
 APT_OPTIONS="-o Acquire::https::mirrors.martin98.com::Verify-Peer=false -o Acquire::https::mirrors.martin98.com::Verify-Host=false"
-apt update $APT_OPTIONS && apt install $APT_OPTIONS -y ca-certificates && update-ca-certificates
-apt update && apt upgrade -y
+lsb_dist=$(cat /etc/*release | grep ^ID= | cut -d= -f2) # ubuntu or debian?
+release=$(cat /etc/*release | grep VERSION_CODENAME | cut -d= -f2) #  ubuntu(jammy oracular) debian(bookworm)....
+components=$([ "${lsb_dist=}" = "debian" ] && echo "main contrib non-free non-free-firmware" || ([ "${lsb_dist=}" = "ubuntu" ] && echo "main restricted universe multiverse"))
 
+# 删除 DEB822 格式
+if [ -f /etc/apt/sources.list.d/${lsb_dist}.sources ]; then
+  rm /etc/apt/sources.list.d/${lsb_dist}.sources
+fi
+# 配置镜像源
+cat <<EOF > /etc/apt/sources.list
+deb https://mirrors.martin98.com/repository/$lsb_dist $release $components
+deb https://mirrors.martin98.com/repository/$lsb_dist $release-updates $components
+deb https://mirrors.martin98.com/repository/$lsb_dist $release-backports $components
+deb https://mirrors.martin98.com/repository/$lsb_dist $release-security $components
+EOF
+
+for RELEASE in "$@"; do
+    echo "deb https://mirrors.martin98.com/repository/$lsb_dist $RELEASE $components" >> /etc/apt/sources.list
+done
+
+
+# 关闭交互式弹窗
+echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
+
+apt update $APT_OPTIONS && apt install $APT_OPTIONS -y ca-certificates curl && update-ca-certificates
+apt update && apt upgrade -y
 
 # NTP
 # 启用阿里云 ntp
-apt install chrony -y
-cat > /etc/chrony.conf <<EOF
+if pidof systemd >/dev/null 2>&1; then
+    apt install chrony -y
+    cat > /etc/chrony.conf <<EOF
 server ntp4.aliyun.com minpoll 4 maxpoll 10 iburst
 server ntp5.aliyun.com iburst
 driftfile /var/lib/chrony/drift
 allow 127.0.0.1
 EOF
-systemctl restart chrony && systemctl enable chrony
+    timedatectl set-timezone Asia/Shanghai
+    systemctl restart chrony && systemctl enable chrony
+else
+    echo "systemctl 不存在，跳过 chrony 的重启"
+fi
+
+# fix vim 粘贴
+if ! grep -q "set pastetoggle=" ~/.vimrc; then
+    echo "set pastetoggle=" >> ~/.vimrc
+fi

init-docker.sh

@@ -1,17 +1,33 @@
 #!/bin/bash
 
+lsb_dist=$(cat /etc/*release | grep ^ID= | cut -d= -f2) # ubuntu or debian?
+release=$(cat /etc/*release | grep VERSION_CODENAME | cut -d= -f2) #  ubuntu(jammy oracular) debian(bookworm)....
+
 command_exists() {
 	command -v "$@" > /dev/null 2>&1
 }
+is_wsl() {
+	case "$(uname -r)" in
+	*microsoft* ) true ;; # WSL 2
+	*Microsoft* ) true ;; # WSL 1
+	* ) false;;
+	esac
+}
 
-if command_exists docker; then
-  echo "docker 已安装.... 跳过"
-  ( set -x; sleep 5 )
+if is_wsl; then
+  echo "检测到 WSL 环境，建议使用 Docker Desktop."
+  exit 0
+elif command_exists docker; then
+  echo "Docker 已安装.... 跳过安装"
 else
-  curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/docker-install.sh | sh
-fi
+  # docker
+  if [ ! -f /usr/share/keyrings/docker-archive-keyring.gpg ]; then
+      curl -fsSL https://mirrors.martin98.com/repository/docker-ce/linux/$lsb_dist/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+  fi
+  echo "deb [signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.martin98.com/repository/docker-ce/linux/$lsb_dist $release stable" > /etc/apt/sources.list.d/docker.list
 
-cat > /etc/docker/daemon.json <<EOF
+  curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/docker-install.sh | sh
+  cat > /etc/docker/daemon.json <<EOF
 {
     "registry-mirrors": [
         "https://docker.martin98.com",
@@ -20,5 +36,9 @@ cat > /etc/docker/daemon.json <<EOF
     ]
 }
 EOF
-
-sudo systemctl restart docker
+  if pidof systemd >/dev/null 2>&1; then
+      systemctl restart docker
+  else
+      echo "systemctl 不存在，跳过 docker 重启。"
+  fi
+fi

init-git.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# 检查 git 是否安装
+if command -v git > /dev/null 2>&1; then
+    echo "git 已安装，正在配置镜像源..."
+    # 曾经设置过的强制取消
+    git config --global --unset url."https://git-proxy.hk.martin98.com/".insteadOf
+    git config --global url."https://git.mirrors.martin98.com/https://github.com/".insteadOf "https://github.com/"
+    echo "镜像源配置完成。"
+else
+    echo "git 不存在，跳过..."
+fi

init-helm.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# 安装 helm
+curl https://mirrors.martin98.com/repository/helm-apt/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://mirrors.martin98.com/repository/helm-apt/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
+sudo apt-get update
+sudo apt-get install helm
+
+# 添加 helm 镜像
+helm repo remove stable
+helm repo add stable https://mirrors.martin98.com/repository/helm-stable/stable
+helm repo update

init-k3s.sh

@@ -0,0 +1,107 @@
+#!/bin/bash
+
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-apt.sh | bash
+
+current_ip=$(hostname -I | awk '{print $1}')
+
+# 镜像加速
+mkdir /etc/rancher/k3s -p
+
+cat <<EOF > /etc/rancher/k3s/registries.yaml
+mirrors:
+  docker.io:
+    endpoint:
+      - https://docker.martin98.com
+  registry-1.docker.io:
+    endpoint:
+      - https://docker.martin98.com
+  registry.k8s.io:
+    endpoint:
+      - https://docker.martin98.com
+  k8s.gcr.io:
+    endpoint:
+      - https://docker.martin98.com
+  gcr.io:
+    endpoint:
+      - https://docker.martin98.com
+  ghcr.io:
+    endpoint:
+      - https://docker.martin98.com
+  quay.io:
+    endpoint:
+      - https://docker.martin98.com
+EOF
+
+# systemctl restart k3s
+
+# 安装 keepalived
+apt install -y keepalived
+
+# 检查是否为 Master-01
+if [ "$current_ip" == "$master" ]; then
+    state=MASTER
+    priority=100
+else
+    state=BACKUP
+    priority=100
+fi
+
+# 初始化 VIP
+mkdir /etc/keepalived
+cat <<EOF | sudo tee /etc/keepalived/keepalived.conf
+vrrp_instance VI_1 {
+    state $state
+    interface eth0
+    virtual_router_id 51
+    priority $priority
+    advert_int 1
+    virtual_ipaddress {
+        $vip
+    }
+}
+EOF
+
+sudo systemctl restart keepalived
+systemctl status keepalived &
+
+
+
+# 检查是否为 Master-01
+if [ "$current_ip" == "$master" ]; then
+    # 开始部署
+    curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -s - server \
+        --cluster-init \
+        --cluster-cidr $pod_subnet \
+        --service-cidr $service_subnet \
+        --node-external-ip=$vip_ip \
+
+
+    TOKEN=$(cat /var/lib/rancher/k3s/server/node-token)
+    cat <<EOF
+------------------------------------------------------------------------------------
+初始化 master VIP[$state] $current_ip 成功
+
+export pod_subnet=$pod_subnet
+export service_subnet=$service_subnet
+export vip_ip=$vip_ip
+export vip=$vip_ip/16
+export master=$master
+export TOKEN=$TOKEN
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-k3s.sh | bash
+
+------------------------------------------------------------------------------------
+EOF
+
+else
+    curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -s - server \
+      --cluster-cidr $pod_subnet \
+      --service-cidr $service_subnet \
+      --node-external-ip=$vip_ip \
+      --token $TOKEN \
+      --server https://$master:6443
+    watch kubectl get nodes
+fi
+
+
+
+

init-k8s.sh

@@ -0,0 +1,282 @@
+#!/bin/bash
+
+lsb_dist=$(cat /etc/*release | grep ^ID= | cut -d= -f2) # ubuntu or debian?
+release=$(cat /etc/*release | grep VERSION_CODENAME | cut -d= -f2) #  ubuntu(jammy oracular) debian(bookworm)....
+# 默认值
+K8S_RELEASE=${K8S_VERSION:-1.32.3}  # 如果未设置，使用默认值 1.32.3
+K8S_VERSION=${K8S_RELEASE%.*}
+
+CONTAINERD_VERSION=${CONTAINERD_VERSION:-2.0.2}
+CALICO_VERSION=${CALICO_VERSION:-3.29.1}
+MIRRORS=${MIRRORS:-docker.martin98.com/k8s}  # 如果未设置，默认使用集群镜像
+
+# 更新 apt
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-apt.sh | bash
+
+curl -fsSL https://mirrors.martin98.com/repository/docker-ce/linux/$lsb_dist/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+echo "deb [signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.martin98.com/repository/docker-ce/linux/$lsb_dist $release stable" > /etc/apt/sources.list.d/docker.list
+
+curl -fsSL https://mirrors.martin98.com/repository/kubernetes/core/stable/v$K8S_VERSION/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.martin98.com/repository/kubernetes/core/stable/v$K8S_VERSION/deb/ /" > /etc/apt/sources.list.d/kubernetes.list
+
+# k8s 相关环境
+apt update && apt install -y curl apt-transport-https ca-certificates gnupg runc
+
+# 调整内核 关闭 swap
+cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
+overlay
+br_netfilter
+EOF
+cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
+net.bridge.bridge-nf-call-ip6tables = 1
+net.bridge.bridge-nf-call-iptables = 1
+net.ipv4.ip_forward = 1
+EOF
+sudo swapoff -a && sed -i '/swap/d' /etc/fstab && sudo sysctl --system && sudo modprobe overlay && sudo modprobe br_netfilter
+
+# 安装 containerd
+wget https://mirrors.martin98.com/repository/proxy/github.com/containerd/containerd/releases/download/v$CONTAINERD_VERSION/containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz
+tar Cxzvf /usr/local containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz
+rm containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz
+wget https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/containerd/containerd/main/containerd.service
+sudo mv containerd.service /etc/systemd/system/
+sudo systemctl daemon-reload
+sudo systemctl start containerd
+sudo systemctl enable --now containerd
+
+
+# 初始化 containerd 配置
+mkdir "/etc/containerd"
+containerd config default > /etc/containerd/config.toml
+sed -i "s|sandbox = 'registry.k8s.io|sandbox = 'docker.martin98.com/k8s|g" /etc/containerd/config.toml
+sed -ri '0,/(config_path).*/s@(config_path).*@\1 = "/etc/containerd/certs.d"@' /etc/containerd/config.toml
+sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
+
+cat <<EOF >> /etc/crictl.yaml
+runtime-endpoint: unix:///run/containerd/containerd.sock
+image-endpoint: unix:///run/containerd/containerd.sock
+timeout: 10
+debug: true
+EOF
+
+cat <<EOF >> /etc/containerd/config.toml
+[plugins."io.containerd.grpc.v1.cri".registry]
+  config_path = "/etc/containerd/certs.d"
+EOF
+
+# 定义配置目录
+CONFIG_DIR="/etc/containerd/certs.d"
+mkdir -pv "$CONFIG_DIR/docker.io"
+cat <<EOF > "$CONFIG_DIR/docker.io/hosts.toml"
+server = "https://docker.io"
+
+[host."https://docker.martin98.com/v2/docker"]
+  capabilities = ["pull", "resolve"]
+  override_path = true
+EOF
+
+mkdir -pv "$CONFIG_DIR/k8s.gcr.io"
+cat <<EOF > "$CONFIG_DIR/k8s.gcr.io/hosts.toml"
+server = "https://k8s.gcr.io"
+
+[host."https://docker.martin98.com/v2/k8s"]
+  capabilities = ["pull", "resolve"]
+  override_path = true
+EOF
+
+mkdir -pv "$CONFIG_DIR/gcr.io"
+cat <<EOF > "$CONFIG_DIR/gcr.io/hosts.toml"
+server = "https://gcr.io"
+
+[host."https://docker.martin98.com/v2/gcr"]
+  capabilities = ["pull", "resolve"]
+  override_path = true
+EOF
+
+mkdir -pv "$CONFIG_DIR/ghcr.io"
+cat <<EOF > "$CONFIG_DIR/ghcr.io/hosts.toml"
+server = "https://ghcr.io"
+
+[host."https://docker.martin98.com/v2/ghcr"]
+  capabilities = ["pull", "resolve"]
+  override_path = true
+EOF
+
+mkdir -pv "$CONFIG_DIR/quay.io"
+cat <<EOF > "$CONFIG_DIR/quay.io/hosts.toml"
+server = "https://quay.io"
+
+[host."https://docker.martin98.com/v2/quay"]
+  capabilities = ["pull", "resolve"]
+  override_path = true
+EOF
+
+mkdir -pv "$CONFIG_DIR/registry.k8s.io"
+cat <<EOF > "$CONFIG_DIR/registry.k8s.io/hosts.toml"
+server = "https://registry.k8s.io"
+
+[host."https://docker.martin98.com/v2/k8s"]
+  capabilities = ["pull", "resolve"]
+  override_path = true
+EOF
+
+# crictl --debug pull quay.io/k8scsi/csi-resizer:v0.5.0
+sudo systemctl restart containerd && sudo systemctl enable --now containerd
+
+# 安装 kubeadm kubelet kubectl
+apt install -y kubeadm kubelet kubectl && apt-mark hold kubeadm kubelet kubectl
+
+echo 'KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"' > kubeadm-config.yaml
+
+echo "k8s 运行环境安装成功"
+
+# 检查是否 master 节点
+current_ip=$(hostname -I | awk '{print $1}')
+if ! echo "$masters" | grep -qw "$current_ip"; then
+  echo "初始化 worker $current_ip 成功"
+  exit 0
+fi
+# 安装 keepalived haproxy
+apt install -y keepalived
+# 检查是否为 Master-01
+first_master=$(echo $masters | cut -d',' -f1)
+if [ "$current_ip" == "$first_master" ]; then
+    state=MASTER
+    priority=200
+else
+    state=BACKUP
+    priority=100
+fi
+
+# 初始化 VIP
+cat <<EOF | sudo tee /etc/keepalived/keepalived.conf
+vrrp_instance VI_1 {
+    state $state
+    interface eth0
+    virtual_router_id 51
+    priority $priority
+    advert_int 1
+    virtual_ipaddress {
+        $vip
+    }
+}
+EOF
+sudo systemctl restart keepalived
+systemctl status keepalived &
+echo "初始化 master VIP $current_ip 成功"
+
+if [ "$current_ip" != "$first_master" ]; then
+  echo "初始化 master $current_ip 成功"
+  exit 0
+fi
+
+# 配置
+cat <<EOF > kubeadm-config.yaml
+apiVersion: kubeadm.k8s.io/v1beta4
+bootstrapTokens:
+- groups:
+  - system:bootstrappers:kubeadm:default-node-token
+  token: $(openssl rand -hex 3).$(openssl rand -hex 8)
+  ttl: 24h0m0s
+  usages:
+  - signing
+  - authentication
+kind: InitConfiguration
+localAPIEndpoint:
+  advertiseAddress: $(hostname -I | awk '{print $1}')
+  bindPort: 6443
+nodeRegistration:
+  criSocket: unix:///var/run/containerd/containerd.sock
+  imagePullPolicy: IfNotPresent
+  imagePullSerial: true
+  name: $(hostname)
+  taints: null
+timeouts:
+  controlPlaneComponentHealthCheck: 4m0s
+  discovery: 5m0s
+  etcdAPICall: 2m0s
+  kubeletHealthCheck: 4m0s
+  kubernetesAPICall: 1m0s
+  tlsBootstrap: 5m0s
+  upgradeManifests: 5m0s
+---
+apiServer: {}
+apiVersion: kubeadm.k8s.io/v1beta4
+caCertificateValidityPeriod: 87600h0m0s
+certificateValidityPeriod: 8760h0m0s
+certificatesDir: /etc/kubernetes/pki
+clusterName: kubernetes
+controlPlaneEndpoint: "$vip_ip:6443"
+controllerManager: {}
+dns:
+  imageRepository: $MIRRORS/coredns
+encryptionAlgorithm: RSA-2048
+etcd:
+  local:
+    dataDir: /var/lib/etcd
+imageRepository: $MIRRORS
+kind: ClusterConfiguration
+kubernetesVersion: "$K8S_RELEASE"
+networking:
+  dnsDomain: cluster.local
+  podSubnet: $pod_subnet
+  serviceSubnet: $service_subnet
+proxy: {}
+scheduler: {}
+EOF
+
+# 开始安装
+kubeadm init --config=kubeadm-config.yaml --upload-certs --v=9
+kubectl get nodes
+
+echo "初始化 master $current_ip 成功，开始配置网络"
+
+# 配置
+mkdir -p $HOME/.kube
+sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+sudo chown $(id -u):$(id -g) $HOME/.kube/config
+export KUBECONFIG=/etc/kubernetes/admin.conf
+
+# 安装 operator
+kubectl create -f https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/tigera-operator.yaml
+sleep 5
+kubectl wait --for=condition=Ready pods --all -n tigera-operator --timeout=300s
+echo "初始化 master $current_ip operator 成功"
+# 安装 calico
+curl https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/custom-resources.yaml -O
+sed -i "s|\(cidr: \).*|\1$pod_subnet|" custom-resources.yaml
+kubectl create -f custom-resources.yaml
+sleep 5
+kubectl wait --for=condition=Ready pods --all -n calico-system --timeout=300s
+kubectl wait --for=condition=Ready pods --all -n calico-apiserver --timeout=300s
+echo "初始化 master $current_ip calico 成功"
+
+kubectl get nodes
+
+OUTPUT=$(kubeadm token create --print-join-command)
+
+# 提取 token 和 discovery-token-ca-cert-hash
+TOKEN=$(echo "$OUTPUT" | grep -oP 'token \K[\w.]+')
+TOKEN_HASH=$(echo "$OUTPUT" | grep -oP 'discovery-token-ca-cert-hash \K.*')
+CERTS=$(kubeadm init phase upload-certs --upload-certs | sed -n '$p')
+
+cat <<EOF
+------------------------------------------------------------------------------------
+初始化 master $current_ip 成功
+$OUTPUT
+
+# master 加入
+kubeadm join $vip_ip:6443 \\
+  --token $TOKEN \\
+  --discovery-token-ca-cert-hash $TOKEN_HASH \\
+  --control-plane --certificate-key $CERTS
+
+# worker 加入
+kubeadm join $vip_ip:6443 \\
+  --token $TOKEN \\
+  --discovery-token-ca-cert-hash $TOKEN_HASH
+
+------------------------------------------------------------------------------------
+EOF
+
+kubectl get nodes

init-npm.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# 检查 npm 是否安装
+
+if command -v npm > /dev/null 2>&1; then
+    echo "npm 已安装，正在配置镜像源..."
+    npm config set registry https://mirrors.martin98.com/repository/npm-group/
+    echo "镜像源配置完成。"
+else
+    echo "npm 不存在，跳过..."
+fi

init-pip.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# 检查 pip 是否安装
+if command -v pip > /dev/null 2>&1; then
+    echo "pip 已安装，正在配置镜像源..."
+    pip config set global.index-url https://mirrors.martin98.com/repository/pypi-group/simple
+    echo "镜像源配置完成。"
+else
+    echo "pip 不存在，跳过..."
+fi