[+] 更新 k3s 源

[-] 已安装docker的不执行重启

.gitea/workflows/docker.yaml

@@ -14,9 +14,9 @@ jobs:
       - name: Log in to Docker Hub
         uses: https://git.martin98.com/actions/login-action.git@v3
         with:
-          registry: ${{ vars.DOCKER_HUB }}
-          username: ${{ vars.DOCKER_USERNAME }}
-          password: ${{ vars.DOCKER_PASSWORD }}
+          registry: ${{ vars.GIT_IMAGE_URL }}
+          username: ${{ vars.GIT_IMAGE_USERNAME }}
+          password: ${{ vars.GIT_IMAGE_PASSWORD }}
 
       - name: Build and push
         uses: https://git.martin98.com/actions/build-push-action.git@v4
@@ -25,5 +25,5 @@ jobs:
           platforms: linux/amd64
           push: true
           tags: |
-            docker.martin98.com/martin_farm/init:latest
-            docker.martin98.com/martin_farm/init:${{ github.sha }}
+            git.martin98.com/martinfarm/init:latest
+            git.martin98.com/martinfarm/init:${{ github.sha }}

README.md

@@ -17,6 +17,11 @@ curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-git.sh |
 curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-all.sh | bash
 ```
 
+### 清理磁盘
+```bash
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/clean.sh | bash
+```
+
 #### Python 镜像源配置测试
 
 ```bash
@@ -29,23 +34,15 @@ pip config set global.index-url https://mirrors.martin98.com/repository/pypi-gro
 npm config set registry https://mirrors.martin98.com/repository/npm-group/
 ```
 
-#### dockerfile
+#### Rust(cargo 版本 >=1.68)
+linux:
+    ~/.cargo/config
+Windows:
+    %USERPROFILE%\.cargo\config
+```toml
+[source.crates-io]
+replace-with = 'mirrors'
 
-```bash
-COPY --from=docker.martin98.com/martin_farm/init:latest /scripts /scripts
-RUN /scripts/init-apt.sh
-```
-
-#### APT 镜像源配置测试
-
-```bash
-docker compose run debian ./init-all.sh
-```
-
-```bash
-docker compose run ubuntu ./init-all.sh
-```
-
-```bash
-docker compose run ubuntu-2204 ./init-all.sh
+[source.mirrors]
+registry = "sparse+https://mirrors.martin98.com/repository/rust/"
 ```

README_k8s.md

@@ -0,0 +1,107 @@
+## k3s
+> https://docs.k3s.io/zh/quick-start
+```bash
+curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -
+```
+
+## k8s 快速部署
+```bash
+# 网段配置
+export pod_subnet=10.101.0.0/16
+export service_subnet=10.100.0.0/16
+# 配置 高可用 VIP
+export vip_ip=10.1.3.100
+export vip=$vip_ip/16
+export masters=10.1.3.101,10.1.3.102,10.1.3.103
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-k8s.sh | bash
+
+# master 节点更新 helm 相关
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-helm.sh | bash
+```
+
+### 其他说明
+```bash
+# 拉取镜像失败可能导致节点不正常
+systemctl restart kubelet
+systemctl restart containerd  # 或 docker
+
+# 当前默认值
+export K8S_VERSION=1.32
+export CONTAINERD_VERSION=2.0.2
+export CALICO_VERSION=3.29.1
+export MIRRORS=docker.martin98.com/k8s
+```
+
+### 初始化 单 master 节点(不要配置 masters 只需要配置网段)
+```bash
+cat <<EOF > kubeadm-config.yaml
+apiVersion: kubeadm.k8s.io/v1beta4
+bootstrapTokens:
+- groups:
+  - system:bootstrappers:kubeadm:default-node-token
+  token: $(openssl rand -hex 3).$(openssl rand -hex 8)
+  ttl: 24h0m0s
+  usages:
+  - signing
+  - authentication
+kind: InitConfiguration
+localAPIEndpoint:
+  advertiseAddress: $(hostname -I | awk '{print $1}')
+  bindPort: 6443
+nodeRegistration:
+  criSocket: unix:///var/run/containerd/containerd.sock
+  imagePullPolicy: IfNotPresent
+  imagePullSerial: true
+  name: $(hostname)
+  taints: null
+timeouts:
+  controlPlaneComponentHealthCheck: 4m0s
+  discovery: 5m0s
+  etcdAPICall: 2m0s
+  kubeletHealthCheck: 4m0s
+  kubernetesAPICall: 1m0s
+  tlsBootstrap: 5m0s
+  upgradeManifests: 5m0s
+---
+apiServer: {}
+apiVersion: kubeadm.k8s.io/v1beta4
+caCertificateValidityPeriod: 87600h0m0s
+certificateValidityPeriod: 8760h0m0s
+certificatesDir: /etc/kubernetes/pki
+clusterName: kubernetes
+controllerManager: {}
+dns: 
+  imageRepository: $mirrors/coredns
+encryptionAlgorithm: RSA-2048
+etcd:
+  local:
+    dataDir: /var/lib/etcd
+imageRepository: $mirrors
+kind: ClusterConfiguration
+kubernetesVersion: $k8s_version
+networking:
+  dnsDomain: cluster.local
+  podSubnet: $pod_subnet
+  serviceSubnet: $service_subnet
+proxy: {}
+scheduler: {}
+EOF
+
+# 开始安装
+kubeadm init --config=kubeadm-config.yaml --upload-certs --v=9
+# 配置
+mkdir -p $HOME/.kube
+sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+sudo chown $(id -u):$(id -g) $HOME/.kube/config
+export KUBECONFIG=/etc/kubernetes/admin.conf
+
+# 安装 operator
+kubectl create -f https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/tigera-operator.yaml
+kubectl wait --for=condition=Ready pods --all -n tigera-operator --timeout=300s
+# 安装 calico
+curl https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/custom-resources.yaml -O
+sed -i "s|\(cidr: \).*|\1$pod_subnet|" custom-resources.yaml
+kubectl create -f custom-resources.yaml
+kubectl wait --for=condition=Ready pods --all -n calico-system --timeout=300s
+kubectl wait --for=condition=Ready pods --all -n calico-apiserver --timeout=300s
+```

clean.sh

@@ -0,0 +1,44 @@
+# 列出磁盘空间
+df -h
+# 清理 apt
+sudo apt-get autoremove -y
+sudo apt-get autoclean -y
+sudo apt-get clean -y
+# 清理 docker
+docker system prune -a -f --volumes
+# 清理日志
+sudo journalctl --vacuum-size=10M
+# 列出清理后容器大小
+docker ps -a --format "{{.ID}}\t{{.Image}}\t{{.Size}}"
+docker images --format "{{.Repository}}:{{.Tag}}\t{{.Size}}"
+
+# 查看占用磁盘
+# du -ah -d 1 /
+
+if [ -d "/root/act_runner" ] && docker images | grep -q "docker.martin98.com/library/gitea/act_runner"; then
+    echo "清理 act_runner"
+    docker volume rm act-toolcache
+    cd /root/act_runner
+    sh run.sh
+fi
+
+if [ -d "/root/git-proxy" ] && docker images | grep -q "docker.martin98.com/library/hunsh/gh-proxy-py:latest"; then
+    echo "清理 git-proxy"
+    cd /root/git-proxy
+    sh restart.sh
+fi
+
+if [ -d "/root/registry" ] && docker images | grep -q "registry"; then
+    echo "清理 registry"
+    cd /root/registry
+    sh restart.sh
+fi
+
+if [ -d "/root/registry" ] && docker ps --format '{{.ID}} {{.Image}}' | grep -q 'traefik'; then
+    echo "清理 Traefik"
+    container_id=$(docker ps --format '{{.ID}} {{.Image}}' | grep 'traefik' | awk '{print $1}')
+    docker exec -it $container_id sh -c "rm -rf /tmp/*"
+fi
+
+# 列出磁盘空间
+df -h

init-all.sh

@@ -13,6 +13,7 @@ download_and_run() {
         fi
     fi
     bash "$filename"
+    rm "$filename"
 }
 
 

init-apt.sh

@@ -1,55 +1,44 @@
 #!/bin/bash
 
 APT_OPTIONS="-o Acquire::https::mirrors.martin98.com::Verify-Peer=false -o Acquire::https::mirrors.martin98.com::Verify-Host=false"
+lsb_dist=$(cat /etc/*release | grep ^ID= | cut -d= -f2) # ubuntu or debian?
+release=$(cat /etc/*release | grep VERSION_CODENAME | cut -d= -f2) #  ubuntu(jammy oracular) debian(bookworm)....
+components=$([ "${lsb_dist=}" = "debian" ] && echo "main contrib non-free non-free-firmware" || ([ "${lsb_dist=}" = "ubuntu" ] && echo "main restricted universe multiverse"))
 
-type=$(cat /etc/*release | grep ^ID= | cut -d= -f2)
-release=$(cat /etc/*release | grep VERSION_CODENAME | cut -d= -f2)
-components=$([ "${type}" = "debian" ] && echo "main contrib non-free non-free-firmware" || ([ "${type}" = "ubuntu" ] && echo "main restricted universe multiverse"))
-
-# DEB822 格式
-# docker.martin98.com/library/ubuntu:latest
-# docker.martin98.com/library/debian:latest
-if [ -f /etc/apt/sources.list.d/${type}.sources ]; then
-    cat > /etc/apt/sources.list.d/${type}.sources <<EOF
-$(for suite in ${release} ${release}-updates ${release}-backports; do
-  echo "Types: deb"
-  echo "URIs: https://mirrors.martin98.com/repository/${type}-tsinghua-${suite}/"
-  echo "Suites: $suite"
-  echo "Components: ${components}"
-  echo "Signed-By: /usr/share/keyrings/${type}-archive-keyring.gpg"
-  echo
-done)
-EOF
-# 传统格式
-# docker.martin98.com/library/ubuntu:22.04
-elif [ -f /etc/apt/sources.list ]; then
-    cat > /etc/apt/sources.list <<EOF
-$(for suite in ${release} ${release}-updates ${release}-backports; do
-  echo "deb https://mirrors.martin98.com/repository/${type}-tsinghua-${suite}/ ${suite} ${components}"
-done)
-EOF
-else
-    echo "没有找到合适的源"
-    exit 1
+# 删除 DEB822 格式
+if [ -f /etc/apt/sources.list.d/${lsb_dist}.sources ]; then
+  rm /etc/apt/sources.list.d/${lsb_dist}.sources
 fi
+# 配置镜像源
+cat <<EOF > /etc/apt/sources.list
+deb https://mirrors.martin98.com/repository/$lsb_dist $release $components
+deb https://mirrors.martin98.com/repository/$lsb_dist $release-updates $components
+deb https://mirrors.martin98.com/repository/$lsb_dist $release-backports $components
+deb https://mirrors.martin98.com/repository/$lsb_dist $release-security $components
+EOF
 
+for RELEASE in "$@"; do
+    echo "deb https://mirrors.martin98.com/repository/$lsb_dist $RELEASE $components" >> /etc/apt/sources.list
+done
+
+
+# 关闭交互式弹窗
 echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
-# 更新证书
+
 apt update $APT_OPTIONS && apt install $APT_OPTIONS -y ca-certificates curl && update-ca-certificates
 apt update && apt upgrade -y
 
-
 # NTP
 # 启用阿里云 ntp
-apt install chrony -y
-cat > /etc/chrony.conf <<EOF
+if pidof systemd >/dev/null 2>&1; then
+    apt install chrony -y
+    cat > /etc/chrony.conf <<EOF
 server ntp4.aliyun.com minpoll 4 maxpoll 10 iburst
 server ntp5.aliyun.com iburst
 driftfile /var/lib/chrony/drift
 allow 127.0.0.1
 EOF
-
-if pidof systemd >/dev/null 2>&1; then
+    timedatectl set-timezone Asia/Shanghai
     systemctl restart chrony && systemctl enable chrony
 else
     echo "systemctl 不存在，跳过 chrony 的重启"

init-docker.sh

@@ -1,5 +1,8 @@
 #!/bin/bash
 
+lsb_dist=$(cat /etc/*release | grep ^ID= | cut -d= -f2) # ubuntu or debian?
+release=$(cat /etc/*release | grep VERSION_CODENAME | cut -d= -f2) #  ubuntu(jammy oracular) debian(bookworm)....
+
 command_exists() {
 	command -v "$@" > /dev/null 2>&1
 }
@@ -17,10 +20,14 @@ if is_wsl; then
 elif command_exists docker; then
   echo "Docker 已安装.... 跳过安装"
 else
-  curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/docker-install.sh | sh
-fi
+  # docker
+  if [ ! -f /usr/share/keyrings/docker-archive-keyring.gpg ]; then
+      curl -fsSL https://mirrors.martin98.com/repository/docker-ce/linux/$lsb_dist/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+  fi
+  echo "deb [signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.martin98.com/repository/docker-ce/linux/$lsb_dist $release stable" > /etc/apt/sources.list.d/docker.list
 
-cat > /etc/docker/daemon.json <<EOF
+  curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/docker-install.sh | sh
+  cat > /etc/docker/daemon.json <<EOF
 {
     "registry-mirrors": [
         "https://docker.martin98.com",
@@ -29,9 +36,9 @@ cat > /etc/docker/daemon.json <<EOF
     ]
 }
 EOF
-
-if pidof systemd >/dev/null 2>&1; then
-    systemctl restart docker
-else
-    echo "systemctl 不存在，跳过 docker 重启。"
-fi
+  if pidof systemd >/dev/null 2>&1; then
+      systemctl restart docker
+  else
+      echo "systemctl 不存在，跳过 docker 重启。"
+  fi
+fi

init-git.sh

@@ -3,7 +3,9 @@
 # 检查 git 是否安装
 if command -v git > /dev/null 2>&1; then
     echo "git 已安装，正在配置镜像源..."
-    git config --global url."https://git-proxy.hk.martin98.com/".insteadOf "https://"
+    # 曾经设置过的强制取消
+    git config --global --unset url."https://git-proxy.hk.martin98.com/".insteadOf
+    git config --global url."https://git.mirrors.martin98.com/https://github.com/".insteadOf "https://github.com/"
     echo "镜像源配置完成。"
 else
     echo "git 不存在，跳过..."

init-helm.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# 安装 helm
+curl https://mirrors.martin98.com/repository/helm-apt/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://mirrors.martin98.com/repository/helm-apt/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
+sudo apt-get update
+sudo apt-get install helm
+
+# 添加 helm 镜像
+helm repo remove stable
+helm repo add stable https://mirrors.martin98.com/repository/helm-stable/stable
+helm repo update

init-k3s.sh

@@ -0,0 +1,107 @@
+#!/bin/bash
+
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-apt.sh | bash
+
+current_ip=$(hostname -I | awk '{print $1}')
+
+# 镜像加速
+mkdir /etc/rancher/k3s -p
+
+cat <<EOF > /etc/rancher/k3s/registries.yaml
+mirrors:
+  docker.io:
+    endpoint:
+      - https://docker.martin98.com
+  registry-1.docker.io:
+    endpoint:
+      - https://docker.martin98.com
+  registry.k8s.io:
+    endpoint:
+      - https://docker.martin98.com
+  k8s.gcr.io:
+    endpoint:
+      - https://docker.martin98.com
+  gcr.io:
+    endpoint:
+      - https://docker.martin98.com
+  ghcr.io:
+    endpoint:
+      - https://docker.martin98.com
+  quay.io:
+    endpoint:
+      - https://docker.martin98.com
+EOF
+
+# systemctl restart k3s
+
+# 安装 keepalived
+apt install -y keepalived
+
+# 检查是否为 Master-01
+if [ "$current_ip" == "$master" ]; then
+    state=MASTER
+    priority=100
+else
+    state=BACKUP
+    priority=100
+fi
+
+# 初始化 VIP
+mkdir /etc/keepalived
+cat <<EOF | sudo tee /etc/keepalived/keepalived.conf
+vrrp_instance VI_1 {
+    state $state
+    interface eth0
+    virtual_router_id 51
+    priority $priority
+    advert_int 1
+    virtual_ipaddress {
+        $vip
+    }
+}
+EOF
+
+sudo systemctl restart keepalived
+systemctl status keepalived &
+
+
+
+# 检查是否为 Master-01
+if [ "$current_ip" == "$master" ]; then
+    # 开始部署
+    curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -s - server \
+        --cluster-init \
+        --cluster-cidr $pod_subnet \
+        --service-cidr $service_subnet \
+        --node-external-ip=$vip_ip \
+
+
+    TOKEN=$(cat /var/lib/rancher/k3s/server/node-token)
+    cat <<EOF
+------------------------------------------------------------------------------------
+初始化 master VIP[$state] $current_ip 成功
+
+export pod_subnet=$pod_subnet
+export service_subnet=$service_subnet
+export vip_ip=$vip_ip
+export vip=$vip_ip/16
+export master=$master
+export TOKEN=$TOKEN
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-k3s.sh | bash
+
+------------------------------------------------------------------------------------
+EOF
+
+else
+    curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -s - server \
+      --cluster-cidr $pod_subnet \
+      --service-cidr $service_subnet \
+      --node-external-ip=$vip_ip \
+      --token $TOKEN \
+      --server https://$master:6443
+    watch kubectl get nodes
+fi
+
+
+
+

init-k8s.sh

@@ -0,0 +1,282 @@
+#!/bin/bash
+
+lsb_dist=$(cat /etc/*release | grep ^ID= | cut -d= -f2) # ubuntu or debian?
+release=$(cat /etc/*release | grep VERSION_CODENAME | cut -d= -f2) #  ubuntu(jammy oracular) debian(bookworm)....
+# 默认值
+K8S_RELEASE=${K8S_VERSION:-1.32.3}  # 如果未设置，使用默认值 1.32.3
+K8S_VERSION=${K8S_RELEASE%.*}
+
+CONTAINERD_VERSION=${CONTAINERD_VERSION:-2.0.2}
+CALICO_VERSION=${CALICO_VERSION:-3.29.1}
+MIRRORS=${MIRRORS:-docker.martin98.com/k8s}  # 如果未设置，默认使用集群镜像
+
+# 更新 apt
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-apt.sh | bash
+
+curl -fsSL https://mirrors.martin98.com/repository/docker-ce/linux/$lsb_dist/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+echo "deb [signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.martin98.com/repository/docker-ce/linux/$lsb_dist $release stable" > /etc/apt/sources.list.d/docker.list
+
+curl -fsSL https://mirrors.martin98.com/repository/kubernetes/core/stable/v$K8S_VERSION/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.martin98.com/repository/kubernetes/core/stable/v$K8S_VERSION/deb/ /" > /etc/apt/sources.list.d/kubernetes.list
+
+# k8s 相关环境
+apt update && apt install -y curl apt-transport-https ca-certificates gnupg runc
+
+# 调整内核 关闭 swap
+cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
+overlay
+br_netfilter
+EOF
+cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
+net.bridge.bridge-nf-call-ip6tables = 1
+net.bridge.bridge-nf-call-iptables = 1
+net.ipv4.ip_forward = 1
+EOF
+sudo swapoff -a && sed -i '/swap/d' /etc/fstab && sudo sysctl --system && sudo modprobe overlay && sudo modprobe br_netfilter
+
+# 安装 containerd
+wget https://mirrors.martin98.com/repository/proxy/github.com/containerd/containerd/releases/download/v$CONTAINERD_VERSION/containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz
+tar Cxzvf /usr/local containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz
+rm containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz
+wget https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/containerd/containerd/main/containerd.service
+sudo mv containerd.service /etc/systemd/system/
+sudo systemctl daemon-reload
+sudo systemctl start containerd
+sudo systemctl enable --now containerd
+
+
+# 初始化 containerd 配置
+mkdir "/etc/containerd"
+containerd config default > /etc/containerd/config.toml
+sed -i "s|sandbox = 'registry.k8s.io|sandbox = 'docker.martin98.com/k8s|g" /etc/containerd/config.toml
+sed -ri '0,/(config_path).*/s@(config_path).*@\1 = "/etc/containerd/certs.d"@' /etc/containerd/config.toml
+sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
+
+cat <<EOF >> /etc/crictl.yaml
+runtime-endpoint: unix:///run/containerd/containerd.sock
+image-endpoint: unix:///run/containerd/containerd.sock
+timeout: 10
+debug: true
+EOF
+
+cat <<EOF >> /etc/containerd/config.toml
+[plugins."io.containerd.grpc.v1.cri".registry]
+  config_path = "/etc/containerd/certs.d"
+EOF
+
+# 定义配置目录
+CONFIG_DIR="/etc/containerd/certs.d"
+mkdir -pv "$CONFIG_DIR/docker.io"
+cat <<EOF > "$CONFIG_DIR/docker.io/hosts.toml"
+server = "https://docker.io"
+
+[host."https://docker.martin98.com/v2/docker"]
+  capabilities = ["pull", "resolve"]
+  override_path = true
+EOF
+
+mkdir -pv "$CONFIG_DIR/k8s.gcr.io"
+cat <<EOF > "$CONFIG_DIR/k8s.gcr.io/hosts.toml"
+server = "https://k8s.gcr.io"
+
+[host."https://docker.martin98.com/v2/k8s"]
+  capabilities = ["pull", "resolve"]
+  override_path = true
+EOF
+
+mkdir -pv "$CONFIG_DIR/gcr.io"
+cat <<EOF > "$CONFIG_DIR/gcr.io/hosts.toml"
+server = "https://gcr.io"
+
+[host."https://docker.martin98.com/v2/gcr"]
+  capabilities = ["pull", "resolve"]
+  override_path = true
+EOF
+
+mkdir -pv "$CONFIG_DIR/ghcr.io"
+cat <<EOF > "$CONFIG_DIR/ghcr.io/hosts.toml"
+server = "https://ghcr.io"
+
+[host."https://docker.martin98.com/v2/ghcr"]
+  capabilities = ["pull", "resolve"]
+  override_path = true
+EOF
+
+mkdir -pv "$CONFIG_DIR/quay.io"
+cat <<EOF > "$CONFIG_DIR/quay.io/hosts.toml"
+server = "https://quay.io"
+
+[host."https://docker.martin98.com/v2/quay"]
+  capabilities = ["pull", "resolve"]
+  override_path = true
+EOF
+
+mkdir -pv "$CONFIG_DIR/registry.k8s.io"
+cat <<EOF > "$CONFIG_DIR/registry.k8s.io/hosts.toml"
+server = "https://registry.k8s.io"
+
+[host."https://docker.martin98.com/v2/k8s"]
+  capabilities = ["pull", "resolve"]
+  override_path = true
+EOF
+
+# crictl --debug pull quay.io/k8scsi/csi-resizer:v0.5.0
+sudo systemctl restart containerd && sudo systemctl enable --now containerd
+
+# 安装 kubeadm kubelet kubectl
+apt install -y kubeadm kubelet kubectl && apt-mark hold kubeadm kubelet kubectl
+
+echo 'KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"' > kubeadm-config.yaml
+
+echo "k8s 运行环境安装成功"
+
+# 检查是否 master 节点
+current_ip=$(hostname -I | awk '{print $1}')
+if ! echo "$masters" | grep -qw "$current_ip"; then
+  echo "初始化 worker $current_ip 成功"
+  exit 0
+fi
+# 安装 keepalived haproxy
+apt install -y keepalived
+# 检查是否为 Master-01
+first_master=$(echo $masters | cut -d',' -f1)
+if [ "$current_ip" == "$first_master" ]; then
+    state=MASTER
+    priority=200
+else
+    state=BACKUP
+    priority=100
+fi
+
+# 初始化 VIP
+cat <<EOF | sudo tee /etc/keepalived/keepalived.conf
+vrrp_instance VI_1 {
+    state $state
+    interface eth0
+    virtual_router_id 51
+    priority $priority
+    advert_int 1
+    virtual_ipaddress {
+        $vip
+    }
+}
+EOF
+sudo systemctl restart keepalived
+systemctl status keepalived &
+echo "初始化 master VIP $current_ip 成功"
+
+if [ "$current_ip" != "$first_master" ]; then
+  echo "初始化 master $current_ip 成功"
+  exit 0
+fi
+
+# 配置
+cat <<EOF > kubeadm-config.yaml
+apiVersion: kubeadm.k8s.io/v1beta4
+bootstrapTokens:
+- groups:
+  - system:bootstrappers:kubeadm:default-node-token
+  token: $(openssl rand -hex 3).$(openssl rand -hex 8)
+  ttl: 24h0m0s
+  usages:
+  - signing
+  - authentication
+kind: InitConfiguration
+localAPIEndpoint:
+  advertiseAddress: $(hostname -I | awk '{print $1}')
+  bindPort: 6443
+nodeRegistration:
+  criSocket: unix:///var/run/containerd/containerd.sock
+  imagePullPolicy: IfNotPresent
+  imagePullSerial: true
+  name: $(hostname)
+  taints: null
+timeouts:
+  controlPlaneComponentHealthCheck: 4m0s
+  discovery: 5m0s
+  etcdAPICall: 2m0s
+  kubeletHealthCheck: 4m0s
+  kubernetesAPICall: 1m0s
+  tlsBootstrap: 5m0s
+  upgradeManifests: 5m0s
+---
+apiServer: {}
+apiVersion: kubeadm.k8s.io/v1beta4
+caCertificateValidityPeriod: 87600h0m0s
+certificateValidityPeriod: 8760h0m0s
+certificatesDir: /etc/kubernetes/pki
+clusterName: kubernetes
+controlPlaneEndpoint: "$vip_ip:6443"
+controllerManager: {}
+dns:
+  imageRepository: $MIRRORS/coredns
+encryptionAlgorithm: RSA-2048
+etcd:
+  local:
+    dataDir: /var/lib/etcd
+imageRepository: $MIRRORS
+kind: ClusterConfiguration
+kubernetesVersion: "$K8S_RELEASE"
+networking:
+  dnsDomain: cluster.local
+  podSubnet: $pod_subnet
+  serviceSubnet: $service_subnet
+proxy: {}
+scheduler: {}
+EOF
+
+# 开始安装
+kubeadm init --config=kubeadm-config.yaml --upload-certs --v=9
+kubectl get nodes
+
+echo "初始化 master $current_ip 成功，开始配置网络"
+
+# 配置
+mkdir -p $HOME/.kube
+sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+sudo chown $(id -u):$(id -g) $HOME/.kube/config
+export KUBECONFIG=/etc/kubernetes/admin.conf
+
+# 安装 operator
+kubectl create -f https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/tigera-operator.yaml
+sleep 5
+kubectl wait --for=condition=Ready pods --all -n tigera-operator --timeout=300s
+echo "初始化 master $current_ip operator 成功"
+# 安装 calico
+curl https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/custom-resources.yaml -O
+sed -i "s|\(cidr: \).*|\1$pod_subnet|" custom-resources.yaml
+kubectl create -f custom-resources.yaml
+sleep 5
+kubectl wait --for=condition=Ready pods --all -n calico-system --timeout=300s
+kubectl wait --for=condition=Ready pods --all -n calico-apiserver --timeout=300s
+echo "初始化 master $current_ip calico 成功"
+
+kubectl get nodes
+
+OUTPUT=$(kubeadm token create --print-join-command)
+
+# 提取 token 和 discovery-token-ca-cert-hash
+TOKEN=$(echo "$OUTPUT" | grep -oP 'token \K[\w.]+')
+TOKEN_HASH=$(echo "$OUTPUT" | grep -oP 'discovery-token-ca-cert-hash \K.*')
+CERTS=$(kubeadm init phase upload-certs --upload-certs | sed -n '$p')
+
+cat <<EOF
+------------------------------------------------------------------------------------
+初始化 master $current_ip 成功
+$OUTPUT
+
+# master 加入
+kubeadm join $vip_ip:6443 \\
+  --token $TOKEN \\
+  --discovery-token-ca-cert-hash $TOKEN_HASH \\
+  --control-plane --certificate-key $CERTS
+
+# worker 加入
+kubeadm join $vip_ip:6443 \\
+  --token $TOKEN \\
+  --discovery-token-ca-cert-hash $TOKEN_HASH
+
+------------------------------------------------------------------------------------
+EOF
+
+kubectl get nodes