From 27c048a1dbfbd92b76455080168862768788444b Mon Sep 17 00:00:00 2001
From: Haitao Pan <manbuzhe2009@qq.com>
Date: Fri, 22 Aug 2025 16:13:29 +0800
Subject: [PATCH] merged: sealos-install.sh

---
 scripts/cilium-values.yaml |  2 +
 scripts/gpu-k8s.sh         | 28 +++++---------
 scripts/sealos-install.sh  | 76 +++++++++++++++++++++++++++-----------
 3 files changed, 66 insertions(+), 40 deletions(-)

diff --git a/scripts/cilium-values.yaml b/scripts/cilium-values.yaml
index f7b5d3e..0695931 100644
--- a/scripts/cilium-values.yaml
+++ b/scripts/cilium-values.yaml
@@ -12,6 +12,8 @@ externalIPs:
 hostServices:
   enabled: true
 enableIPv4Masquerade: true
+hubble:
+  enabled: false
 envoy:
   enabled: false
 operator:
diff --git a/scripts/gpu-k8s.sh b/scripts/gpu-k8s.sh
index 6d8c1fd..30bd958 100644
--- a/scripts/gpu-k8s.sh
+++ b/scripts/gpu-k8s.sh
@@ -105,9 +105,15 @@ install_base() {
   echo "[1/8] 安装基础依赖"
   install_all_offline_packages || {
     sudo apt-get update -y
-    sudo apt-get install -y curl gnupg2 ca-certificates lsb-release \
-      apt-transport-https software-properties-common openssh-client \
-      openssh-server uidmap containerd ${NVIDIA_DRIVER_VERSION} nvidia-container-toolkit
+    sudo apt-get install -y curl \
+        gnupg2 \
+        lsb-release \
+        openssh-client \
+        openssh-server \
+        ca-certificates \
+        apt-transport-https \
+        software-properties-common \
+        uidmap ${NVIDIA_DRIVER_VERSION} nvidia-container-toolkit
   }
 }
 
@@ -198,22 +204,6 @@ deploy_k8s() {
 
 
 deploy_plugin() {
-  echo "[7/8] 部署 NVIDIA Device Plugin"
-  local plugin_file="${OFFLINE_DIR}/nvidia-device-plugin.yml"
-  if [ -f "$plugin_file" ]; then
-    kubectl apply -f "$plugin_file"
-  else
-    plugin_url="https://raw.githubusercontent.com/NVIDIA/k8s-device-plugin/${NVIDIA_PLUGIN_VERSION}/deployments/static/nvidia-device-plugin.yml"
-    if [ "$USE_PROXY" = true ]; then
-      HTTPS_PROXY=$PROXY_ADDR HTTP_PROXY=$PROXY_ADDR \
-      kubectl apply -f "$plugin_url"
-    else
-      kubectl apply -f "$plugin_url"
-    fi
-  fi
-  sleep 15
-  kubectl -n kube-system get pods | grep nvidia || echo "⚠️ 插件未启动"
-  kubectl describe node | grep -A10 Capacity | grep -i nvidia
 }
 
 run_test() {
diff --git a/scripts/sealos-install.sh b/scripts/sealos-install.sh
index 1dd3eb1..bad4734 100755
--- a/scripts/sealos-install.sh
+++ b/scripts/sealos-install.sh
@@ -1,35 +1,69 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -euo pipefail
 
-# Install sealos binaries
-if [ -f "sealos_5.0.1_linux_amd64.tar.gz" ]; then
+########################################
+# Config (可用环境变量覆盖)
+########################################
+MASTER_IP="${MASTER_IP:-${NodeIP:-192.168.124.77}}"
+MASTER_USER="${MASTER_USER:-root}"
+MASTER_SSH_KEY="${MASTER_SSH_KEY:-/root/.ssh/id_rsa}"
+
+K8S_VERSION="${K8S_VERSION:-v1.29.9}"      # 也可改成 v1.30.x
+HELM_APP_VERSION="${HELM_APP_VERSION:-v3.16.2}"
+CILIUM_CHART_VERSION="${CILIUM_CHART_VERSION:-1.18.1}"
+CILIUM_VALUES_FILE="${CILIUM_VALUES_FILE:-cilium-values.yaml}"
+
+IMAGES_TAR="${IMAGES_TAR:-images/sealos-images.tar}"
+
+########################################
+# 可选：安装 sealos 二进制（离线包）
+########################################
+if [[ -f "sealos_5.0.1_linux_amd64.tar.gz" ]]; then
   tar -xpvf sealos_5.0.1_linux_amd64.tar.gz
-  cp sealos sealctl image-cri-shim /usr/local/bin/
-  if [ -f nerdctl ]; then
-    cp nerdctl /usr/local/bin/
-  fi
+  install -m 0755 sealos /usr/local/bin/sealos
+  install -m 0755 sealctl /usr/local/bin/ || true
+  install -m 0755 image-cri-shim /usr/local/bin/ || true
+  [[ -f nerdctl ]] && install -m 0755 nerdctl /usr/local/bin/ || true
 fi
 
-# Load pre-packaged images if present
-if [ -f "images/sealos-images.tar" ]; then
+########################################
+# 预加载镜像（可选）
+########################################
+if [[ -f "$IMAGES_TAR" ]]; then
   if command -v sealos >/dev/null 2>&1; then
-    sealos load -i images/sealos-images.tar || true
+    sealos load -i "$IMAGES_TAR" || true
   elif command -v docker >/dev/null 2>&1; then
-    docker load -i images/sealos-images.tar || true
+    docker load -i "$IMAGES_TAR" || true
   fi
 fi
 
-sealos run labring/kubernetes:v1.30.1 \
-           labring/cilium:v1.18.1 \
-           labring/helm:v3.16.2 \
-           --masters "${NodeIP}" \
-           --user root \
-           --pk /root/.ssh/id_rsa \
+########################################
+# 用 sealos 起集群（跳过 kube-proxy）
+# 注意：不再引入 labring/cilium，避免版本混装
+########################################
+sealos run "labring/kubernetes:${K8S_VERSION}" \
+           "labring/helm:${HELM_APP_VERSION}" \
+           --masters "${MASTER_IP}" \
+           --user "${MASTER_USER}" \
+           --pk "${MASTER_SSH_KEY}" \
            --env '{}' \
            --cmd 'kubeadm init --skip-phases=addon/kube-proxy'
 
-#sealos add --nodes 172.31.23.69
-
-helm repo add cilium https://helm.cilium.io
+########################################
+# 安装 / 升级 Cilium（Helm 统一到 1.18.x）
+########################################
+helm repo add cilium https://helm.cilium.io || true
 helm repo update
-helm upgrade cilium cilium/cilium -n kube-system -f cilium-values.yaml --version 1.18.1
+helm upgrade --install cilium cilium/cilium \
+  -n kube-system \
+  --version "${CILIUM_CHART_VERSION}" \
+  -f "${CILIUM_VALUES_FILE}"
+
+# 等待就绪（超时放宽以适配慢环境）
+kubectl -n kube-system rollout status ds/cilium --timeout=10m || true
+kubectl -n kube-system rollout status deploy/cilium-operator --timeout=5m || true
+
+# 快速查看
+cilium status || true
+kubectl -n kube-system get pods -o wide
+helm list -n kube-system