synchronization

2025-08-25 17:53:08 +08:00
commit c201eb5ef9
318 changed files with 23092 additions and 0 deletions
--- a/File/Conf/PrometheusAlert-App.conf
+++ b/File/Conf/PrometheusAlert-App.conf
@@ -0,0 +1,268 @@
+#---------------------↓全局配置-----------------------
+appname = PrometheusAlert
+#登录用户名
+login_user=prometheusalert
+#登录密码
+login_password=prometheusalert
+#监听地址
+httpaddr = "0.0.0.0"
+#监听端口
+httpport = 8080
+runmode = dev
+#设置代理 proxy = http://123.123.123.123:8080
+proxy =
+#开启JSON请求
+copyrequestbody = true
+#告警消息标题
+title=PrometheusAlert
+#链接到告警平台地址
+GraylogAlerturl=http://graylog.org
+#钉钉告警 告警logo图标地址
+logourl=https://raw.githubusercontent.com/feiyu563/PrometheusAlert/master/doc/alert-center.png
+#钉钉告警 恢复logo图标地址
+rlogourl=https://raw.githubusercontent.com/feiyu563/PrometheusAlert/master/doc/alert-center.png
+#短信告警级别(等于3就进行短信告警) 告警级别定义 0 信息,1 警告,2 一般严重,3 严重,4 灾难
+messagelevel=3
+#电话告警级别(等于4就进行语音告警) 告警级别定义 0 信息,1 警告,2 一般严重,3 严重,4 灾难
+phonecalllevel=4
+#默认拨打号码(页面测试短信和电话功能需要配置此项)
+defaultphone=xxxxxxxx
+#故障恢复是否启用电话通知0为关闭,1为开启
+phonecallresolved=0
+#是否前台输出file or console
+logtype=file
+#日志文件路径
+logpath=logs/prometheusalertcenter.log
+#转换Prometheus,graylog告警消息的时区为CST时区(如默认已经是CST时区，请勿开启)
+prometheus_cst_time=0
+#数据库驱动，支持sqlite3，mysql,postgres如使用mysql或postgres，请开启db_host,db_port,db_user,db_password,db_name的注释
+db_driver=mysql
+db_host=mysql.mysql.svc.cluster.local
+db_port=3306
+db_user=root
+db_password=Root123456
+db_name=prometheusalert
+#是否开启告警记录 0为关闭,1为开启
+AlertRecord=0
+#是否开启告警记录定时删除 0为关闭,1为开启
+RecordLive=0
+#告警记录定时删除周期，单位天
+RecordLiveDay=7
+# 是否将告警记录写入es7，0为关闭，1为开启
+alert_to_es=0
+# es地址，是[]string
+# beego.Appconfig.Strings读取配置为[]string，使用";"而不是","
+to_es_url=http://localhost:9200
+# to_es_url=http://es1:9200;http://es2:9200;http://es3:9200
+# es用户和密码
+# to_es_user=username
+# to_es_pwd=password
+
+#---------------------↓webhook-----------------------
+#是否开启钉钉告警通道,可同时开始多个通道0为关闭,1为开启
+open-dingding=0
+#默认钉钉机器人地址
+ddurl=https://oapi.dingtalk.com/robot/send?access_token=xxxxx
+#是否开启 @所有人(0为关闭,1为开启)
+dd_isatall=0
+
+#是否开启微信告警通道,可同时开始多个通道0为关闭,1为开启
+open-weixin=0
+#默认企业微信机器人地址
+wxurl=https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxxxx
+
+#是否开启飞书告警通道,可同时开始多个通道0为关闭,1为开启
+open-feishu=1
+#默认飞书机器人地址
+fsurl=https://open.feishu.cn/open-apis/bot/hook/xxxxxxxxx
+
+#---------------------↓腾讯云接口-----------------------
+#是否开启腾讯云短信告警通道,可同时开始多个通道0为关闭,1为开启
+open-txdx=0
+#腾讯云短信接口key
+TXY_DX_appkey=xxxxx
+#腾讯云短信模版ID 腾讯云短信模版配置可参考 prometheus告警:{1}
+TXY_DX_tpl_id=xxxxx
+#腾讯云短信sdk app id
+TXY_DX_sdkappid=xxxxx
+#腾讯云短信签名 根据自己审核通过的签名来填写
+TXY_DX_sign=腾讯云
+
+#是否开启腾讯云电话告警通道,可同时开始多个通道0为关闭,1为开启
+open-txdh=0
+#腾讯云电话接口key
+TXY_DH_phonecallappkey=xxxxx
+#腾讯云电话模版ID
+TXY_DH_phonecalltpl_id=xxxxx
+#腾讯云电话sdk app id
+TXY_DH_phonecallsdkappid=xxxxx
+
+#---------------------↓华为云接口-----------------------
+#是否开启华为云短信告警通道,可同时开始多个通道0为关闭,1为开启
+open-hwdx=0
+#华为云短信接口key
+HWY_DX_APP_Key=xxxxxxxxxxxxxxxxxxxxxx
+#华为云短信接口Secret
+HWY_DX_APP_Secret=xxxxxxxxxxxxxxxxxxxxxx
+#华为云APP接入地址(端口接口地址)
+HWY_DX_APP_Url=https://rtcsms.cn-north-1.myhuaweicloud.com:10743
+#华为云短信模板ID
+HWY_DX_Templateid=xxxxxxxxxxxxxxxxxxxxxx
+#华为云签名名称，必须是已审核通过的，与模板类型一致的签名名称,按照自己的实际签名填写
+HWY_DX_Signature=华为云
+#华为云签名通道号
+HWY_DX_Sender=xxxxxxxxxx
+
+#---------------------↓阿里云接口-----------------------
+#是否开启阿里云短信告警通道,可同时开始多个通道0为关闭,1为开启
+open-alydx=0
+#阿里云短信主账号AccessKey的ID
+ALY_DX_AccessKeyId=xxxxxxxxxxxxxxxxxxxxxx
+#阿里云短信接口密钥
+ALY_DX_AccessSecret=xxxxxxxxxxxxxxxxxxxxxx
+#阿里云短信签名名称
+ALY_DX_SignName=阿里云
+#阿里云短信模板ID
+ALY_DX_Template=xxxxxxxxxxxxxxxxxxxxxx
+
+#是否开启阿里云电话告警通道,可同时开始多个通道0为关闭,1为开启
+open-alydh=0
+#阿里云电话主账号AccessKey的ID
+ALY_DH_AccessKeyId=xxxxxxxxxxxxxxxxxxxxxx
+#阿里云电话接口密钥
+ALY_DH_AccessSecret=xxxxxxxxxxxxxxxxxxxxxx
+#阿里云电话被叫显号，必须是已购买的号码
+ALY_DX_CalledShowNumber=xxxxxxxxx
+#阿里云电话文本转语音（TTS）模板ID
+ALY_DH_TtsCode=xxxxxxxx
+
+#---------------------↓容联云接口-----------------------
+#是否开启容联云电话告警通道,可同时开始多个通道0为关闭,1为开启
+open-rlydh=0
+#容联云基础接口地址
+RLY_URL=https://app.cloopen.com:8883/2013-12-26/Accounts/
+#容联云后台SID
+RLY_ACCOUNT_SID=xxxxxxxxxxx
+#容联云api-token
+RLY_ACCOUNT_TOKEN=xxxxxxxxxx
+#容联云app_id
+RLY_APP_ID=xxxxxxxxxxxxx
+
+#---------------------↓邮件配置-----------------------
+#是否开启邮件
+open-email=0
+#邮件发件服务器地址
+Email_host=smtp.qq.com
+#邮件发件服务器端口
+Email_port=465
+#邮件帐号
+Email_user=xxxxxxx@qq.com
+#邮件密码
+Email_password=xxxxxx
+#邮件标题
+Email_title=运维告警
+#默认发送邮箱
+Default_emails=xxxxx@qq.com,xxxxx@qq.com
+
+#---------------------↓七陌云接口-----------------------
+#是否开启七陌短信告警通道,可同时开始多个通道0为关闭,1为开启
+open-7moordx=0
+#七陌账户ID
+7MOOR_ACCOUNT_ID=Nxxx
+#七陌账户APISecret
+7MOOR_ACCOUNT_APISECRET=xxx
+#七陌账户短信模板编号
+7MOOR_DX_TEMPLATENUM=n
+#注意：七陌短信变量这里只用一个var1，在代码里写死了。
+#-----------
+#是否开启七陌webcall语音通知告警通道,可同时开始多个通道0为关闭,1为开启
+open-7moordh=0
+#请在七陌平台添加虚拟服务号、文本节点
+#七陌账户webcall的虚拟服务号
+7MOOR_WEBCALL_SERVICENO=xxx
+# 文本节点里被替换的变量，我配置的是text。如果被替换的变量不是text，请修改此配置
+7MOOR_WEBCALL_VOICE_VAR=text
+
+#---------------------↓telegram接口-----------------------
+#是否开启telegram告警通道,可同时开始多个通道0为关闭,1为开启
+open-tg=0
+#tg机器人token
+TG_TOKEN=xxxxx
+#tg消息模式 个人消息或者频道消息 0为关闭(推送给个人)，1为开启(推送给频道)
+TG_MODE_CHAN=0
+#tg用户ID
+TG_USERID=xxxxx
+#tg频道name或者id, 频道name需要以@开始
+TG_CHANNAME=xxxxx
+#tg api地址, 可以配置为代理地址
+#TG_API_PROXY="https://api.telegram.org/bot%s/%s"
+
+#---------------------↓workwechat接口-----------------------
+#是否开启workwechat告警通道,可同时开始多个通道0为关闭,1为开启
+open-workwechat=0
+# 企业ID
+WorkWechat_CropID=xxxxx
+# 应用ID
+WorkWechat_AgentID=xxxx
+# 应用secret
+WorkWechat_AgentSecret=xxxx
+# 接受用户
+WorkWechat_ToUser="zhangsan|lisi"
+# 接受部门
+WorkWechat_ToParty="ops|dev"
+# 接受标签
+WorkWechat_ToTag=""
+# 消息类型, 暂时只支持markdown
+# WorkWechat_Msgtype = "markdown"
+
+#---------------------↓百度云接口-----------------------
+#是否开启百度云短信告警通道,可同时开始多个通道0为关闭,1为开启
+open-baidudx=0
+#百度云短信接口AK(ACCESS_KEY_ID)
+BDY_DX_AK=xxxxx
+#百度云短信接口SK(SECRET_ACCESS_KEY)
+BDY_DX_SK=xxxxx
+#百度云短信ENDPOINT（ENDPOINT参数需要用指定区域的域名来进行定义，如服务所在区域为北京，则为）
+BDY_DX_ENDPOINT=http://smsv3.bj.baidubce.com
+#百度云短信模版ID,根据自己审核通过的模版来填写(模版支持一个参数code：如prometheus告警:{code})
+BDY_DX_TEMPLATE_ID=xxxxx
+#百度云短信签名ID，根据自己审核通过的签名来填写
+TXY_DX_SIGNATURE_ID=xxxxx
+
+#---------------------↓百度Hi(如流)-----------------------
+#是否开启百度Hi(如流)告警通道,可同时开始多个通道0为关闭,1为开启
+open-ruliu=0
+#默认百度Hi(如流)机器人地址
+BDRL_URL=https://api.im.baidu.com/api/msg/groupmsgsend?access_token=xxxxxxxxxxxxxx
+#百度Hi(如流)群ID
+BDRL_ID=123456
+#---------------------↓bark接口-----------------------
+#是否开启telegram告警通道,可同时开始多个通道0为关闭,1为开启
+open-bark=0
+#bark默认地址, 建议自行部署bark-server
+BARK_URL=https://api.day.app
+#bark key, 多个key使用分割
+BARK_KEYS=xxxxx
+# 复制, 推荐开启
+BARK_COPY=0
+# 历史记录保存,推荐开启
+BARK_ARCHIVE=0
+# 消息分组
+BARK_GROUP=PrometheusAlert
+
+#---------------------↓语音播报-----------------------
+#语音播报需要配合语音播报插件才能使用
+#是否开启语音播报通道,0为关闭,1为开启
+open-voice=0
+VOICE_IP=127.0.0.1
+VOICE_PORT=9999
+
+#---------------------↓飞书机器人应用-----------------------
+#是否开启feishuapp告警通道,可同时开始多个通道0为关闭,1为开启
+open-feishuapp=0
+# APPID
+FEISHU_APPID=cli_xxxxxxxxxxxxx
+# APPSECRET
+FEISHU_APPSECRET=xxxxxxxxxxxxxxxxxxxxxx
+# 可填飞书 用户open_id、user_id、union_ids、部门open_department_id
+AT_USER_ID="xxxxxxxx"
--- a/File/Conf/k8s.conf
+++ b/File/Conf/k8s.conf
@@ -0,0 +1,4 @@
+net.bridge.bridge-nf-call-ip6tables = 1
+net.bridge.bridge-nf-call-iptables = 1
+net.ipv4.ip_forward = 1
+vm.swappiness = 0
--- a/File/Json/Docker-Gpu-daemon.json
+++ b/File/Json/Docker-Gpu-daemon.json
@@ -0,0 +1,9 @@
+{
+    "default-runtime": "nvidia",
+    "runtimes": {
+        "nvidia": {
+            "args": [],
+            "path": "nvidia-container-runtime"
+        }
+    }
+}
--- a/File/Shell/cgroup.sh
+++ b/File/Shell/cgroup.sh
@@ -0,0 +1,37 @@
+set -e   
+# 这句是告诉bash如何有任何语句执行结果不为ture，就应该退出。 
+
+if grep -v '^#' /etc/fstab | grep -q cgroup; then
+	echo 'cgroups mounted from fstab, not mounting /sys/fs/cgroup'
+	exit 0
+fi
+
+# kernel provides cgroups?
+if [ ! -e /proc/cgroups ]; then
+	exit 0
+fi
+
+# 确保目录存在
+if [ ! -d /sys/fs/cgroup ]; then
+	exit 0
+fi
+
+# mount /sys/fs/cgroup if not already done
+if ! mountpoint -q /sys/fs/cgroup; then
+	mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+fi
+
+cd /sys/fs/cgroup
+
+# get/mount list of enabled cgroup controllers
+for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+	mkdir -p $sys
+	if ! mountpoint -q $sys; then
+		if ! mount -n -t cgroup -o $sys cgroup $sys; then
+			rmdir $sys || true
+		fi
+	fi
+done
+
+
+exit 0
--- a/File/Shell/clean-disk-ceph.sh
+++ b/File/Shell/clean-disk-ceph.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+DISK="/dev/vdc"  #按需修改自己的盘符信息
+
+# Zap the disk to a fresh, usable state (zap-all is important, b/c MBR has to be clean)
+
+# You will have to run this step for all disks.
+sgdisk --zap-all $DISK
+
+# Clean hdds with dd
+dd if=/dev/zero of="$DISK" bs=1M count=100 oflag=direct,dsync
+
+# Clean disks such as ssd with blkdiscard instead of dd
+blkdiscard $DISK
+
+# These steps only have to be run once on each node
+# If rook sets up osds using ceph-volume, teardown leaves some devices mapped that lock the disks.
+ls /dev/mapper/ceph-* | xargs -I% -- dmsetup remove %
+
+# ceph-volume setup can leave ceph-<UUID> directories in /dev and /dev/mapper (unnecessary clutter)
+rm -rf /dev/ceph-*
+rm -rf /dev/mapper/ceph--*
+
+# Inform the OS of partition table changes
+partprobe $DISK
--- a/File/Shell/helm-install.sh
+++ b/File/Shell/helm-install.sh
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+#############################################################################################
+# 用途: 部署 Helm 工具脚本
+# 作者: 丁辉
+# 更新时间: 2024-03-26
+#############################################################################################
+
+function Init_env() {
+    # 定义颜色
+    RED='\033[0;31m'
+    NC='\033[0m'
+    GREEN='\033[32m'
+    YELLOW='\033[33m'
+
+    # 定义时间格式
+    TIME="+%Y-%m-%d %H:%M:%S"
+
+    # 定义函数 send_info
+    function SEND_INFO() {
+        info=$1
+        echo -e "${GREEN}$(date "$TIME") INFO: $info${NC}"
+    }
+
+    # 定义函数 send_warn
+    function SEND_WARN() {
+        warn=$1
+        echo -e "${YELLOW}$(date "$TIME") WARN: $warn${NC}"
+    }
+
+    # 定义函数 send_error
+    function SEND_ERROR() {
+        error=$1
+        echo -e "${RED}$(date "$TIME") ERROR: $error${NC}"
+    }
+
+    if [ $(arch) = "x86_64" ] || [ $(arch) = "amd64" ]; then
+        ARCH_TYPE=amd64
+    elif [ $(arch) = "aarch64" ] || [ $(arch) = "arm64" ]; then
+        ARCH_TYPE=arm64
+    elif [ $(arch) = "i386" ]; then
+        ARCH_TYPE=amd64
+    fi
+}
+
+function Install_helm() {
+  SEND_INFO "正在检查环境"
+  if ! which helm > /dev/null 2>&1; then
+        SEND_INFO "Helm 开始安装"
+        # 获取版本
+        HELM_VERSION=`(curl https://mirrors.huaweicloud.com/helm/ | awk -F '"' '{print $2}' | grep -E '[0-9]+' | sort -rV | awk 'NR==1 {print}' | awk -F '/' '{print $1}')`
+        HELM_PACKAGE_VERSION=`(curl https://mirrors.huaweicloud.com/helm/$HELM_VERSION/ | awk -F '"' '{print $2}' | grep -E '[0-9]+' | grep $ARCH_TYPE | grep linux | awk 'NR==1 {print}')`
+        # 下载 Helm 安装包
+        curl -O https://mirrors.huaweicloud.com/helm/$HELM_VERSION/$HELM_PACKAGE_VERSION
+        # 开始安装
+        tar -zxvf helm-$HELM_VERSION-linux-$ARCH_TYPE.tar.gz > /dev/null 2>&1
+        install -o root -g root -m 0755 linux-$ARCH_TYPE/helm /usr/local/bin/
+        # 清理安装包
+        rm -rf helm-$HELM_VERSION-linux-$ARCH_TYPE.tar.gz linux-$ARCH_TYPE
+        if ! which helm > /dev/null 2>&1; then
+            SEND_ERROR "Helm 安装失败"
+            exit 1
+        else
+            VERSION=$(helm version | awk -F '"' '{print $2}')
+            SEND_INFO "Helm 安装成功, 版本: $VERSION"
+        fi
+    else
+        VERSION=$(helm version | awk -F '"' '{print $2}')
+        SEND_INFO "Helm 已存在, 版本: $VERSION"
+    fi
+}
+
+function All() {
+    Init_env
+    Install_helm
+}
+
+All
--- a/File/Shell/push-registry-images.sh
+++ b/File/Shell/push-registry-images.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+#############################################################################################
+# 用途: 上传 Registry 镜像脚本
+# 作者: 丁辉
+# 更新时间: 2024-06-29
+#############################################################################################
+
+# 镜像仓库基础信息配置
+REGISTRY_URL=registry.cn-hangzhou.aliyuncs.com
+REGISTRY_USER=admin
+REGISTRY_PASSWD=password
+PULL_IMAGE=true # 是否开启拉取最新镜像
+
+# 定义函数信息
+RED='\033[0;31m'
+NC='\033[0m'
+GREEN='\033[32m'
+YELLOW='\033[33m'
+TIME="+%Y-%m-%d %H:%M:%S"
+
+function SEND_INFO() {
+    info=$1
+    echo -e "${GREEN}$(date "$TIME") INFO: $info${NC}"
+}
+function SEND_WARN() {
+    warn=$1
+    echo -e "${YELLOW}$(date "$TIME") WARN: $warn${NC}"
+}
+function SEND_ERROR() {
+    error=$1
+    echo -e "${RED}$(date "$TIME") ERROR: $error${NC}"
+}
+if [ -z "$1" ]; then
+    echo "请输入要上传的镜像名称,格式为: push-registry-images.sh NAME:TAG NAME:TAG"
+    exit 1
+fi
+
+SEND_INFO "正在登录镜像仓库 $REGISTRY_URL"
+docker login $REGISTRY_URL -u $REGISTRY_USER -p $REGISTRY_PASSWD > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+    SEND_INFO "登录镜像仓库成功"
+else
+    SEND_ERROR "登录镜像仓库失败"
+    exit 1
+fi
+
+IMAGES_NAME=$@
+
+for IMAGE_NAME in ${IMAGES_NAME[@]}; do
+    if [[ $PULL_IMAGE == "true" ]]; then
+        SEND_INFO "正在拉取镜像: $IMAGE_NAME"
+        docker pull $IMAGE_NAME
+        if [ $? -ne 0 ]; then
+            SEND_ERROR "拉取镜像 $IMAGE_NAME 失败"
+            exit 1
+        fi
+    fi
+    docker tag $IMAGE_NAME $REGISTRY_URL/$IMAGE_NAME
+    docker push $REGISTRY_URL/$IMAGE_NAME
+    if [ $? -eq 0 ]; then
+        SEND_INFO "上传镜像 $IMAGE_NAME 成功"
+    else
+        SEND_ERROR "上传镜像 $IMAGE_NAME 失败"
+    fi
+done
--- a/File/Shell/restore-rkestate-config.sh
+++ b/File/Shell/restore-rkestate-config.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+#############################################################################################
+# 用途: 恢复 rkestate 状态文件脚本
+# 作者: 丁辉
+# 更新时间: 2024-03-27
+#############################################################################################
+
+# 检测当前是否为 Master 节点
+if [ ! -f /etc/kubernetes/ssl/kubecfg-kube-node.yaml ]; then
+  echo "未检测到 /etc/kubernetes/ssl/kubecfg-kube-node.yaml 文件, 请登录 Master 节点执行脚本"
+  exit 1
+fi
+
+# 找回文件
+docker run --rm --net=host \
+-v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro \
+--entrypoint bash \
+rancher/rancher-agent:v2.2.2 \
+-c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml get configmap \
+-n kube-system full-cluster-state -o json | jq -r .data.\"full-cluster-state\" | jq -r .' > cluster.rkestate
--- a/File/Shell/restore-rkestate-kubeconfig.sh
+++ b/File/Shell/restore-rkestate-kubeconfig.sh
@@ -0,0 +1,88 @@
+#!/bin/bash
+
+help ()
+{
+    echo  ' ================================================================ '
+    echo  ' --master-ip: 指定Master节点IP，任意一个K8S Master节点IP即可。'
+    echo  ' 使用示例：bash restore-kube-config.sh --master-ip=1.1.1.1 '
+    echo  ' ================================================================'
+}
+
+case "$1" in
+    -h|--help) help; exit;;
+esac
+
+if [[ $1 == '' ]];then
+    help;
+    exit;
+fi
+
+CMDOPTS="$*"
+for OPTS in $CMDOPTS;
+do
+    key=$(echo ${OPTS} | awk -F"=" '{print $1}' )
+    value=$(echo ${OPTS} | awk -F"=" '{print $2}' )
+    case "$key" in
+        --master-ip) K8S_MASTER_NODE_IP=$value ;;
+    esac
+done
+
+# 获取Rancher Agent镜像
+RANCHER_IMAGE=$( docker images --filter=label=io.cattle.agent=true |grep 'v2.' | \
+grep -v -E 'rc|alpha|<none>' | head -n 1 | awk '{print $3}' )
+
+if [ -d /opt/rke/etc/kubernetes/ssl ]; then
+  K8S_SSLDIR=/opt/rke/etc/kubernetes/ssl
+else
+  K8S_SSLDIR=/etc/kubernetes/ssl
+fi
+
+CHECK_CLUSTER_STATE_CONFIGMAP=$( docker run --rm --entrypoint bash --net=host \
+-v $K8S_SSLDIR:/etc/kubernetes/ssl:ro $RANCHER_IMAGE -c '\
+if kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml \
+-n kube-system get configmap full-cluster-state | grep full-cluster-state > /dev/null; then \
+echo 'yes'; else echo 'no'; fi' )
+
+if [ $CHECK_CLUSTER_STATE_CONFIGMAP != 'yes' ]; then
+
+  docker run --rm --net=host \
+  --entrypoint bash \
+  -e K8S_MASTER_NODE_IP=$K8S_MASTER_NODE_IP \
+  -v $K8S_SSLDIR:/etc/kubernetes/ssl:ro \
+  $RANCHER_IMAGE \
+  -c '\
+  kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml \
+  -n kube-system \
+  get secret kube-admin -o jsonpath={.data.Config} | base64 --decode | \
+  sed -e "/^[[:space:]]*server:/ s_:.*_: \"https://${K8S_MASTER_NODE_IP}:6443\"_"' > kubeconfig_admin.yaml
+
+  if [ -s kubeconfig_admin.yaml ]; then
+    echo '恢复成功，执行以下命令测试：'
+    echo ''
+    echo "kubectl --kubeconfig kubeconfig_admin.yaml get nodes"
+  else
+    echo "kubeconfig恢复失败。"
+  fi
+
+else
+
+  docker run --rm --entrypoint bash --net=host \
+  -e K8S_MASTER_NODE_IP=$K8S_MASTER_NODE_IP \
+  -v $K8S_SSLDIR:/etc/kubernetes/ssl:ro \
+  $RANCHER_IMAGE \
+  -c '\
+  kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml \
+  -n kube-system \
+  get configmap full-cluster-state -o json | \
+  jq -r .data.\"full-cluster-state\" | \
+  jq -r .currentState.certificatesBundle.\"kube-admin\".config | \
+  sed -e "/^[[:space:]]*server:/ s_:.*_: \"https://${K8S_MASTER_NODE_IP}:6443\"_"' > kubeconfig_admin.yaml
+
+  if [ -s kubeconfig_admin.yaml ]; then
+    echo '恢复成功，执行以下命令测试：'
+    echo ''
+    echo "kubectl --kubeconfig kubeconfig_admin.yaml get nodes"
+  else
+    echo "kubeconfig恢复失败。"
+  fi
+fi
--- a/File/Templates-Yaml/daemonset.yaml
+++ b/File/Templates-Yaml/daemonset.yaml
@@ -0,0 +1,26 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: daemonset-pods
+  namespace: default
+  labels:
+    name: daemonset-pods
+spec:
+  selector:
+    matchLabels:
+      name: daemonset-pods
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        name: daemonset-pods
+    spec:
+      containers:
+        - name: nginx
+          image: nginx:latest
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: nginx-port
+              containerPort: 80
+              protocol: TCP
--- a/File/Templates-Yaml/pv-hostpath.yaml
+++ b/File/Templates-Yaml/pv-hostpath.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv-hostpath
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/data"
--- a/File/Templates-Yaml/pvc-hostpath.yaml
+++ b/File/Templates-Yaml/pvc-hostpath.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-hostpath
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  volumeName: pv-hostpath
--- a/File/Templates-Yaml/pvc-storageclass.yaml
+++ b/File/Templates-Yaml/pvc-storageclass.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
--- a/File/Templates-Yaml/secret-env.yaml
+++ b/File/Templates-Yaml/secret-env.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-env
+stringData:
+  USER: root
+  PASSWORD: root
--- a/File/Templates-Yaml/service.yaml
+++ b/File/Templates-Yaml/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service
+spec:
+  selector:
+    name: service
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 80
+  type: ClusterIP
--- a/File/Templates-Yaml/statefulset.yaml
+++ b/File/Templates-Yaml/statefulset.yaml
@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: statefulset-pods
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: statefulset-pods
+  serviceName: nginx-prot
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: statefulset-pods
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:latest
+        ports:
+        - containerPort: 80
+          protocol: TCP
--- a/File/Yaml/aliyun-gpu-pod.yaml
+++ b/File/Yaml/aliyun-gpu-pod.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: gpu-pod
+  labels:
+    app: nginx
+spec:
+  containers:
+  - name: nginx
+    image: nginx:latest
+    env:
+    - name: NVIDIA_VISIBLE_DEVICES
+      value: "all"
+    ports:
+    - containerPort: 80
+    # resources:
+    #   limits:
+    #     aliyun.com/gpu-count: 1
+    #     aliyun.com/gpu-mem: 512
--- a/File/Yaml/aliyun-sync.yaml
+++ b/File/Yaml/aliyun-sync.yaml
@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  namespace: aliyunpan
+  name: aliyunpan-sync
+spec:
+  podManagementPolicy: OrderedReady
+  replicas: 1
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app: aliyunpan-sync
+  serviceName: aliyunpan-sync
+  minReadySeconds: 5
+  template:
+    metadata:
+      labels:
+        app: aliyunpan-sync
+    spec:
+      terminationGracePeriodSeconds: 5
+      containers:
+      - name: aliyunpan-sync
+        image: tickstep/aliyunpan-sync:v0.2.9
+        env:
+        - name: TZ
+          value: "Asia/Shanghai"
+        - name: ALIYUNPAN_PAN_DIR
+          value: ""
+        - name: ALIYUNPAN_SYNC_MODE
+          value: "sync"
+        - name: ALIYUNPAN_REFRESH_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: aliyunpan-token
+              key: ALIYUNPAN_REFRESH_TOKEN
+        volumeMounts:
+          - name: host-path-volume
+            mountPath: /home/app/data
+      volumes:
+      - name: host-path-volume
+        hostPath:
+          path: /data/aliyunpan/
+      - name: secret-volume
+        secret:
+          secretName: aliyunpan-token
--- a/File/Yaml/chartmuseum.yaml
+++ b/File/Yaml/chartmuseum.yaml
@@ -0,0 +1,59 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: chartmuseum-pvc
+  namespace: chartmuseum
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Gi
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  namespace: helm
+  name: chartmuseum
+spec:
+  replicas: 1
+  serviceName: chartmuseum
+  selector:
+    matchLabels:
+      app: chartmuseum
+  template:
+    metadata:
+      labels:
+        app: chartmuseum
+    spec:
+      containers:
+      - name: chartmuseum
+        image: chartmuseum/chartmuseum:latest
+        env:
+        - name: DEBUG
+          value: "1"
+        - name: STORAGE
+          value: local
+        - name: STORAGE_LOCAL_ROOTDIR
+          value: /charts
+        volumeMounts:
+        - mountPath: /charts
+          name: data
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: chartmuseum-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: helm
+  name: chartmuseum
+spec:
+  selector:
+    app: chartmuseum
+  ports:
+  - port: 8080
+    targetPort: 8080
+    protocol: TCP
+  type: ClusterIP
--- a/File/Yaml/chatgpt-pandora.yaml
+++ b/File/Yaml/chatgpt-pandora.yaml
@@ -0,0 +1,51 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: chatgpt
+  labels:
+    name: chatgpt
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: chatgpt-pandora
+  namespace: chatgpt
+  labels:
+    app: chatgpt-pandora
+spec:
+  selector:
+    matchLabels:
+      app: chatgpt-web
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: chatgpt-web
+    spec:
+      containers:
+        - name: chatgpt-pandora
+          image: 'pengzhile/pandora:latest'
+          ports:
+            - name: chatgpt-80
+              containerPort: 80
+              protocol: TCP
+          env:
+            - name: PANDORA_SERVER
+              value: '0.0.0.0:80'
+            - name: PANDORA_CLOUD
+              value: cloud
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: chatgpt-web
+  namespace: chatgpt
+spec:
+  selector:
+    app: chatgpt-web
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
--- a/File/Yaml/cluster-issuer.yaml
+++ b/File/Yaml/cluster-issuer.yaml
@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    # 使用 Let's Encrypt 的生产环境服务器
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # 邮件地址用于重要的通讯，例如安全通知和证书到期通知
+    email: user@example.com
+    # 用于存储ACME账户的私钥
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # ACME协议中用于验证域名所有权的挑战机制
+    solvers:
+      - http01:
+          ingress:
+            class: nginx
--- a/File/Yaml/docker-compose-frpc.yaml
+++ b/File/Yaml/docker-compose-frpc.yaml
@@ -0,0 +1,25 @@
+version: '3'
+
+services:
+  ipsec-vpn-server:
+    image: hwdsl2/ipsec-vpn-server
+    container_name: ipsec-vpn-server
+    restart: always
+    privileged: true
+    networks:
+      - vpn
+    volumes:
+      - /opt/vpn/vpn.env:/opt/src/env/vpn.env:ro
+      - /lib/modules:/lib/modules:ro
+
+  frpc:
+    image: registry.cn-hangzhou.aliyuncs.com/offends/frp:frpc
+    container_name: frpc
+    restart: always
+    networks:
+      - vpn
+    volumes:
+      - /opt/vpn/frpc.ini:/frp/frpc.ini:ro
+
+networks:
+  vpn:
--- a/File/Yaml/docker-compose-frps.yaml
+++ b/File/Yaml/docker-compose-frps.yaml
@@ -0,0 +1,13 @@
+version: '3'
+
+services:
+  frps:
+    image: registry.cn-hangzhou.aliyuncs.com/offends/frp:frps
+    container_name: frps
+    restart: always
+    ports:
+      - "7000:7000"
+      - "500:500/udp"
+      - "4500:4500/udp"
+    volumes:
+      - /opt/vpn/frps.ini:/frp/frps.ini:ro
--- a/File/Yaml/drone-postgres.yaml
+++ b/File/Yaml/drone-postgres.yaml
@@ -0,0 +1,79 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: drone-db-secret
+  namespace: drone
+stringData:
+  POSTGRES_USER: postgres
+  POSTGRES_PASSWORD: postgres
+  POSTGRES_DB: drone
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: drone-db-pvc
+  namespace: drone
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  namespace: drone
+  name: drone-db
+spec:
+  selector:
+    matchLabels:
+      app: drone-db
+  serviceName: drone-db
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: drone-db
+    spec:
+      containers:
+      - name: drone-db
+        image: postgres:latest
+        envFrom:
+        - secretRef:
+            name: drone-db-secret
+        ports:
+        - containerPort: 5432
+          protocol: TCP
+        livenessProbe:
+          exec:
+            command:
+              - psql
+              - -h
+              - localhost
+              - -U
+              - postgres
+              - -c
+              - "SELECT 1;"
+          initialDelaySeconds: 10 #启动后等待10秒开始检测
+          periodSeconds: 10 #每隔10秒检测一次
+        volumeMounts:
+        - mountPath: /var/lib/postgresql/data
+          name: data
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: drone-db-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: drone
+  name: drone-db
+spec:
+  selector:
+    app: drone-db
+  ports:
+    - protocol: TCP
+      port: 5432
+      targetPort: 5432
--- a/File/Yaml/frpc.yaml
+++ b/File/Yaml/frpc.yaml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frpc
+  namespace: vpn
+  labels:
+    app: frpc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: frpc
+  template:
+    metadata:
+      labels:
+        app: frpc
+    spec:
+      hostNetwork: true
+      containers:
+      - name: ipsec
+        securityContext:
+          privileged: true
+        image: hwdsl2/ipsec-vpn-server:latest
+        imagePullPolicy: Always
+        volumeMounts:
+        - mountPath: /opt/src/env/vpn.env
+          name: ipsec-config
+          readOnly: true
+        - mountPath: /lib/modules
+          name: ipsec-data
+          readOnly: true
+      - name: frpc
+        image: registry.cn-hangzhou.aliyuncs.com/offends/frp:frpc
+        imagePullPolicy: Always
+        volumeMounts:
+        - name: frpc-config
+          mountPath: /frp/frpc.ini
+      volumes:
+      - name: ipsec-config
+        hostPath:
+          path: /opt/vpn/vpn.env
+      - name: frpc-config
+        hostPath:
+          path: /opt/vpn/frpc.ini
+      - name: ipsec-data
+        hostPath:
+          path: /lib/modules
--- a/File/Yaml/frps.yaml
+++ b/File/Yaml/frps.yaml
@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frps
+  namespace: vpn
+  labels:
+    app: frps
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: frps
+  template:
+    metadata:
+      labels:
+        app: frps
+    spec:
+      hostNetwork: true
+      containers:
+      - name: frpc
+        image: registry.cn-hangzhou.aliyuncs.com/offends/frp:frps
+        imagePullPolicy: Always
+        volumeMounts:
+        - name: frps-config
+          mountPath: /frp/frps.ini
+      volumes:
+      - name: frps-config
+        hostPath:
+          path: /opt/vpn/frps.ini
--- a/File/Yaml/ingress-nginx-tcp.yaml
+++ b/File/Yaml/ingress-nginx-tcp.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ingress-nginx-tcp
+  namespace: default
--- a/File/Yaml/ingress-udp-services.yaml
+++ b/File/Yaml/ingress-udp-services.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ingress-nginx-udp
+  namespace: default
--- a/File/Yaml/openebs-pod.yaml
+++ b/File/Yaml/openebs-pod.yaml
@@ -0,0 +1,31 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: local-hostpath-pvc
+spec:
+  storageClassName: openebs-hostpath
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5G
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: hello-local-hostpath-pod
+spec:
+  volumes:
+  - name: local-storage
+    persistentVolumeClaim:
+      claimName: local-hostpath-pvc
+  containers:
+  - name: hello-container
+    image: busybox
+    command:
+       - sh
+       - -c
+       - 'while true; do echo "`date` [`hostname`] Hello from OpenEBS Local PV." >> /mnt/store/greet.txt; sleep $(($RANDOM % 5 + 300)); done'
+    volumeMounts:
+    - mountPath: /mnt/store
+      name: local-storage
--- a/File/Yaml/production-issuer.yaml
+++ b/File/Yaml/production-issuer.yaml
@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: user@example.com
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # Enable the HTTP-01 challenge provider
+    solvers:
+      - http01:
+          ingress:
+            ingressClassName: nginx
--- a/File/Yaml/registry-proxy-ds.yaml
+++ b/File/Yaml/registry-proxy-ds.yaml
@@ -0,0 +1,66 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: registry-proxy-pvc
+  namespace: hub
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Gi
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: registry-proxy
+  namespace: hub
+  labels:
+    name: registry-proxy
+spec:
+  selector:
+    matchLabels:
+      name: registry-proxy
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        name: registry-proxy
+    spec:
+      volumes:
+        # - name: data
+        #   hostPath:
+        #     path: /var/lib/registryproxy
+        #     type: Directory
+        - name: data
+          persistentVolumeClaim:
+            claimName: registry-proxy-pvc
+      containers:
+        - name: registry-proxy
+          image: hub.offends.cn/registry-proxy:latest
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: registry-port
+              containerPort: 5000
+              protocol: TCP
+          env:
+            - name: PROXY_REMOTE_URL
+              value: 'http://registry:5000'
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/registry
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry-proxy-service
+  namespace: hub
+spec:
+  selector:
+    name: registry-proxy
+  ports:
+  - protocol: TCP
+    port: 5000
+    targetPort: 5000
+  type: ClusterIP
--- a/File/Yaml/registry-proxy-ingress.yaml
+++ b/File/Yaml/registry-proxy-ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: registry-proxy-ingress
+  namespace: hub
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  ingressClassName: "" # 指定 ingressClass
+  rules:
+    - host: #域名
+      http:
+        paths:
+          - pathType: Prefix
+            backend:
+              service:
+                name: registry-proxy-service
+                port:
+                  number: 5000
+            path: /
+  tls:
+    - hosts:
+      - #域名
+      secretName: registry-proxy-tls
--- a/File/Yaml/rke-kube-prometheus-stack-values.yaml
+++ b/File/Yaml/rke-kube-prometheus-stack-values.yaml
@@ -0,0 +1,33 @@
+# 配置 RKE1 Kubernetes 组件监控
+kubeControllerManager:
+  endpoints:
+    - 192.168.1.10
+    - 192.168.1.20
+    - 192.168.1.30
+  service:
+    port: 10257
+    targetPort: 10257
+    
+kubeScheduler:
+  endpoints:
+    - 192.168.1.10
+    - 192.168.1.20
+    - 192.168.1.30
+  service:
+    port: 10257
+    targetPort: 10257
+    
+kubeProxy:
+  endpoints:
+    - 192.168.1.10
+    - 192.168.1.20
+    - 192.168.1.30
+  service:
+    port: 10249
+    targetPort: 10249
+    
+kubeEtcd:
+  endpoints:
+    - 192.168.1.10
+    - 192.168.1.20
+    - 192.168.1.30
--- a/File/Yaml/shadowsocks-rust-client.yaml
+++ b/File/Yaml/shadowsocks-rust-client.yaml
@@ -0,0 +1,66 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: shadowsocks-rust-client
+  namespace: shadowsocks
+data:
+  config.json: |
+    {
+      "server": "",
+      "server_port": 8388,
+      "password": "",
+      "local_address": "0.0.0.0",
+      "local_port": 1080,
+      "timeout": 300,
+      "method": "aes-256-gcm"
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    name: shadowsocks-rust-client
+  name: shadowsocks-rust-client
+  namespace: shadowsocks
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: shadowsocks-rust-client
+  template:
+    metadata:
+      labels:
+        name: shadowsocks-rust-client
+    spec:
+      containers:
+      - image: ghcr.io/shadowsocks/sslocal-rust:latest
+        imagePullPolicy: IfNotPresent
+        name: shadowsocks-rust-client
+        ports:
+        - containerPort: 1080
+          name: ss-1080
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /etc/shadowsocks-rust
+          name: config
+          readOnly: true
+      volumes:
+      - configMap:
+          defaultMode: 420
+          name: shadowsocks-rust-client
+        name: config
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: shadowsocks-rust-client
+  namespace: shadowsocks
+spec:
+  ports:
+  - name: ss-1080
+    port: 1080
+    protocol: TCP
+    targetPort: 1080
+  selector:
+    name: shadowsocks-rust-client
+  type: ClusterIP
--- a/File/Yaml/simplex-smp.yaml
+++ b/File/Yaml/simplex-smp.yaml
@@ -0,0 +1,88 @@
+apiVersion: v1
+kind: List
+items:
+  - apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
+     name: simplex-smp-config
+     namespace: simplex
+    spec:
+      accessModes:
+        - ReadWriteOnce
+      resources:
+        requests:
+          storage: 10Gi
+  - apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
+     name: simplex-smp-log
+     namespace: simplex
+    spec:
+      accessModes:
+        - ReadWriteOnce
+      resources:
+        requests:
+          storage: 10Gi
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: simplex-smp-server
+  namespace: simplex
+  labels:
+    name: simplex-smp
+spec:
+  selector:
+    matchLabels:
+      name: simplex-smp
+  template:
+    metadata:
+      labels:
+        name: simplex-smp
+    spec:
+      volumes:
+        - name: config
+          persistentVolumeClaim:
+            claimName: simplex-smp-config
+        - name: log
+          persistentVolumeClaim:
+            claimName: simplex-smp-log
+      containers:
+        - name: simplex-smp
+          image: simplexchat/smp-server:latest
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: smp-port
+              containerPort: 5223
+              protocol: TCP
+              hostPort: 5223
+          env:
+            - name: ADDR
+              valueFrom:
+                secretKeyRef:
+                  name: simplex-secret
+                  key: ADDR
+            - name: PASS
+              valueFrom:
+                secretKeyRef:
+                  name: simplex-secret
+                  key: PASS
+          volumeMounts:
+            - name: config
+              mountPath: /etc/opt/simplex
+            - name: log
+              mountPath: /var/opt/simplex
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: simplex-smp
+  namespace: simplex
+spec:
+  selector:
+    name: simplex-smp
+  ports:
+  - protocol: TCP
+    port: 5223
+    targetPort: 5223
+  type: ClusterIP
--- a/File/Yaml/simplex-xftp.yaml
+++ b/File/Yaml/simplex-xftp.yaml
@@ -0,0 +1,101 @@
+apiVersion: v1
+kind: List
+items:
+  - apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
+     name: simplex-xftp-config
+     namespace: simplex
+    spec:
+      accessModes:
+        - ReadWriteOnce
+      resources:
+        requests:
+          storage: 10Gi
+  - apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
+     name: simplex-xftp-log
+     namespace: simplex
+    spec:
+      accessModes:
+        - ReadWriteOnce
+      resources:
+        requests:
+          storage: 10Gi
+  - apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
+     name: simplex-xftp-files
+     namespace: simplex
+    spec:
+      accessModes:
+        - ReadWriteOnce
+      resources:
+        requests:
+          storage: 10Gi
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: simplex-xftp-server
+  namespace: simplex
+  labels:
+    name: simplex-xftp
+spec:
+  selector:
+    matchLabels:
+      name: simplex-xftp
+  template:
+    metadata:
+      labels:
+        name: simplex-xftp
+    spec:
+      volumes:
+        - name: config
+          persistentVolumeClaim:
+            claimName: simplex-xftp-config
+        - name: log
+          persistentVolumeClaim:
+            claimName: simplex-xftp-log
+        - name: files
+          persistentVolumeClaim:
+            claimName: simplex-xftp-files
+      containers:
+        - name: simplex-xftp
+          image: simplexchat/xftp-server:latest
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: xftp-port
+              containerPort: 443
+              protocol: TCP
+              hostPort: 5233
+          env:
+            - name: ADDR
+              valueFrom:
+                secretKeyRef:
+                  name: simplex-secret
+                  key: ADDR
+            - name: QUOTA
+              value: 50gb
+          volumeMounts:
+            - name: config
+              mountPath: /etc/opt/simplex-xftp
+            - name: log
+              mountPath: /var/opt/simplex-xftp
+            - name: files
+              mountPath: /srv/xftp
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: simplex-xftp
+  namespace: simplex
+spec:
+  selector:
+    name: simplex-xftp
+  ports:
+  - protocol: TCP
+    port: 443
+    targetPort: 443
+  type: ClusterIP
--- a/File/Yaml/staging-issuer.yaml
+++ b/File/Yaml/staging-issuer.yaml
@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: user@example.com
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    # Enable the HTTP-01 challenge provider
+    solvers:
+      - http01:
+          ingress:
+            ingressClassName: nginx