From e92bdf30d95ff259147d823a51e6f536b32fbd0b Mon Sep 17 00:00:00 2001
From: zetaloop <zetaloop@outlook.com>
Date: Tue, 5 May 2026 12:29:56 +0800
Subject: [PATCH] feat(k01): add agent join mode to install-k3s.sh

---
 deploy/k01/README.md      | 24 +++++---------
 deploy/k01/install-k3s.sh | 70 +++++++++++++++++++++++++++------------
 2 files changed, 58 insertions(+), 36 deletions(-)

diff --git a/deploy/k01/README.md b/deploy/k01/README.md
index d4ebd55..4cd0d04 100644
--- a/deploy/k01/README.md
+++ b/deploy/k01/README.md
@@ -64,27 +64,21 @@ CNPG 每个 Cluster Ready 后自动生成 `<cluster>-app` Secret（username/pass
 
 ## 加节点
 
+在 server 上取 token：
+
+```bash
+cat /var/lib/rancher/k3s/server/node-token
+```
+
 新机器上执行：
 
 ```bash
 cd /root/juwan-backend/deploy/k01
-bash install-k3s.sh agent
+echo "<zot-admin-password>" > /root/registry-password && chmod 600 /root/registry-password
+
+K3S_URL=https://<server-ip>:6443 K3S_TOKEN=<token> bash install-k3s.sh agent
 ```
 
-`install-k3s.sh agent` 会自动从 server 取 node-token 并加入集群。也可以手动操作：
-
-```bash
-cat /var/lib/rancher/k3s/server/node-token
-
-curl -sfL https://get.k3s.io | \
-  K3S_URL=https://<server-ip>:6443 K3S_TOKEN=<token> \
-  sh -
-scp root@<server-ip>:/etc/rancher/k3s/registries.yaml /etc/rancher/k3s/
-systemctl restart k3s-agent
-```
-
-pod 调度由 k3s 自动分配。有状态 pod 如需固定在某台节点上，可加 `nodeSelector`。
-
 ## 日常操作
 
 ```bash
diff --git a/deploy/k01/install-k3s.sh b/deploy/k01/install-k3s.sh
index 5adc696..fcdb056 100755
--- a/deploy/k01/install-k3s.sh
+++ b/deploy/k01/install-k3s.sh
@@ -7,7 +7,52 @@ STRIMZI_VERSION="1.0.0"
 REDIS_OP_VERSION="0.24.0"
 MONGODB_OP_VERSION="1.8.0"
 
-if ! command -v kubectl >/dev/null 2>&1; then
+MODE="${1:-server}"
+
+if [ "$MODE" != "server" ] && [ "$MODE" != "agent" ]; then
+	echo "usage: $0 [server|agent]" >&2
+	exit 1
+fi
+
+if [ ! -f /root/registry-password ]; then
+	echo "need /root/registry-password (zot admin password)" >&2
+	exit 1
+fi
+
+write_registries() {
+	mkdir -p /etc/rancher/k3s
+	cat > /etc/rancher/k3s/registries.yaml <<EOF
+mirrors:
+  ${REGISTRY_HOST}:
+    endpoint:
+      - "https://${REGISTRY_HOST}"
+configs:
+  ${REGISTRY_HOST}:
+    auth:
+      username: admin
+      password: $(cat /root/registry-password)
+EOF
+}
+
+if [ "$MODE" = "agent" ]; then
+	if [ -z "${K3S_URL:-}" ] || [ -z "${K3S_TOKEN:-}" ]; then
+		echo "agent mode requires K3S_URL and K3S_TOKEN env" >&2
+		echo "  on the server:  cat /var/lib/rancher/k3s/server/node-token" >&2
+		echo "  then on agent:  K3S_URL=https://<server-ip>:6443 K3S_TOKEN=<token> $0 agent" >&2
+		exit 1
+	fi
+	write_registries
+	if ! command -v k3s-agent >/dev/null 2>&1 && ! systemctl is-active --quiet k3s-agent; then
+		curl -sfL https://get.k3s.io | K3S_URL="$K3S_URL" K3S_TOKEN="$K3S_TOKEN" sh -
+	else
+		systemctl restart k3s-agent
+	fi
+	echo
+	echo "k3s agent joined ${K3S_URL}"
+	exit 0
+fi
+
+if ! systemctl is-active --quiet k3s; then
 	curl -sfL https://get.k3s.io | \
 		INSTALL_K3S_EXEC="--disable=traefik --write-kubeconfig-mode=644" \
 		sh -
@@ -22,28 +67,10 @@ if ! command -v helm >/dev/null 2>&1; then
 	apt-get install -y helm
 fi
 
-if [ ! -f /root/registry-password ]; then
-	echo "need /root/registry-password (zot admin password)" >&2
-	exit 1
-fi
-
-mkdir -p /etc/rancher/k3s
-cat > /etc/rancher/k3s/registries.yaml <<EOF
-mirrors:
-  ${REGISTRY_HOST}:
-    endpoint:
-      - "https://${REGISTRY_HOST}"
-configs:
-  ${REGISTRY_HOST}:
-    auth:
-      username: admin
-      password: $(cat /root/registry-password)
-EOF
-
+write_registries
 systemctl restart k3s
 
 export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
-
 until kubectl get nodes >/dev/null 2>&1; do sleep 2; done
 
 K01_DIR="$(cd "$(dirname "$0")" && pwd)"
@@ -75,4 +102,5 @@ kubectl -n redis-operator rollout status deploy/redis-operator --timeout=300s
 kubectl -n mongodb-operator rollout status deploy/mongodb-kubernetes-operator --timeout=300s
 
 echo
-echo "k3s + 4 operators ready"
+echo "k3s server + 4 operators ready"
+echo "node token: $(cat /var/lib/rancher/k3s/server/node-token)"