@qpjoy/tunnel-cli 0.1.12 → 0.2.2

package/README.md

@@ -132,6 +132,40 @@ Docker/Compose build containers, the CLI also injects container-facing variables
 such as `MARKET_CONTAINER_HTTP_PROXY` and `QP_TUNNEL_CONTAINER_HTTP_PROXY`
 pointing at `host.docker.internal:<mixed-port>`.
 
+### K8s/containerd Image Preload
+
+Kubernetes on kubeadm/containerd does not use Docker's image store. If Docker
+Compose can pull images through `tun-on` but pods still hit `ImagePullBackOff`,
+preload the runtime images into containerd's `k8s.io` namespace on the K8s host:
+
+```bash
+sudo qp-tunnel-cli tun-on
+sudo qp-tunnel-cli k8s preload-images
+sudo qp-tunnel-cli tun-off
+```
+
+The default preload set matches the MX Launcher Internal runtime images:
+`postgres:16-alpine`, `coredns/coredns:1.11.3`, and `caddy:2.8.4-alpine`.
+Add more images as needed:
+
+```bash
+sudo qp-tunnel-cli k8s preload-images \
+  --image postgres:16-alpine \
+  --image qpjoy/mx-launcher-server:shadow
+```
+
+If the cluster already has pods stuck in `ImagePullBackOff`, read the current
+pod specs and preload their referenced images:
+
+```bash
+sudo qp-tunnel-cli k8s preload-images --from-cluster
+```
+
+The command pulls missing images with Docker, saves them, and imports them with
+`ctr -n k8s.io images import`, so kubelet can start pods without reaching the
+remote registry. After preloading a previously failed pod image, restart the pod
+or rerun the deployment rollout.
+
 Install the bundled script as a normal Linux command:
 
 ```bash

package/README.setup.md

@@ -19,4 +19,12 @@ qp-tunnel-cli curl google.com
 
 # 删除mac的HDO进程
 qp-tunnel-cli hdo down --interface hdo-client
+
+# tunnel-cli
+qp-tunnel-cli install --url 'http://download:qpjoy@23.225.161.60:3434/peer_intelligent01.mihomo.yaml'
+
+# K8s/containerd 镜像预热：Docker 能拉，但 kubelet/containerd 不能拉时用
+sudo qp-tunnel-cli tun-on
+sudo qp-tunnel-cli k8s preload-images
+sudo qp-tunnel-cli tun-off
 ```

package/dist/index.js

@@ -4,6 +4,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const node_child_process_1 = require("node:child_process");
 const node_fs_1 = require("node:fs");
 const promises_1 = require("node:fs/promises");
+const node_os_1 = require("node:os");
 const node_path_1 = require("node:path");
 const hdo_1 = require("./hdo");
 const args = process.argv.slice(2);
@@ -12,6 +13,8 @@ const bundledClientScript = (0, node_path_1.resolve)(packageRoot, 'resources/mih
 const repoClientScript = (0, node_path_1.resolve)(packageRoot, '../../../scripts/mihomo-client.sh');
 const defaultInstallTarget = '/usr/local/bin/mihomo-client';
 const defaultMihomoConfigFile = '/etc/mihomo-client/config.yaml';
+const defaultK8sImageNamespace = 'k8s.io';
+const defaultK8sRuntimeImages = ['postgres:16-alpine', 'coredns/coredns:1.11.3', 'caddy:2.8.4-alpine'];
 const defaultNoProxyEntries = [
     'localhost',
     '127.0.0.1',
@@ -84,6 +87,7 @@ Usage:
   qp-tunnel-cli install-script [--target /usr/local/bin/mihomo-client]
   qp-tunnel-cli script-path
   qp-tunnel-cli client-help
+  qp-tunnel-cli k8s preload-images [--image postgres:16-alpine]
   qp-tunnel-cli hdo enroll --server-url https://domestic.example.com --username user
   qp-tunnel-cli <mihomo-client command> [options]
   qp-tunnel-cli -- <command> [args...]
@@ -97,6 +101,7 @@ Common commands:
   qp-tunnel-cli egress-on
   qp-tunnel-cli tun-on
   qp-tunnel-cli tun-off
+  qp-tunnel-cli k8s preload-images
   qp-tunnel-cli update-subscription
   qp-tunnel-cli hdo status
   qp-tunnel-cli uninstall --purge
@@ -111,6 +116,12 @@ receive HTTP_PROXY=http://127.0.0.1:<mixed-port>; Docker/Compose build contexts
 also receive container-facing variables such as MARKET_CONTAINER_HTTP_PROXY and
 QP_TUNNEL_CONTAINER_HTTP_PROXY=http://host.docker.internal:<mixed-port>.
 
+K8s/containerd hosts keep a separate image store from Docker. After tun-on or
+egress-on makes Docker pulls work, preload runtime images into containerd:
+  sudo qp-tunnel-cli tun-on
+  sudo qp-tunnel-cli k8s preload-images
+  sudo qp-tunnel-cli tun-off
+
 Install the script as a normal server command:
   sudo qp-tunnel-cli install-script
   sudo mihomo-client status
@@ -268,6 +279,261 @@ function runExternalCommand(commandArgs) {
     });
     exitFromSpawn(result);
 }
+function commandAvailable(command) {
+    const result = (0, node_child_process_1.spawnSync)('sh', ['-c', `command -v ${command} >/dev/null 2>&1`], {
+        stdio: 'ignore',
+    });
+    return result.status === 0;
+}
+function shellQuote(value) {
+    if (/^[A-Za-z0-9_./:@%+=,-]+$/.test(value)) {
+        return value;
+    }
+    return `'${value.replace(/'/g, "'\\''")}'`;
+}
+function runStep(command, commandArgs, dryRun = false) {
+    process.stdout.write(`+ ${[command, ...commandArgs].map(shellQuote).join(' ')}\n`);
+    if (dryRun) {
+        return;
+    }
+    const result = (0, node_child_process_1.spawnSync)(command, commandArgs, {
+        stdio: 'inherit',
+        env: process.env,
+    });
+    if (result.error) {
+        process.stderr.write(`${result.error.message}\n`);
+        process.exit(1);
+    }
+    if (result.signal) {
+        process.stderr.write(`Command terminated by signal ${result.signal}\n`);
+        process.exit(1);
+    }
+    if ((result.status ?? 0) !== 0) {
+        process.exit(result.status ?? 1);
+    }
+}
+function commandSucceeds(command, commandArgs) {
+    const result = (0, node_child_process_1.spawnSync)(command, commandArgs, {
+        stdio: 'ignore',
+        env: process.env,
+    });
+    return !result.error && !result.signal && result.status === 0;
+}
+function splitImageList(value) {
+    return value
+        .split(/[\s,]+/)
+        .map((item) => item.trim())
+        .filter(Boolean);
+}
+function dedupe(values) {
+    const seen = new Set();
+    const result = [];
+    for (const value of values) {
+        if (seen.has(value))
+            continue;
+        seen.add(value);
+        result.push(value);
+    }
+    return result;
+}
+function k8sHelp() {
+    process.stdout.write(`Usage:
+  qp-tunnel-cli k8s help
+  qp-tunnel-cli k8s preload-images [options]
+
+Options:
+  --image <image>       Add one image. Can be repeated.
+  --images <images>     Add comma- or space-separated images.
+  --from-cluster        Include images referenced by current Kubernetes pods.
+  --namespace <name>    containerd namespace. Default: ${defaultK8sImageNamespace}
+  --no-pull             Import only images already present in Docker.
+  --dry-run             Print commands without running them.
+
+Default images used when no image options are provided and --from-cluster is not set:
+  ${defaultK8sRuntimeImages.join(' ')}
+
+The preload command pulls with Docker, saves each image, then imports it into
+containerd's k8s.io namespace so kubelet can start pods without reaching the
+remote registry itself. Run it after tun-on or egress-on on the K8s host.
+`);
+}
+function parseK8sPreloadArgs(commandArgs) {
+    let namespace = defaultK8sImageNamespace;
+    let pull = true;
+    let dryRun = false;
+    let fromCluster = false;
+    const images = [];
+    for (let index = 0; index < commandArgs.length; index += 1) {
+        const arg = commandArgs[index];
+        if (arg === '--image') {
+            const value = commandArgs[index + 1];
+            if (!value) {
+                process.stderr.write('Missing value for --image.\n');
+                process.exit(1);
+            }
+            images.push(value);
+            index += 1;
+        }
+        else if (arg === '--images') {
+            const value = commandArgs[index + 1];
+            if (!value) {
+                process.stderr.write('Missing value for --images.\n');
+                process.exit(1);
+            }
+            images.push(...splitImageList(value));
+            index += 1;
+        }
+        else if (arg === '--namespace') {
+            const value = commandArgs[index + 1];
+            if (!value) {
+                process.stderr.write('Missing value for --namespace.\n');
+                process.exit(1);
+            }
+            namespace = value;
+            index += 1;
+        }
+        else if (arg === '--no-pull') {
+            pull = false;
+        }
+        else if (arg === '--dry-run') {
+            dryRun = true;
+        }
+        else if (arg === '--from-cluster') {
+            fromCluster = true;
+        }
+        else if (arg === '--help' || arg === '-h') {
+            k8sHelp();
+            process.exit(0);
+        }
+        else {
+            process.stderr.write(`Unknown k8s preload-images option: ${arg}\n`);
+            process.exit(1);
+        }
+    }
+    return {
+        dryRun,
+        fromCluster,
+        images: dedupe(images),
+        namespace,
+        pull,
+    };
+}
+function ensureK8sHostTools(dryRun, fromCluster) {
+    if (dryRun) {
+        return;
+    }
+    const requiredCommands = fromCluster ? ['docker', 'ctr', 'kubectl'] : ['docker', 'ctr'];
+    const missing = requiredCommands.filter((command) => !commandAvailable(command));
+    if (missing.length > 0) {
+        process.stderr.write(`Missing required command(s): ${missing.join(', ')}\nInstall Docker and containerd, then retry on the K8s host.\n`);
+        process.exit(1);
+    }
+}
+function collectImagesFromContainerList(value, images) {
+    if (!Array.isArray(value)) {
+        return;
+    }
+    for (const container of value) {
+        if (typeof container === 'object' &&
+            container !== null &&
+            'image' in container &&
+            typeof container.image === 'string') {
+            images.push(container.image);
+        }
+    }
+}
+function collectClusterPodImages(dryRun) {
+    process.stdout.write('+ kubectl get pods -A -o json\n');
+    if (dryRun) {
+        return [];
+    }
+    const result = (0, node_child_process_1.spawnSync)('kubectl', ['get', 'pods', '-A', '-o', 'json'], {
+        encoding: 'utf8',
+        env: process.env,
+    });
+    if (result.error) {
+        process.stderr.write(`${result.error.message}\n`);
+        process.exit(1);
+    }
+    if (result.signal) {
+        process.stderr.write(`Command terminated by signal ${result.signal}\n`);
+        process.exit(1);
+    }
+    if ((result.status ?? 0) !== 0) {
+        process.stderr.write(result.stderr || 'kubectl get pods failed.\n');
+        process.exit(result.status ?? 1);
+    }
+    const parsed = JSON.parse(result.stdout);
+    const images = [];
+    for (const item of parsed.items ?? []) {
+        const spec = item.spec ?? {};
+        collectImagesFromContainerList(spec.initContainers, images);
+        collectImagesFromContainerList(spec.containers, images);
+        collectImagesFromContainerList(spec.ephemeralContainers, images);
+    }
+    return dedupe(images);
+}
+function importDockerImageIntoContainerd(image, namespace, dryRun) {
+    const tempDir = dryRun ? '/tmp/qp-tunnel-cli-k8s-dry-run' : (0, node_fs_1.mkdtempSync)((0, node_path_1.join)((0, node_os_1.tmpdir)(), 'qp-tunnel-cli-k8s-'));
+    const archive = (0, node_path_1.join)(tempDir, 'image.tar');
+    try {
+        runStep('docker', ['save', image, '-o', archive], dryRun);
+        runStep('ctr', ['-n', namespace, 'images', 'import', archive], dryRun);
+    }
+    finally {
+        if (!dryRun) {
+            (0, node_fs_1.rmSync)(tempDir, { recursive: true, force: true });
+        }
+    }
+}
+function preloadK8sImages(commandArgs) {
+    if (process.platform !== 'linux') {
+        process.stderr.write('K8s/containerd image preload targets Linux servers. Run this on the K8s host.\n');
+        process.exit(1);
+    }
+    if (!isRoot()) {
+        sudoSelf(['k8s', 'preload-images', ...commandArgs]);
+    }
+    const options = parseK8sPreloadArgs(commandArgs);
+    ensureK8sHostTools(options.dryRun, options.fromCluster);
+    const clusterImages = options.fromCluster ? collectClusterPodImages(options.dryRun) : [];
+    const images = dedupe([
+        ...(options.images.length > 0 || options.fromCluster ? options.images : defaultK8sRuntimeImages),
+        ...clusterImages,
+    ]);
+    if (images.length === 0) {
+        process.stderr.write('No K8s images found to preload.\n');
+        process.exit(1);
+    }
+    process.stdout.write(`Preloading ${images.length} image(s) into containerd namespace ${options.namespace}\n`);
+    for (const image of images) {
+        process.stdout.write(`\nImage: ${image}\n`);
+        const inDocker = !options.dryRun && commandSucceeds('docker', ['image', 'inspect', image]);
+        if (!inDocker && options.pull) {
+            runStep('docker', ['pull', image], options.dryRun);
+        }
+        else if (!inDocker && !options.pull) {
+            process.stderr.write(`Docker image is missing and --no-pull was set: ${image}\n`);
+            process.exit(1);
+        }
+        importDockerImageIntoContainerd(image, options.namespace, options.dryRun);
+    }
+    process.stdout.write('\nK8s/containerd image preload complete.\n');
+}
+function runK8sCommand(commandArgs) {
+    const subcommand = commandArgs[0] ?? 'help';
+    if (subcommand === 'help' || subcommand === '--help' || subcommand === '-h') {
+        k8sHelp();
+        return;
+    }
+    if (subcommand === 'preload' || subcommand === 'preload-images' || subcommand === 'containerd-preload') {
+        preloadK8sImages(commandArgs.slice(1));
+        return;
+    }
+    process.stderr.write(`Unknown k8s command: ${subcommand}\n`);
+    k8sHelp();
+    process.exit(1);
+}
 function parseInstallScriptArgs(scriptArgs) {
     let target = defaultInstallTarget;
     for (let index = 0; index < scriptArgs.length; index += 1) {
@@ -353,6 +619,10 @@ async function main() {
         installClientScript(args.slice(1));
         return;
     }
+    if (command === 'k8s') {
+        runK8sCommand(args.slice(1));
+        return;
+    }
     if (command === 'hdo' || command === 'hdo-enroll' || command === 'hdo-refresh') {
         const hdoArgs = command === 'hdo' ? args.slice(1) : [command.replace(/^hdo-/, ''), ...args.slice(1)];
         await (0, hdo_1.runHdoCli)(hdoArgs, { isRoot, sudoSelf });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qpjoy/tunnel-cli",
-  "version": "0.1.12",
+  "version": "0.2.2",
   "description": "Global QPJoy Tunnel CLI for mihomo-client and cross-platform HDO mesh enrollment.",
   "private": false,
   "type": "commonjs",
@@ -22,7 +22,7 @@
     "access": "public"
   },
   "dependencies": {
-    "@qpjoy/electron-core-wireguard": "^0.1.30"
+    "@qpjoy/electron-core-wireguard": "^0.2.1"
   },
   "devDependencies": {
     "@types/node": "^22.10.7"