From f6c35d9dc9eae4931c511ef586dfe239a4a56c42 Mon Sep 17 00:00:00 2001
From: yy <56745951+lingdie@users.noreply.github.com>
Date: Fri, 20 Oct 2023 17:12:28 +0800
Subject: [PATCH 01/10] fix license base64 decode salt. (#4127)

Signed-off-by: yy <lingdie.yy@outlook.com>
---
 controllers/job/init/deploy/manifests/deploy.yaml     |  2 +-
 .../job/init/internal/util/database/password.go       | 11 +++--------
 controllers/job/init/internal/util/database/user.go   |  6 +-----
 deploy/cloud/scripts/init.sh                          |  2 +-
 4 files changed, 6 insertions(+), 15 deletions(-)

diff --git a/controllers/job/init/deploy/manifests/deploy.yaml b/controllers/job/init/deploy/manifests/deploy.yaml
index 7a109af32c3..3a9460bc115 100644
--- a/controllers/job/init/deploy/manifests/deploy.yaml
+++ b/controllers/job/init/deploy/manifests/deploy.yaml
@@ -39,7 +39,7 @@ spec:
               secretKeyRef:
                 name: desktop-frontend-secret
                 key: mongodb_uri
-          - name: PASSWORD_SALT_KEY
+          - name: PASSWORD_SALT
             valueFrom:
               secretKeyRef:
                 name: desktop-frontend-secret
diff --git a/controllers/job/init/internal/util/database/password.go b/controllers/job/init/internal/util/database/password.go
index 0674363011c..2a92b637144 100644
--- a/controllers/job/init/internal/util/database/password.go
+++ b/controllers/job/init/internal/util/database/password.go
@@ -2,7 +2,6 @@ package database
 
 import (
 	"crypto/sha256"
-	"encoding/base64"
 	"encoding/hex"
 	"os"
 )
@@ -11,12 +10,8 @@ var (
 	saltKey = os.Getenv("PASSWORD_SALT_KEY")
 )
 
-func hashPassword(password string) (string, error) {
+func hashPassword(password string) string {
 	hash := sha256.New()
-	validSalt, err := base64.StdEncoding.DecodeString(saltKey)
-	if err != nil {
-		return "", err
-	}
-	hash.Write([]byte(password + string(validSalt)))
-	return hex.EncodeToString(hash.Sum(nil)), nil
+	hash.Write([]byte(password + saltKey))
+	return hex.EncodeToString(hash.Sum(nil))
 }
diff --git a/controllers/job/init/internal/util/database/user.go b/controllers/job/init/internal/util/database/user.go
index fd9ba3f8cfa..4cffc606d4f 100644
--- a/controllers/job/init/internal/util/database/user.go
+++ b/controllers/job/init/internal/util/database/user.go
@@ -56,11 +56,7 @@ func PresetAdminUser(ctx context.Context) error {
 }
 
 func newAdminUser() (*User, error) {
-	hashedPassword, err := hashPassword(DefaultAdminPassword)
-	if err != nil {
-		return nil, err
-	}
-	return newUser(uuid.New().String(), DefaultAdminUserName, DefaultAdminUserName, hashedPassword, controller.DefaultAdminUserName), nil
+	return newUser(uuid.New().String(), DefaultAdminUserName, DefaultAdminUserName, hashPassword(DefaultAdminPassword), controller.DefaultAdminUserName), nil
 }
 
 func newUser(uid, name, passwordUser, hashedPassword, k8sUser string) *User {
diff --git a/deploy/cloud/scripts/init.sh b/deploy/cloud/scripts/init.sh
index bce59ad69ba..ccb838827a8 100644
--- a/deploy/cloud/scripts/init.sh
+++ b/deploy/cloud/scripts/init.sh
@@ -172,7 +172,7 @@ function sealos_authorize {
   # wait for admin user create
   echo "Waiting for admin user create"
 
-  while [ -z "$(kubectl get ns -n ns-admin 2>/dev/null)" ]; do
+  while [ -z "$(kubectl get ns ns-admin 2>/dev/null)" ]; do
     sleep 1
   done
 

From 691925938b50e3b597154a71f73233e9955b47c9 Mon Sep 17 00:00:00 2001
From: yy <56745951+lingdie@users.noreply.github.com>
Date: Fri, 20 Oct 2023 17:56:50 +0800
Subject: [PATCH 02/10] Fix license (#4129)

* fix license base64 decode salt.

Signed-off-by: yy <lingdie.yy@outlook.com>

* fix PASSWORD_SALT typo.

Signed-off-by: yy <lingdie.yy@outlook.com>

---------

Signed-off-by: yy <lingdie.yy@outlook.com>
---
 controllers/job/init/internal/util/database/password.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controllers/job/init/internal/util/database/password.go b/controllers/job/init/internal/util/database/password.go
index 2a92b637144..6072e0571c8 100644
--- a/controllers/job/init/internal/util/database/password.go
+++ b/controllers/job/init/internal/util/database/password.go
@@ -7,7 +7,7 @@ import (
 )
 
 var (
-	saltKey = os.Getenv("PASSWORD_SALT_KEY")
+	saltKey = os.Getenv("PASSWORD_SALT")
 )
 
 func hashPassword(password string) string {

From 10d9a64be4bc26ecfcf79f6eb0926af482df4785 Mon Sep 17 00:00:00 2001
From: sealos-release-robot <sealos-release-robot@sealos.io>
Date: Fri, 20 Oct 2023 22:26:21 +0800
Subject: [PATCH 03/10] docs: Automated Changelog Update for v4.3.6 (#4132)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* 🤖 add release changelog using robot.

Signed-off-by: sealos-release-robot <sealos-release-robot@sealos.io>

* Update CHANGELOG.md

---------

Signed-off-by: sealos-release-robot <sealos-release-robot@sealos.io>
Co-authored-by: cuisongliu <cuisongliu@qq.com>
---
 CHANGELOG/CHANGELOG-4.3.6.md | 19 +++++++++++++++++++
 CHANGELOG/CHANGELOG.md       |  1 +
 2 files changed, 20 insertions(+)
 create mode 100644 CHANGELOG/CHANGELOG-4.3.6.md

diff --git a/CHANGELOG/CHANGELOG-4.3.6.md b/CHANGELOG/CHANGELOG-4.3.6.md
new file mode 100644
index 00000000000..f579f0772a4
--- /dev/null
+++ b/CHANGELOG/CHANGELOG-4.3.6.md
@@ -0,0 +1,19 @@
+Welcome to the v4.3.6 release of Sealos!🎉🎉!
+
+
+
+## Changelog
+### Bug fixes
+* 34236b4ef946e09ebf695cc7640fb33cf87f5353: fix: create new container mount when force override (#4068) (#4072) (#4079) (@cuisongliu)
+### Other work
+* a2719848e02e5a00ffa7718243bfaf8801d77669: :bug: set default http sync registry (#4120) (@cuisongliu)
+* ff6ac8ce09d66a4da123d714df8c8c13648487a4: Fix conflicts (#4065) (@muicoder)
+* b5efb5997988d7be74a042781e7a8008bfcecab9: fix sync image (#4119) (@bxy4543)
+
+**Full Changelog**: https://github.com/labring/sealos/compare/v4.3.5...v4.3.6
+
+See [the CHANGELOG](https://github.com/labring/sealos/blob/main/CHANGELOG/CHANGELOG.md) for more details.
+
+Your patronage towards Sealos is greatly appreciated 🎉🎉.
+
+If you encounter any problems during its usage, please create an issue in the [GitHub repository](https://github.com/labring/sealos), we're committed to resolving your problem as soon as possible.
diff --git a/CHANGELOG/CHANGELOG.md b/CHANGELOG/CHANGELOG.md
index d3756f3c4fa..c96991985b8 100644
--- a/CHANGELOG/CHANGELOG.md
+++ b/CHANGELOG/CHANGELOG.md
@@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file.
 - [CHANGELOG-4.4.0-beta1.md](./CHANGELOG-4.4.0-beta1.md)
 - [CHANGELOG-4.4.0-alpha3.md](./CHANGELOG-4.4.0-alpha3.md)
 - [CHANGELOG-4.4.0-alpha1.md](./CHANGELOG-4.4.0-alpha1.md)
+- [CHANGELOG-4.3.6.md](./CHANGELOG-4.3.6.md)
 - [CHANGELOG-4.3.5.md](./CHANGELOG-4.3.5.md)
 - [CHANGELOG-4.3.4.md](./CHANGELOG-4.3.4.md)
 - [CHANGELOG-4.3.3.md](./CHANGELOG-4.3.3.md)

From a0dd4b1fab8fc40ec3b34f39d3b0ca147b030516 Mon Sep 17 00:00:00 2001
From: yy <56745951+lingdie@users.noreply.github.com>
Date: Sat, 21 Oct 2023 09:43:32 +0800
Subject: [PATCH 04/10] Fix license (#4131)

* fix license base64 decode salt.

Signed-off-by: yy <lingdie.yy@outlook.com>

* fix PASSWORD_SALT typo.

Signed-off-by: yy <lingdie.yy@outlook.com>

* fix login error, user label.

Signed-off-by: yy <lingdie.yy@outlook.com>

---------

Signed-off-by: yy <lingdie.yy@outlook.com>
---
 controllers/job/init/internal/util/common/uuid.go  | 12 ++++++++++++
 .../job/init/internal/util/controller/user.go      | 14 ++++++++++----
 .../job/init/internal/util/database/user.go        |  7 +++----
 3 files changed, 25 insertions(+), 8 deletions(-)
 create mode 100644 controllers/job/init/internal/util/common/uuid.go

diff --git a/controllers/job/init/internal/util/common/uuid.go b/controllers/job/init/internal/util/common/uuid.go
new file mode 100644
index 00000000000..c42c3cde8bf
--- /dev/null
+++ b/controllers/job/init/internal/util/common/uuid.go
@@ -0,0 +1,12 @@
+package common
+
+import "github.com/google/uuid"
+
+var adminUID string
+
+func AdminUID() string {
+	if adminUID == "" {
+		adminUID = uuid.New().String()
+	}
+	return adminUID
+}
diff --git a/controllers/job/init/internal/util/controller/user.go b/controllers/job/init/internal/util/controller/user.go
index 4a3384cb80a..ee256745c31 100644
--- a/controllers/job/init/internal/util/controller/user.go
+++ b/controllers/job/init/internal/util/controller/user.go
@@ -2,13 +2,14 @@ package controller
 
 import (
 	"context"
+	"time"
+
+	"github.com/labring/sealos/controllers/job/init/internal/util/common"
+	userv1 "github.com/labring/sealos/controllers/user/api/v1"
 
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
-
-	userv1 "github.com/labring/sealos/controllers/user/api/v1"
-
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -41,7 +42,12 @@ func PresetAdminUser(ctx context.Context) error {
 	if err != nil {
 		return err
 	}
-	_, err = ctrl.CreateOrUpdate(ctx, c, &userv1.User{ObjectMeta: ctrl.ObjectMeta{Name: DefaultAdminUserName}}, func() error { return nil })
+	_, err = ctrl.CreateOrUpdate(ctx, c, &userv1.User{
+		ObjectMeta: ctrl.ObjectMeta{
+			Name:   DefaultAdminUserName,
+			Labels: map[string]string{"uid": common.AdminUID(), "updateTime": time.Now().Format(time.RFC3339)},
+		},
+	}, func() error { return nil })
 	if err != nil {
 		return err
 	}
diff --git a/controllers/job/init/internal/util/database/user.go b/controllers/job/init/internal/util/database/user.go
index 4cffc606d4f..cf3d324cc8a 100644
--- a/controllers/job/init/internal/util/database/user.go
+++ b/controllers/job/init/internal/util/database/user.go
@@ -5,10 +5,9 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/labring/sealos/controllers/job/init/internal/util/errors"
-
-	"github.com/google/uuid"
+	"github.com/labring/sealos/controllers/job/init/internal/util/common"
 	"github.com/labring/sealos/controllers/job/init/internal/util/controller"
+	"github.com/labring/sealos/controllers/job/init/internal/util/errors"
 	"github.com/labring/sealos/controllers/pkg/utils/logger"
 )
 
@@ -56,7 +55,7 @@ func PresetAdminUser(ctx context.Context) error {
 }
 
 func newAdminUser() (*User, error) {
-	return newUser(uuid.New().String(), DefaultAdminUserName, DefaultAdminUserName, hashPassword(DefaultAdminPassword), controller.DefaultAdminUserName), nil
+	return newUser(common.AdminUID(), DefaultAdminUserName, DefaultAdminUserName, hashPassword(DefaultAdminPassword), controller.DefaultAdminUserName), nil
 }
 
 func newUser(uid, name, passwordUser, hashedPassword, k8sUser string) *User {

From 4f8e05df3d5aafcdb2d139ceb091df49a68a28e1 Mon Sep 17 00:00:00 2001
From: zzjin <zzjin@users.noreply.github.com>
Date: Sat, 21 Oct 2023 10:35:52 +0800
Subject: [PATCH 05/10] Fix registry link. (#4133)

---
 deploy/registry/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/deploy/registry/README.md b/deploy/registry/README.md
index 9d82c995b15..8d16f1387c8 100644
--- a/deploy/registry/README.md
+++ b/deploy/registry/README.md
@@ -48,7 +48,7 @@ with at least svc(s) below:
 ### Base applications requirements
 
 1. At least one storage Provider, here we use aliyun OSS and CDN. Or, you can use openebs.
-    * `AliOSS`: read [this](https://github.com/docker/docs/blob/main/content/registry/storage-drivers/oss.md)
+    * `AliOSS`: read [this](https://distribution.github.io/distribution/storage-drivers/)
     * `openebs` : `sealos run labring/openebs:v1.9.0`
 
 2. One Domain name with admin access
@@ -69,7 +69,7 @@ with at least svc(s) below:
 
 1. Example(@see [deploy.yaml](./manifests/deploy.yaml))
 
-2. Read docker registry docs about [config](https://docs.docker.com/registry/configuration/)
+2. Read docker registry docs about [config](https://distribution.github.io/distribution/about/configuration/)
 
 3. Edit `auth`, use your own auth server.
 

From 433e23a84320aee305a83c63b7b9cbdfc6a0fd4f Mon Sep 17 00:00:00 2001
From: sealos-release-robot <sealos-release-robot@sealos.io>
Date: Mon, 23 Oct 2023 09:05:24 +0800
Subject: [PATCH 06/10] docs: Automated Changelog Update for v4.3.7-rc1 (#4137)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* 🤖 add release changelog using robot.

Signed-off-by: sealos-release-robot <sealos-release-robot@sealos.io>

* Update CHANGELOG.md

* Update CHANGELOG.md

---------

Signed-off-by: sealos-release-robot <sealos-release-robot@sealos.io>
Co-authored-by: sealos-ci-robot <109538726+sealos-ci-robot@users.noreply.github.com>
---
 CHANGELOG/CHANGELOG-4.3.7-rc1.md | 15 +++++++++++++++
 CHANGELOG/CHANGELOG.md           |  1 +
 2 files changed, 16 insertions(+)
 create mode 100644 CHANGELOG/CHANGELOG-4.3.7-rc1.md

diff --git a/CHANGELOG/CHANGELOG-4.3.7-rc1.md b/CHANGELOG/CHANGELOG-4.3.7-rc1.md
new file mode 100644
index 00000000000..c36652e0e02
--- /dev/null
+++ b/CHANGELOG/CHANGELOG-4.3.7-rc1.md
@@ -0,0 +1,15 @@
+Welcome to the v4.3.7-rc1 release of Sealos!🎉🎉!
+
+
+
+## Changelog
+### Other work
+* fef14bea9df8b36ec124e1a66a950fd12d2ae462: :bug: support env for export (#4135) (@cuisongliu)
+
+**Full Changelog**: https://github.com/labring/sealos/compare/v4.3.6...v4.3.7-rc1
+
+See [the CHANGELOG](https://github.com/labring/sealos/blob/main/CHANGELOG/CHANGELOG.md) for more details.
+
+Your patronage towards Sealos is greatly appreciated 🎉🎉.
+
+If you encounter any problems during its usage, please create an issue in the [GitHub repository](https://github.com/labring/sealos), we're committed to resolving your problem as soon as possible.
diff --git a/CHANGELOG/CHANGELOG.md b/CHANGELOG/CHANGELOG.md
index c96991985b8..0eb018bbf62 100644
--- a/CHANGELOG/CHANGELOG.md
+++ b/CHANGELOG/CHANGELOG.md
@@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file.
 - [CHANGELOG-4.4.0-beta1.md](./CHANGELOG-4.4.0-beta1.md)
 - [CHANGELOG-4.4.0-alpha3.md](./CHANGELOG-4.4.0-alpha3.md)
 - [CHANGELOG-4.4.0-alpha1.md](./CHANGELOG-4.4.0-alpha1.md)
+- [CHANGELOG-4.3.7-rc1.md](./CHANGELOG-4.3.7-rc1.md)
 - [CHANGELOG-4.3.6.md](./CHANGELOG-4.3.6.md)
 - [CHANGELOG-4.3.5.md](./CHANGELOG-4.3.5.md)
 - [CHANGELOG-4.3.4.md](./CHANGELOG-4.3.4.md)

From 9678c6358876f598a6248fbe808192588d7f5a10 Mon Sep 17 00:00:00 2001
From: Jiahui <4543bxy@gmail.com>
Date: Mon, 23 Oct 2023 10:37:09 +0800
Subject: [PATCH 07/10] optimize scripts (#4130)

* optimize scripts:
  Expose image registry and repository as environment variable Settings, optimize image log pulling, optimize avx to switch to mongo4.0 log information, `bash install.sh -h` usage

* fix pull image version
---
 scripts/cloud/install.sh | 251 +++++++++++++++++++++++++++++----------
 1 file changed, 187 insertions(+), 64 deletions(-)

diff --git a/scripts/cloud/install.sh b/scripts/cloud/install.sh
index 91e280e1b17..8796569d654 100644
--- a/scripts/cloud/install.sh
+++ b/scripts/cloud/install.sh
@@ -18,16 +18,18 @@ CLOUD_VERSION="latest"
 #input_cert=
 #cert_path=
 #key_path=
-#local_install=y/n
-kubernetes_version=1.25.6
-cilium_version=1.12.14
-cert_manager_version=1.8.0
-helm_version=3.12.0
-openebs_version=3.4.0
-reflector_version=7.0.151
-ingress_nginx_version=1.5.1
-kubeblocks_version=0.6.2
-metrics_server_version=0.6.4
+#single=y/n
+image_registry=${image_registry:-"docker.io"}
+image_repository=${image_repository:-"labring"}
+kubernetes_version=${kubernetes_version:-"1.25.6"}
+cilium_version=${cilium_version:-"1.12.14"}
+cert_manager_version=${cert_manager_version:-"1.8.0"}
+helm_version=${helm_version:-"3.12.0"}
+openebs_version=${openebs_version:-"3.4.0"}
+reflector_version=${reflector_version:-"7.0.151"}
+ingress_nginx_version=${ingress_nginx_version:-"1.5.1"}
+kubeblocks_version=${kubeblocks_version:-"0.6.2"}
+metrics_server_version=${metrics_server_version:-"0.6.4"}
 
 
 # Define English and Chinese prompts
@@ -35,7 +37,7 @@ declare -A PROMPTS_EN PROMPTS_CN
 
 PROMPTS_EN=(
     ["pre_prompt"]="Depends on iptables, please make sure iptables is installed, multi-node needs to configure ssh password-free login or the same password, using self-signed certificate to complete the installation requires self-trust certificate"
-    ["pull_image"]="Pulling images"
+    ["pull_image"]="Pulling image: "
     ["install_sealos"]="Sealos CLI is not installed. Do you want to install it now? (y/n): "
     ["input_master_ips"]="Please enter Master IPs (press Enter to skip this step for local installation; comma separated for multiple master nodes, e.g: 192.168.0.1,192.168.0.2,192.168.0.3)"
     ["invalid_ips"]="Invalid IPs or no IPs provided. Please try again."
@@ -47,7 +49,7 @@ PROMPTS_EN=(
     ["input_certificate"]="Do you want to input a certificate? (y/n): "
     ["certificate_path"]="Please input the certificate path: "
     ["private_key_path"]="Please input the private key path: "
-    ["choose_language"]="Choose language / 选择语言:"
+    ["choose_language"]="Choose prompt language / 选择提示语言:"
     ["enter_choice"]="Enter your choice (1/2): "
     ["k8s_installation"]="Installing Kubernetes cluster."
     ["ingress_installation"]="Installing ingress-nginx-controller and kubeblocks."
@@ -60,12 +62,44 @@ PROMPTS_EN=(
     ["cilium_requirement"]="When running Cilium using the container image cilium/cilium, the host system must meet these requirements:
 Hosts with either AMD64 or AArch64 architecture
 Linux kernel >= 4.19.57 or equivalent (e.g., 4.18 on RHEL8)"
-    ["mongo_avx_requirement"]="MongoDB 5.0 version depends on CPU that supports AVX instruction set, the current environment does not support avx, so only mongo4.0 version can be used. For more information, see: https://www.mongodb.com/docs/v5.0/administration/production-notes/"
+    ["mongo_avx_requirement"]="MongoDB 5.0 version depends on CPU that supports AVX instruction set, the current environment does not support avx, has been switched to mongo4.0 version, for more information, see:https://www.mongodb.com/docs/v5.0/administration/production-notes/"
+    ["usage"]="Usage: $0 [options]
+
+Options:
+   --image_registry             # Image registry address (default: docker.io)
+   --image_repository           # Image repository name (default: labring)
+   --kubernetes_version         # Kubernetes version (default: 1.25.6)
+   --cilium_version             # Cilium version (default: 1.12.14)
+   --cert_manager_version       # Cert Manager version (default: 1.8.0)
+   --helm_version               # Helm version (default: 3.12.0)
+   --openebs_version            # OpenEBS version (default: 3.4.0)
+   --reflector_version          # Reflector version (default: 7.0.151)
+   --ingress_nginx_version      # Ingress Nginx version (default: 1.5.1)
+   --kubeblocks_version         # Kubeblocks version (default: 0.6.2)
+   --metrics_server_version     # Metrics Server version (default: 0.6.4)
+   --cloud_version              # Sealos Cloud version (default: latest)
+   --mongodb_version            # MongoDB version (default: mongodb-5.0)
+   --master_ips                 # Master node IP list, comma separated (single node and current execution node can be left blank)
+   --node_ips                   # Node node IP list, comma separated, can be skipped
+   --ssh_private_key            # SSH private key path (default: $HOME/.ssh/id_rsa)
+   --ssh_password               # SSH password
+   --pod_cidr                   # Pod subnet (default: 100.64.0.0/10)
+   --service_cidr               # Service subnet (default: 10.96.0.0/22)
+   --cloud_domain               # Cloud domain
+   --cloud_port                 # Cloud port (default: 443)
+   --cert_path                  # Certificate path
+   --key_path                   # Private key path
+   --single                     # Whether to install locally: y/n
+   --zh                         # Chinese prompt
+   --en                         # English prompt
+   --help                       # Help information"
 )
 
 PROMPTS_CN=(
     ["pre_prompt"]="依赖iptables，请确保iptables已经安装，多节点需要配置ssh免密登录或密码一致, 使用自签证书安装完成后需要自信任证书"
-    ["pull_image"]="正在拉取镜像"
+    ["pull_image"]="正在拉取镜像: "
+    ["pull_image_success"]="镜像拉取成功: "
+    ["pull_image_failed"]="镜像拉取失败: "
     ["install_sealos"]="Sealos CLI没有安装，是否安装？(y/n): "
     ["input_master_ips"]="请输入Master IPs (单节点本地安装可回车跳过该步骤；多个master节点使用逗号分隔, 例: 192.168.0.1,192.168.0.2,192.168.0.3): "
     ["invalid_ips"]="IP无效或没有提供IP，请再试一次。"
@@ -74,7 +108,7 @@ PROMPTS_CN=(
     ["service_subnet"]="请输入service子网 (回车使用默认值: 10.96.0.0/22): "
     ["cloud_domain"]="请输入云域名:（例:127.0.0.1.nip.io) "
     ["cloud_port"]="请输入云端口 (回车使用默认值: 443): "
-    ["input_certificate"]="请输入证书吗？(y/n): "
+    ["input_certificate"]="是否需要输入证书？(y/n): "
     ["certificate_path"]="请输入证书路径: "
     ["private_key_path"]="请输入私钥路径: "
     ["choose_language"]="请选择语言:"
@@ -90,30 +124,71 @@ PROMPTS_CN=(
     ["cilium_requirement"]="正在使用Cilium作为网络插件，主机系统必须满足以下要求:
 具有AMD64或AArch64架构的主机
 Linux内核> = 4.19.57或等效版本（例如，在RHEL8上为4.18）"
-    ["mongo_avx_requirement"]="MongoDB 5.0版本依赖支持 AVX 指令集的 CPU，当前环境不支持avx，所以仅可使用mongo4.0版本，更多信息查看:https://www.mongodb.com/docs/v5.0/administration/production-notes/"
+    ["mongo_avx_requirement"]="MongoDB 5.0版本依赖支持 AVX 指令集的 CPU，当前环境不支持avx，已切换为mongo4.0版本，更多信息查看:https://www.mongodb.com/docs/v5.0/administration/production-notes/"
+    ["usage"]="Usage: $0 [options]=[value] [options]=[value] ...
+
+Options:
+   --image_registry             # 镜像仓库地址 (默认: docker.io)
+   --image_repository           # 镜像仓库名称 (默认: labring)
+   --kubernetes_version         # Kubernetes版本 (默认: 1.25.6)
+   --cilium_version             # Cilium版本 (默认: 1.12.14)
+   --cert_manager_version       # Cert Manager版本 (默认: 1.8.0)
+   --helm_version               # Helm版本 (默认: 3.12.0)
+   --openebs_version            # OpenEBS版本 (默认: 3.4.0)
+   --reflector_version          # Reflector版本 (默认: 7.0.151)
+   --ingress_nginx_version      # Ingress Nginx版本 (默认: 1.5.1)
+   --kubeblocks_version         # Kubeblocks版本 (默认: 0.6.2)
+   --metrics_server_version     # Metrics Server版本 (默认: 0.6.4)
+   --cloud_version              # Sealos Cloud版本 (默认: latest)
+   --mongodb_version            # MongoDB版本 (默认: mongodb-5.0)
+   --master_ips                 # Master节点IP列表,使用英文逗号分割 (单节点且为当前执行节点可不填写)
+   --node_ips                   # Node节点IP列表,使用英文逗号分割
+   --ssh_private_key            # SSH私钥路径 (默认: $HOME/.ssh/id_rsa)
+   --ssh_password               # SSH密码
+   --pod_cidr                   # Pod子网 (默认: 100.64.0.0/10)
+   --service_cidr               # Service子网 (默认: 10.96.0.0/22)
+   --cloud_domain               # 云域名
+   --cloud_port                 # 云端口 (默认: 443)
+   --cert_path                  # 证书路径
+   --key_path                   # 私钥路径
+   --single                     # 是否本地安装 (y/n)
+   --zh                         # 中文提示
+   --en                         # 英文提示
+   --help                       # 帮助信息"
 )
 
 # Choose Language
 get_prompt() {
     local key="$1"
+    local inline="$2"
+    local prompts=""
     if [[ $LANGUAGE == "CN" ]]; then
-        echo -e "${PROMPTS_CN[$key]}"
+        prompts="${PROMPTS_CN[$key]}"
     else
-        echo -e "${PROMPTS_EN[$key]}"
+        prompts="${PROMPTS_EN[$key]}"
+    fi
+    if [[ -n "$inline" ]]; then
+        echo -ne "$prompts"
+    else
+        echo -e "$prompts"
     fi
 }
 
-get_prompt "choose_language"
-echo "1. English"
-echo "2. 中文"
-read -p "$(get_prompt "enter_choice")" lang_choice
-echo -ne "\033[4F\033[2K"
-
-if [[ $lang_choice == "2" ]]; then
-    LANGUAGE="CN"
-else
-    LANGUAGE="EN"
-fi
+set_language() {
+  if [[ $LANGUAGE == "" ]]; then
+      get_prompt "choose_language"
+      echo "1. English"
+      echo "2. 中文"
+      get_prompt "enter_choice"
+      read -p " " lang_choice
+      if [[ $lang_choice == "2" ]]; then
+          LANGUAGE="CN"
+      fi
+  fi
+  if [[ $LANGUAGE != "CN" ]]; then
+      LANGUAGE="EN"
+  fi
+}
 
 #TODO mongo 5.0 need avx support, if not support, change to 4.0
 setMongoVersion() {
@@ -146,17 +221,27 @@ init() {
     fi
 
     get_prompt "pre_prompt"
-    get_prompt "pull_image"
-    sealos pull -q docker.io/labring/kubernetes:v${kubernetes_version#v:-1.25.6} >/dev/null
-    sealos pull -q docker.io/labring/cilium:v${cilium_version#v:-1.12.14} >/dev/null
-    sealos pull -q docker.io/labring/cert-manager:v${cert_manager_version#v:-1.8.0} >/dev/null
-    sealos pull -q docker.io/labring/helm:v${helm_version#v:-3.12.0} >/dev/null
-    sealos pull -q docker.io/labring/openebs:v${openebs_version#v:-3.4.0} >/dev/null
-    sealos pull -q docker.io/labring/ingress-nginx:v${ingress_nginx_version#v:-1.5.1} >/dev/null
-    sealos pull -q docker.io/labring/kubeblocks:v${kubeblocks_version#v:-0.6.2} >/dev/null
-    sealos pull -q docker.io/labring/metrics-server:v${metrics_server_version#v:-0.6.4} >/dev/null
-    sealos pull -q docker.io/labring/kubernetes-reflector:v${reflector_version#v:-7.0.151} >/dev/null
-    sealos pull -q docker.io/labring/sealos-cloud:${CLOUD_VERSION} >/dev/null
+    echo ""
+    pull_image "kubernetes" "v${kubernetes_version#v:-1.25.6}"
+    pull_image "cilium" "v${cilium_version#v:-1.12.14}"
+    pull_image "cert-manager" "v${cert_manager_version#v:-1.8.0}"
+    pull_image "helm" "v${helm_version#v:-3.12.0}"
+    pull_image "openebs" "v${openebs_version#v:-3.4.0}"
+    pull_image "ingress-nginx" "v${ingress_nginx_version#v:-1.5.1}"
+    pull_image "kubeblocks" "v${kubeblocks_version#v:-0.6.2}"
+    pull_image "metrics-server" "v${metrics_server_version#v:-0.6.4}"
+    pull_image "kubernetes-reflector" "v${reflector_version#v:-7.0.151}"
+    pull_image "sealos-cloud" "${CLOUD_VERSION}"
+}
+
+pull_image() {
+  image_name=$1
+  image_version=$2
+  inline="y"
+
+  echo -ne "\033[1F\033[2K"
+  get_prompt "pull_image" $inline && echo "$image_name:$image_version"
+  sealos pull -q "${image_registry}/${image_repository}/${image_name}:${image_version}" >/dev/null
 }
 
 collect_input() {
@@ -172,12 +257,12 @@ collect_input() {
     }
 
     # Master and Node IPs
-    if [[ $local_install != "y" ]]; then
+    if [[ $single != "y" && $master_ips == "" ]]; then
         while :; do
             read -p "$(get_prompt "input_master_ips")" master_ips
             if validate_ips "$master_ips"; then
                 if [[ -z "$master_ips" ]]; then
-                    local_install="y"
+                    single="y"
                 fi
                 break
             else
@@ -185,7 +270,7 @@ collect_input() {
             fi
         done
     fi
-    if [[ $local_install != "y" ]]; then
+    if [[ $single != "y" ]]; then
         while :; do
             read -p "$(get_prompt "input_node_ips")" node_ips
             if validate_ips "$node_ips"; then
@@ -203,15 +288,15 @@ collect_input() {
 
     fi
 
-    read -p "$(get_prompt "pod_subnet")" pod_cidr
+    [[ $pod_cidr != "" ]] || read -p "$(get_prompt "pod_subnet")" pod_cidr
 
-    read -p "$(get_prompt "service_subnet")" service_cidr
+    [[ $service_cidr != "" ]] || read -p "$(get_prompt "service_subnet")" service_cidr
 
-    read -p "$(get_prompt "cloud_domain")" cloud_domain
+    [[ $cloud_domain != "" ]] || read -p "$(get_prompt "cloud_domain")" cloud_domain
 
-    read -p "$(get_prompt "cloud_port")" cloud_port
+    [[ $cloud_port != "" ]] || read -p "$(get_prompt "cloud_port")" cloud_port
 
-    read -p "$(get_prompt "input_certificate")" input_cert
+    [[ $input_cert != "" || ($cert_path != "" && $key_path != "") ]] || read -p "$(get_prompt "input_certificate")" input_cert
 
     if [[ $input_cert == "y" || $input_cert == "Y" ]]; then
         read -p "$(get_prompt "certificate_path")" cert_path
@@ -235,7 +320,7 @@ metadata:
   name: secret
 spec:
   path: manifests/tls-secret.yaml
-  match: docker.io/labring/sealos-cloud:latest
+  match: ${image_registry}/${image_repository}/sealos-cloud:latest
   strategy: merge
   data: |
     data:
@@ -259,13 +344,13 @@ spec:
       kind: DaemonSet
       service:
         type: NodePort
-  match: docker.io/labring/ingress-nginx:v${ingress_nginx_version#v:-1.5.1}
+  match: ${image_registry}/${image_repository}/ingress-nginx:v${ingress_nginx_version#v:-1.5.1}
   path: charts/ingress-nginx/values.yaml
   strategy: merge
 "
     echo "$ingress_config" > $CLOUD_DIR/ingress-nginx-config.yaml
 
-    sealos_gen_cmd="sealos gen labring/kubernetes:v${kubernetes_version#v:-1.25.6}\
+    sealos_gen_cmd="sealos gen ${image_registry}/${image_repository}/kubernetes:v${kubernetes_version#v:-1.25.6}\
         ${master_ips:+--masters $master_ips}\
         ${node_ips:+--nodes $node_ips}\
         --pk=${ssh_private_key:-$HOME/.ssh/id_rsa}\
@@ -308,15 +393,15 @@ loading_animation() {
 }
 
 execute_commands() {
-    command -v kubelet > /dev/null 2>&1 || (get_prompt "k8s_installation" && sealos apply -f $CLOUD_DIR/Clusterfile)
-    command -v helm > /dev/null 2>&1 || sealos run "labring/helm:v${helm_version#v:-3.12.0}"
+    kubectl get no > /dev/null 2>&1 || (get_prompt "k8s_installation" && sealos apply -f $CLOUD_DIR/Clusterfile)
+    command -v helm > /dev/null 2>&1 || sealos run "${image_registry}/${image_repository}/helm:v${helm_version#v:-3.12.0}"
     get_prompt "cilium_requirement"
     if kubectl get no | grep NotReady > /dev/null 2>&1; then
-      sealos run "labring/cilium:v${cilium_version#v:-1.12.14}"
+      sealos run "${image_registry}/${image_repository}/cilium:v${cilium_version#v:-1.12.14}"
     fi
     wait_cluster_ready
-    sealos run "labring/cert-manager:v${cert_manager_version#v:-1.8.0}"
-    sealos run "labring/openebs:v${openebs_version#v:-3.4.0}"
+    sealos run "${image_registry}/${image_repository}/cert-manager:v${cert_manager_version#v:-1.8.0}"
+    sealos run "${image_registry}/${image_repository}/openebs:v${openebs_version#v:-3.4.0}"
     kubectl get sc openebs-backup > /dev/null 2>&1 || kubectl create -f - <<EOF
 apiVersion: storage.k8s.io/v1
 kind: StorageClass
@@ -328,12 +413,12 @@ volumeBindingMode: WaitForFirstConsumer
 EOF
 
     get_prompt "ingress_installation"
-    sealos run docker.io/labring/kubernetes-reflector:v${reflector_version#v:-7.0.151}\
-        docker.io/labring/ingress-nginx:v${ingress_nginx_version#v:-1.5.1}\
-        docker.io/labring/kubeblocks:v${kubeblocks_version#v:-0.6.2}\
+    sealos run ${image_registry}/${image_repository}/kubernetes-reflector:v${reflector_version#v:-7.0.151}\
+        ${image_registry}/${image_repository}/ingress-nginx:v${ingress_nginx_version#v:-1.5.1}\
+        ${image_registry}/${image_repository}/kubeblocks:v${kubeblocks_version#v:-0.6.2}\
         --config-file $CLOUD_DIR/ingress-nginx-config.yaml
 
-    sealos run "labring/metrics-server:v${metrics_server_version#v:-0.6.4}"
+    sealos run "${image_registry}/${image_repository}/metrics-server:v${metrics_server_version#v:-0.6.4}"
 
     get_prompt "patching_ingress"
     kubectl -n ingress-nginx patch ds ingress-nginx-controller -p '{"spec":{"template":{"spec":{"tolerations":[{"key":"node-role.kubernetes.io/control-plane","operator":"Exists","effect":"NoSchedule"}]}}}}'
@@ -342,22 +427,60 @@ EOF
 
     setMongoVersion
     if [[ -n "$tls_crt_base64" ]] || [[ -n "$tls_key_base64" ]]; then
-        sealos run docker.io/labring/sealos-cloud:latest\
+        sealos run ${image_registry}/${image_repository}/sealos-cloud:latest\
         --env cloudDomain="$cloud_domain"\
         --env cloudPort="${cloud_port:-443}"\
         --env mongodbVersion="${mongodb_version:-mongodb-5.0}"\
         --config-file $CLOUD_DIR/tls-secret.yaml
     else
-        sealos run docker.io/labring/sealos-cloud:latest\
+        sealos run ${image_registry}/${image_repository}/sealos-cloud:latest\
         --env cloudDomain="$cloud_domain"\
         --env cloudPort="${cloud_port:-443}"\
         --env mongodbVersion="${mongodb_version:-mongodb-5.0}"
     fi
 }
 
-# Main script execution
+for i in "$@"; do
+  case ${i,,} in
+  --image_registry=*) image_registry="${i#*=}"; shift ;;
+  --image_repository=*) image_repository="${i#*=}"; shift ;;
+  --kubernetes_version=*) kubernetes_version="${i#*=}"; shift ;;
+  --cilium_version=*) cilium_version="${i#*=}"; shift ;;
+  --cert_manager_version=*) cert_manager_version="${i#*=}"; shift ;;
+  --helm_version=*) helm_version="${i#*=}"; shift ;;
+  --openebs_version=*) openebs_version="${i#*=}"; shift ;;
+  --reflector_version=*) reflector_version="${i#*=}"; shift ;;
+  --ingress_nginx_version=*) ingress_nginx_version="${i#*=}"; shift ;;
+  --kubeblocks_version=*) kubeblocks_version="${i#*=}"; shift ;;
+  --metrics_server_version=*) metrics_server_version="${i#*=}"; shift ;;
+  --cloud_version=*) CLOUD_VERSION="${i#*=}"; shift ;;
+  --mongodb_version=*) mongodb_version="${i#*=}"; shift ;;
+  --master_ips=*) master_ips="${i#*=}"; shift ;;
+  --node_ips=*) node_ips="${i#*=}"; shift ;;
+  --ssh_private_key=*) ssh_private_key="${i#*=}"; shift ;;
+  --ssh_password=*) ssh_password="${i#*=}"; shift ;;
+  --pod_cidr=*) pod_cidr="${i#*=}"; shift ;;
+  --service_cidr=*) service_cidr="${i#*=}"; shift ;;
+  --cloud_domain=*) cloud_domain="${i#*=}"; shift ;;
+  --cloud_port=*) cloud_port="${i#*=}"; shift ;;
+  --cert_path=*) cert_path="${i#*=}"; shift ;;
+  --key_path=*) key_path="${i#*=}"; shift ;;
+  --single) single="y"; shift ;;
+  --zh | zh ) LANGUAGE="CN"; shift ;;
+  --en | en ) LANGUAGE="EN"; shift ;;
+  -c | --config) source ${i#*=} > /dev/null; shift ;;
+  -h | --help) HELP=true; shift ;;
+  -d | --debug) set -x; shift ;;
+  -*) echo "Unknown option $i"; exit 1 ;;
+  *) ;;
+  esac
+done
+
+[[ $HELP == "" ]] || get_prompt "usage"
+[[ $HELP == "" ]] || exit 0
+set_language
 init
-source $1 > /dev/null 2>&1 || collect_input
+collect_input
 prepare_configs
 execute_commands
 

From 345d2d99ebd9691495f49f1b10435bd28ca215e6 Mon Sep 17 00:00:00 2001
From: cuisongliu <cuisongliu@qq.com>
Date: Mon, 23 Oct 2023 11:42:45 +0800
Subject: [PATCH 08/10] refactor(main): fixed golang lint version (#4141)

Signed-off-by: cuisongliu <cuisongliu@qq.com>
---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 32f3e69d1c1..11601ebee4d 100755
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -71,6 +71,6 @@ jobs:
       - name: Run Linter
         uses: golangci/golangci-lint-action@v3
         with:
-          version: latest
+          version: v1.54.2
           working-directory: ${{ matrix.workdir }}
           args: "--out-${NO_FUTURE}format colored-line-number"

From 5057497fc2797c089367d14558a20bda83b0372d Mon Sep 17 00:00:00 2001
From: yy <56745951+lingdie@users.noreply.github.com>
Date: Mon, 23 Oct 2023 12:00:59 +0800
Subject: [PATCH 09/10] fix admin user label. (#4139)

Signed-off-by: yy <lingdie.yy@outlook.com>
---
 .../job/init/internal/util/controller/user.go | 28 ++++++++++++++-----
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/controllers/job/init/internal/util/controller/user.go b/controllers/job/init/internal/util/controller/user.go
index ee256745c31..07abf22216e 100644
--- a/controllers/job/init/internal/util/controller/user.go
+++ b/controllers/job/init/internal/util/controller/user.go
@@ -37,19 +37,33 @@ func newKubernetesClient() (client.Client, error) {
 	return c, nil
 }
 
+func newAdminUser(ctx context.Context, c client.Client) (*userv1.User, error) {
+	var u = &userv1.User{}
+	u.SetName(DefaultAdminUserName)
+	err := c.Get(ctx, client.ObjectKeyFromObject(u), u)
+	if err != nil {
+		if client.IgnoreNotFound(err) == nil {
+			// admin user exists
+			return u, nil
+		}
+		return nil, err
+	}
+	// admin user not exists
+	u.SetLabels(map[string]string{"uid": common.AdminUID(), "updateTime": time.Now().Format(time.RFC3339)})
+	return u, nil
+}
+
 func PresetAdminUser(ctx context.Context) error {
 	c, err := newKubernetesClient()
 	if err != nil {
 		return err
 	}
-	_, err = ctrl.CreateOrUpdate(ctx, c, &userv1.User{
-		ObjectMeta: ctrl.ObjectMeta{
-			Name:   DefaultAdminUserName,
-			Labels: map[string]string{"uid": common.AdminUID(), "updateTime": time.Now().Format(time.RFC3339)},
-		},
-	}, func() error { return nil })
+	adminUser, err := newAdminUser(ctx, c)
 	if err != nil {
 		return err
 	}
-	return nil
+	_, err = ctrl.CreateOrUpdate(ctx, c, adminUser, func() error {
+		return nil
+	})
+	return err
 }

From 93961f75fb5b16e72a51fae3fc191173f0034205 Mon Sep 17 00:00:00 2001
From: fengxsong <fengxsong@outlook.com>
Date: Mon, 23 Oct 2023 12:03:10 +0800
Subject: [PATCH 10/10] fix: --env not work during sealos run (#4140)

Signed-off-by: fengxsong <fengxsong@outlook.com>
---
 pkg/guest/guest.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/guest/guest.go b/pkg/guest/guest.go
index a7324c3fda9..03c22311fa5 100644
--- a/pkg/guest/guest.go
+++ b/pkg/guest/guest.go
@@ -43,7 +43,7 @@ func NewGuestManager() (Interface, error) {
 }
 
 func (d *Default) Apply(cluster *v2.Cluster, mounts []v2.MountImage, targetHosts []string) error {
-	envWrapper := env.NewEnvProcessor(cluster)
+	envGetter := env.NewEnvProcessor(cluster)
 	sshClient := ssh.NewCacheClientFromCluster(cluster, true)
 	execer, err := exec.New(sshClient)
 	if err != nil {
@@ -56,7 +56,7 @@ func (d *Default) Apply(cluster *v2.Cluster, mounts []v2.MountImage, targetHosts
 			eg, ctx := errgroup.WithContext(context.Background())
 			for j := range targetHosts {
 				node := targetHosts[j]
-				envs := envWrapper.Getenv(node)
+				envs := maps.Merge(m.Env, envGetter.Getenv(node))
 				cmds := formalizeImageCommands(cluster, i, m, envs)
 				eg.Go(func() error {
 					return execer.CmdAsyncWithContext(ctx, node,
@@ -69,7 +69,7 @@ func (d *Default) Apply(cluster *v2.Cluster, mounts []v2.MountImage, targetHosts
 			}
 		case m.IsApplication():
 			// on run on the first master
-			envs := envWrapper.Getenv(cluster.GetMaster0IP())
+			envs := maps.Merge(m.Env, envGetter.Getenv(cluster.GetMaster0IP()))
 			cmds := formalizeImageCommands(cluster, i, m, envs)
 			if err := execer.CmdAsync(cluster.GetMaster0IPAndPort(),
 				stringsutil.RenderShellWithEnv(strings.Join(cmds, "; "), envs),