diff --git a/docs/_posts/2024-02-01-debain-python-install.md b/docs/_posts/2024-02-01-debain-python-install.md
index 8a15bcc..16d27fd 100644
--- a/docs/_posts/2024-02-01-debain-python-install.md
+++ b/docs/_posts/2024-02-01-debain-python-install.md
@@ -40,6 +40,10 @@ make install
 # 选择合适的版本
 wget https://www.python.org/ftp/python/3.12.5/Python-3.12.5.tgz
 
+tar -zxvf Python3-3.12.5.tgz -C $HOME/workarea/modules
+
+cd $HOME/workarea/modules
+
 ./configure --prefix=/usr/local \
     --with-openssl=$HOME/workarea/modules/ssl \
     --with-openssl-rpath=$HOME/workarea/modules/ssl/lib \
@@ -58,3 +62,23 @@ alias py3="/usr/local/bin/python3"
 alias pip="/usr/local/bin/pip3"
 ```
 
+### 卸载 Python3
+
+``` bash
+# 清理 /usr/local/bin 目录
+sudo rm /usr/local/bin/2to3*
+sudo rm /usr/local/bin/pip*
+sudo rm /usr/local/bin/pydoc3*
+sudo rm /usr/local/bin/python*
+sudo rm /usr/local/bin/idle*
+
+# 清理 /usr/local/include 目录
+sudo rm -rf /usr/local/include/python3.12
+
+# 清理 /usr/local/lib 目录
+sudo rm /usr/local/lib/libpython3*
+sudo rm /usr/local/lib/python3*
+sudo rm -rf /usr/local/lib/python3*
+sudo rm -rf /usr/local/lib/pkgconfig
+```
+
diff --git a/docs/_posts/2025-01-05-k8s.md b/docs/_posts/2025-01-05-k8s.md
new file mode 100644
index 0000000..bf51eb8
--- /dev/null
+++ b/docs/_posts/2025-01-05-k8s.md
@@ -0,0 +1,211 @@
+---
+layout: post
+title: "K8s 运维"
+date: 2025-01-05 10:25:09 +0800
+categories: draft 
+---
+
+> - [K8s 组件介绍](https://kubernetes.io/zh-cn/docs/concepts/overview/components/)
+- [Kubernetes（K8s）安装](https://gitlab-k8s.xuxiaowei.com.cn/gitlab-k8s/docs/k8s/centos-install.html)
+
+### TODO
+
+安装命令未指明版本。
+
+### Ubuntu 24.04 通过 kubeadm 安装 K8s（v1.28.15）
+
+> [K8s 安装手册](https://v1-28.docs.kubernetes.io/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm/)
+
+#### 设置时区 
+
+保证各个节点的时间一致。
+
+``` bash
+sudo timedatectl set-timezone Asia/Shanghai
+```
+
+#### CRI 前置配置
+
+``` bash
+# Reference: https://v1-28.docs.kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/#install-and-configure-prerequisites
+# 转发 IPv4 并让 iptables 看到桥接流量
+
+# 设置开机加载 overlay、br_netfilter 内核模块
+cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
+overlay
+br_netfilter
+EOF
+# 立即加载 overlay、br_netfilter 内核模块
+sudo modprobe overlay
+sudo modprobe br_netfilter
+
+# 设置所需的 sysctl 参数，参数在重新启动后保持不变
+cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
+net.bridge.bridge-nf-call-iptables  = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+net.ipv4.ip_forward                 = 1
+EOF
+
+# 应用 sysctl 参数而不重新启动
+sudo sysctl --system
+```
+
+#### 安装 containerd
+
+> [Getting started with containerd](https://github.com/containerd/containerd/blob/main/docs/getting-started.md)
+
+``` bash
+# 安装 containerd
+wget https://github.com/containerd/containerd/releases/download/v1.7.24/containerd-1.7.24-linux-amd64.tar.gz
+sudo tar Cxzvf /usr/local containerd-1.6.2-linux-amd64.tar.gz
+
+# 安装 [runc](https://github.com/opencontainers/runc)
+# runc is a CLI tool for spawning and running containers on Linux according to the OCI specification.
+wget https://github.com/opencontainers/runc/releases/download/v1.2.3/runc.amd64
+sudo install -m 755 runc /usr/local/sbin/runc
+
+# 安装 cni 
+wget https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz
+sudo mkdir -p /opt/cni/bin
+sudo tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.6.1.tgz
+
+# 通过 systemd 管理 containerd 服务
+wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
+[ ! -d "/usr/local/lib/systemd/system/" ] && sudo mkdir -p /usr/local/lib/systemd/system/
+sudo mv containerd.service /usr/local/lib/systemd/system/
+sudo systemctl daemon-reload
+sudo systemctl enable --now containerd
+sudo systemctl restart containerd.service
+```
+
+##### 配置 containerd
+
+``` bash
+sudo containerd config default > config.toml
+sudo mv config.toml /etc/containerd/
+```
+
+`config.toml`修改下面几处内容。
+
+```
+# Reference: https://v1-28.docs.kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/#containerd-systemd
+# 139 行
+SystemdCgroup = true
+```
+
+```
+# 67 行
+sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.8"
+```
+
+```
+# 添加镜像地址
+[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
+    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
+        endpoint = ["https://docker.m.daocloud.io", "https://dockerproxy.com", "https://docker.mirrors.ustc.edu.cn", "https://docker.nju.edu.cn"]
+```
+
+
+#### 安装 kubelet、kubeadm 与 kubectl
+
+> [安装 kubeadm、kubelet 和 kubectl](https://v1-28.docs.kubernetes.io/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-kubeadm-kubelet-and-kubectl)
+
+``` bash
+sudo apt-get update
+# apt-transport-https 可能是一个虚拟包（dummy package）；如果是的话，你可以跳过安装这个包
+sudo apt-get install -y apt-transport-https ca-certificates curl gpg
+
+curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpG
+
+# 此操作会覆盖 /etc/apt/sources.list.d/kubernetes.list 中现存的所有配置。
+echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
+
+sudo apt-get update
+sudo apt-get install -y kubelet kubeadm kubectl
+sudo apt-mark hold kubelet kubeadm kubectl # 锁定版本，防止自动更新
+```
+
+#### 创建集群
+
+``` bash
+kubeadm init --image-repository=registry.aliyuncs.com/google_containers
+```
+
+#### 配置 kubectl
+
+``` bash
+mkdir -p $HOME/.kube
+sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+sudo chown $(id -u):$(id -g) $HOME/.kube/config
+```
+
+#### 配置 Calico
+
+> [Quickstart for Calico on Kubernetes](https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstart)
+
+``` bash
+kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.1/manifests/tigera-operator.yaml
+kubectl create -f custom-resources.yaml
+```
+
+`custom-resources.yaml`文件内容如下：
+``` yaml
+apiVersion: operator.tigera.io/v1
+kind: Installation
+metadata:
+  name: default
+spec:
+  # Configures Calico networking.
+  calicoNetwork:
+    ipPools:
+    - name: default-ipv4-ippool
+      blockSize: 26
+      cidr: 192.168.0.0/16
+      encapsulation: VXLANCrossSubnet
+      natOutgoing: Enabled
+      nodeSelector: all()
+---
+
+# This section configures the Calico API server.
+# For more information, see: https://docs.tigera.io/calico/latest/reference/installation/api#operator.tigera.io/v1.APIServer
+apiVersion: operator.tigera.io/v1
+kind: APIServer
+metadata:
+  name: default
+spec: {}
+```
+
+#### （可选）配置 alias
+
+``` bash
+echo "alias kp='kubectl get pods -A'
+alias kn='kubectl get nodes -A'
+alias k='kubectl'" >> $HOME/.my_profile
+```
+
+#### 加入集群
+
+``` bash
+# 在主节点获取加入集群命令
+kubeadm token create --print-join-command
+```
+
+#### 调试容器
+
+``` yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ubuntu
+  labels:
+    app: ubuntu
+spec:
+  containers:
+  - image: ubuntu
+    command:
+      - "sleep"
+      - "604800"
+    imagePullPolicy: IfNotPresent
+    name: ubuntu
+  restartPolicy: Always
+```
diff --git a/docs/_sass/minima/_layout.scss b/docs/_sass/minima/_layout.scss
index a93fb45..688a7bd 100644
--- a/docs/_sass/minima/_layout.scss
+++ b/docs/_sass/minima/_layout.scss
@@ -49,6 +49,8 @@
   // color: #BCC6D0;
   color: #F3EED4;
 
+  // font-family: "HiraMinProN-W6", "Source Han Serif CN", "Source Han Serif SC", "Source Han Serif TC", serif;
+
   &:hover {
     text-decoration: none;
     // color: #F3FED0;