diff --git a/apps/cert-manager/helmchart-dnspod.yaml b/apps/cert-manager/helmchart-dnspod.yaml
index 3641931..dc7d769 100644
--- a/apps/cert-manager/helmchart-dnspod.yaml
+++ b/apps/cert-manager/helmchart-dnspod.yaml
@@ -1,5 +1,4 @@
-# 需要提前安装crds
-# kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml
+# 安装后需要将clusterIssuer的cnameStrategy策略设置为Follow
 apiVersion: helm.cattle.io/v1
 kind: HelmChart
 metadata:
diff --git a/apps/postgresql-ha/helmchart.yaml b/apps/postgresql-ha/helmchart.yaml
index d9b9b4e..22116ec 100644
--- a/apps/postgresql-ha/helmchart.yaml
+++ b/apps/postgresql-ha/helmchart.yaml
@@ -7,31 +7,34 @@ spec:
   chart: oci://registry-1.docker.io/bitnamicharts/postgresql-ha
   targetNamespace: infra-data
   valuesContent: |-
-    tolerations:
-    - key: "node-role.kubernetes.io/master"
-      operator: "Exists"
-      effect: "NoSchedule"
     global:
       postgresql:
         username: rohow
         password: L#GRtTR2QuL@20pm6+c~
     postgresql:
       image:
-        debug: true
+        debug: false
       postgresPassword: L#GRtTR2QuL@20pm6+c~
       nodeAffinityPreset:
         type: "hard"
         key: "topology.kubernetes.io/region"
         values:
         - "cn-sh"
+      tolerations:
+      - key: "node-role.kubernetes.io/master"
+        operator: "Exists"
+        effect: "NoSchedule"
     pgpool:
       image:
-        debug: true
+        debug: false
       nodeAffinityPreset:
         type: "hard"
         key: "topology.kubernetes.io/region"
         values:
         - "cn-sh"
-    
+      tolerations:
+      - key: "node-role.kubernetes.io/master"
+        operator: "Exists"
+        effect: "NoSchedule"
         
     
\ No newline at end of file
diff --git a/core/traefik/certs/certificate-dev-cm.yaml b/certs/certificate-dev-cm.yaml
similarity index 100%
rename from core/traefik/certs/certificate-dev-cm.yaml
rename to certs/certificate-dev-cm.yaml
diff --git a/core/traefik/certs/certificate-fillcode-com.yaml b/certs/certificate-fillcode-com.yaml
similarity index 100%
rename from core/traefik/certs/certificate-fillcode-com.yaml
rename to certs/certificate-fillcode-com.yaml
diff --git a/core/traefik/helmchartconfig.yaml b/core/traefik/helmchartconfig.yaml
index ee4ac51..06856c5 100644
--- a/core/traefik/helmchartconfig.yaml
+++ b/core/traefik/helmchartconfig.yaml
@@ -18,6 +18,10 @@ spec:
     - key: "node-role.kubernetes.io/master"
       operator: "Exists"
       effect: "NoSchedule"
+    updateStrategy:
+      rollingUpdate:
+        maxUnavailable: 1
+        maxSurge: 0
     deployment:
       kind: DaemonSet
       dnsPolicy: None
@@ -46,8 +50,9 @@ spec:
         port: 8022
         expose: true
         exposedPort: 22
-        
-    updateStrategy:
-      rollingUpdate:
-        maxUnavailable: 1
-        maxSurge: 0
\ No newline at end of file
+    experimental:
+      plugins:
+        enabled: true
+        souin:
+          moduleName: github.com/darkweak/souin
+          version: v1.6.47
\ No newline at end of file
diff --git a/install/README.md b/install/README.md
index 272d626..72aff88 100644
--- a/install/README.md
+++ b/install/README.md
@@ -1,5 +1,7 @@
 ### 替换hostname
-hostnamectl set-hostname node && reboot
+export HOSTNAME=node
+hostnamectl set-hostname $HOSTNAME && reboot
+vim /etc/hosts
 
 ### 安装tailscale
 curl -fsSL https://tailscale.com/install.sh | sh
@@ -8,21 +10,22 @@ curl -fsSL https://tailscale.com/install.sh | sh
 tailscale set --auto-update
 
 ### 开启ip转发
-echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
-echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
-sudo sysctl -p /etc/sysctl.d/99-tailscale.conf
+echo 'net.ipv4.ip_forward = 1' | tee -a /etc/sysctl.d/99-tailscale.conf
+echo 'net.ipv6.conf.all.forwarding = 1' | tee -a /etc/sysctl.d/99-tailscale.conf
+sysctl -p /etc/sysctl.d/99-tailscale.conf
 
 ### 新建目录 将不同节点类型的config写入
-mkdir -p /etc/rancher/k3s && nano /etc/rancher/k3s/config.yaml
+mkdir -p /etc/rancher/k3s && vim /etc/rancher/k3s/config.yaml
 
 ### 安装k3s 此处注意安装类型 是server 还是 agent
 curl -sfL https://get.k3s.io | \
+  INSTALL_K3S_VERSION=v1.28.8 \
   INSTALL_K3S_MIRROR=cn  \
   sh -s - server
 
 ### 国内安装加速 & 镜像加速地址
 https://rancher-mirror.rancher.cn/k3s/k3s-install.sh
-nano /etc/rancher/k3s/registries.yaml
+vim /etc/rancher/k3s/registries.yaml
 
 ### 查看serverToken 记得在config中替换最新的token
 cat /var/lib/rancher/k3s/server/node-token
diff --git a/install/agent.config.yaml b/install/agent.config.yaml
index 4be797b..3959c9a 100644
--- a/install/agent.config.yaml
+++ b/install/agent.config.yaml
@@ -1,10 +1,10 @@
 # worker 工作节点
 server: "https://k3s.dev.cm:6443"
-token: "K10cdbe82226583b6e0c8f80c203f3a2d79580aaf9c2f61d0aebea4a28c1ff3897f::server:35e7d0dc0b8c2427fdb42bb90bb85d5a"
+token: "K1012101b9ab5a404897d6a0530f9dac014b571b374251e3741c95fd74e86cee2e5::server:97760133590f01e7a94ab320dfdbfe96"
 
 # 网络相关
 vpn-auth: "name=tailscale,joinKey=tskey-auth-ksJXXH4CNTRL-4WRkX448yC6W6yhytK1FD68HMDK4zStw"
 
 # 节点相关
-# 保留节点资源 根据节点做不同配置 如不需要可以注释掉
-kubelet-arg:  kube-reserved=cpu=5000
\ No newline at end of file
+# 保留节点资源 根据节点做不同配置
+# kubelet-arg:  kube-reserved=cpu=5000
\ No newline at end of file
diff --git a/install/master.config.yaml b/install/master.config.yaml
index e43edc4..618c117 100644
--- a/install/master.config.yaml
+++ b/install/master.config.yaml
@@ -1,6 +1,6 @@
 # server 从节点
 server: "https://tca:6443"
-token: "K10cdbe82226583b6e0c8f80c203f3a2d79580aaf9c2f61d0aebea4a28c1ff3897f::server:35e7d0dc0b8c2427fdb42bb90bb85d5a"
+token: "K1012101b9ab5a404897d6a0530f9dac014b571b374251e3741c95fd74e86cee2e5::server:97760133590f01e7a94ab320dfdbfe96"
 tls-san:
   - "k3s.dev.cm,k3s.fillcode.com"