k8s-docs/k8s/kevisual.cn/README.md

## 安装k3s 网络插件
### 安装k3s 同时禁用默认的traefik

```sh
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | \
INSTALL_K3S_MIRROR=cn \
K3S_KUBECONFIG_MODE="644" \
INSTALL_K3S_EXEC="server --disable=traefik " \
sh -
```
# 编辑服务文件
vim /etc/systemd/system/k3s.service

## 查看
journalctl -u k3s.service -f

### 安装有问题
https://chat.xiongxiao.me/s/10b9aefa-5ba5-45d6-ba2c-b80c638468f3


### 获取token

```sh
sudo cat /var/lib/rancher/k3s/server/node-token
```

## 换源

```sh
sudo vim /etc/rancher/k3s/registries.yaml
```

```sh
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
```

## let

# 将访问宿主机 80 端口的流量转发到 30080
```sh
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 30080
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 30443

# 别忘了保存规则（Ubuntu 下）
sudo apt install iptables-persistent
sudo netfilter-persistent save
```

## let 2

```sh
#回路
iptables -t nat -L PREROUTING -vn --line-numbers
###  删除
sudo iptables -t nat -D PREROUTING 1 2>/dev/null
sudo iptables -t nat -I PREROUTING 1 -p tcp --dport 443 -j DNAT --to-destination 118.196.32.29:30443


#去路（根据数据包判断顺序）
sudo iptables -t nat -L POSTROUTING -vn --line-numbers
## 删除
sudo iptables -t nat -D POSTROUTING 1
sudo iptables -t nat -A POSTROUTING -d 118.196.32.29 -p tcp --dport 30443 -j MASQUERADE


#强制刷新权限
sudo iptables -I FORWARD 1 -j ACCEPT
sudo netfilter-persistent save
```


```
CLUSTER_IP=$(kubectl get svc traefik -n traefik -o jsonpath='{.spec.clusterIP}')
echo "Traefik 的固定 ClusterIP 是: $CLUSTER_IP"
Traefik 的固定 ClusterIP 是: 10.43.131.173
```