安装 K3S 集群依赖

# 载入
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
# 升级
rpm -Uvh https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
# 安装
yum --disablerepo=\* --enablerepo=elrepo-kernel install kernel-ml -y
# 修改启动顺序
sed -i 's/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/g' /etc/default/grub
# 重新生成grub配置文件
grub2-mkconfig -o /boot/grub2/grub.cfg
# 删除旧工具包
yum remove -y kernel-tools-libs.x86_64 kernel-tools.x86_64
# 安装新工具包
yum --disablerepo=\* --enablerepo=elrepo-kernel install -y kernel-ml-tools.x86_64
# 重启
reboot

curl -fsSL https://get.docker.com | sh
# 国内使用镜像（一）
curl -fsSL https://get.docker.com | sh -s - --mirror Aliyun
# 国内使用镜像（二）
curl -fsSL https://get.daocloud.io/docker | sh
# 查看版本
docker version

# 下载最新发行版
kubectl_latest=$(curl -fsSL https://dl.k8s.io/release/stable.txt)
curl -fsSLO https://dl.k8s.io/release/$kubectl_latest/bin/linux/amd64/kubectl
# 下载 kubectl 校验和文件（可选）
curl -fsSLO https://dl.k8s.io/$kubectl_latest/bin/linux/amd64/kubectl.sha256
# 基于校验和文件，验证 kubectl 的可执行文件（可选）
echo \"$(cat kubectl.sha256) kubectl\" | sha256sum --check
# 安装 kubectl
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
# 查看版本
kubectl version --client --output=yaml

# 如果上面下载不动，尝试下面的命令
wget https://grstatic.oss-cn-shanghai.aliyuncs.com/binary/kubectl -O /usr/bin/kubectl
chmod +x /usr/bin/kubectl
kubectl version --client --output=yaml

yum install epel-release https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm -y
yum install yum-plugin-elrepo -y
yum install kmod-wireguard wireguard-tools -y
# 查看版本
wg --version

lt_version=$(curl --connect-timeout 5 -m 5 -fsSL https://api.github.com/repos/Mirantis/cri-dockerd/releases/latest | grep -oP 'tag_name": "v\K[\d.]+' || echo "0.2.3")
releases_url="https://github.com/Mirantis/cri-dockerd/releases"
# 国内镜像
# releases_url="https://hub.fastgit.xyz/Mirantis/cri-dockerd/releases"
raw_url="https://raw.githubusercontent.com"
# 国内镜像
# raw_url="https://raw.fastgit.org"

# 如果指定版本，替换下面的 $lt_version
wget $releases_url/download/v$lt_version/cri-dockerd-$lt_version.amd64.tgz -O cri-dockerd.tgz
tar -xvf cri-dockerd.tgz
cp ./cri-dockerd/cri-dockerd /usr/local/bin/
wget $raw_url/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.service
wget $raw_url/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.socket
cp -a cri-docker.* /etc/systemd/system/
sed -i -e 's,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,' /etc/systemd/system/cri-docker.service
systemctl daemon-reload
systemctl enable --now cri-docker.service
systemctl enable --now cri-docker.socket
# 查看版本
cri-dockerd --version
systemctl status cri-docker
systemctl status cri-docker.socket

curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
# 国内镜像
# curl https://raw.fastgit.org/helm/helm/main/scripts/get-helm-3 | bash
# Or
wget https://pkg.goodrain.com/pkg/helm && chmod +x helm && mv helm /usr/local/bin/
# Or
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

# Or 安装v3.9.0
# 如果访问 get.helm.sh 失败，可以使用下面备份链接
# https://aliuq.oss-cn-beijing.aliyuncs.com/helm-v3.9.0-linux-amd64.tar.gz
curl -sfO https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz
tar -zxvf helm-v3.9.0-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/helm

# latest
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
# Or stable
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
# Or alpha
helm repo add rancher-alpha https://releases.rancher.com/server-charts/alpha
# 国内，<CHART_REPO> 替换为 latest，stable或alpha
helm repo add rancher-<CHART_REPO> http://rancher-mirror.oss-cn-beijing.aliyuncs.com/server-charts/<CHART_REPO>

# containerd
curl -sfL https://get.k3s.io | sh
# 1.23 docker
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="v1.23.9+k3s1" sh - -s - --docker

# 国内镜像，修改对应地址
curl -sfL https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh

# 如果你手动安装了CRD，而不是在Helm安装命令中添加了`--set installCRDs=true`选项，你应该在升级Helm chart之前升级CRD资源。
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.8.2/cert-manager.crds.yaml

# 添加 Jetstack Helm 仓库
helm repo add jetstack https://charts.jetstack.io

# 更新本地 Helm chart 仓库缓存
helm repo update

# 安装 cert-manager Helm chart
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.5.1 --set startupapicheck.timeout=5m

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.8.2

# 查看
kubectl get pods --namespace cert-manager
# 卸载
helm --namespace cert-manager delete cert-manager && kubectl delete namespace cert-manager

kubectl create namespace cattle-system
# 修改 hostname 为自己的域名
helm install rancher rancher-latest/rancher \
  --namespace cattle-system \
  --set hostname=rancher.my.domain \
  --set replicas=1
# 等待 Rancher 运行
kubectl -n cattle-system rollout status deploy/rancher

vi /etc/systemd/system/k3s.service
# 将 --disable traefik 添加到 ExecStart 下，重启 k3s
systemctl daemon-reload && systemctl restart k3s

# 先卸载
kubectl delete -f /var/lib/rancher/k3s/server/manifests/traefik.yaml

# helm 安装
helm upgrade --install ingress-nginx ingress-nginx \
  --repo https://kubernetes.github.io/ingress-nginx \
  --namespace ingress-nginx --create-namespace

# kubectl 安装
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml