cat > /etc/sysctl.d/k8s.conf <<-'EOF'
# 以下3个参数是containerd所依赖的内核参数
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv6.conf.all.disable_ipv6 = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF

sysctl --system

cat > /etc/modules-load.d/ipvs.conf <<-'EOF'
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF

cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak
cat >/etc/haproxy/haproxy.cfg<<"EOF"
global
 maxconn 2000
 ulimit-n 16384
 log 127.0.0.1 local0 err
 stats timeout 30s

defaults
 log global
 mode http
 option httplog
 timeout connect 5000
 timeout client 50000
 timeout server 50000
 timeout http-request 15s
 timeout http-keep-alive 15s


frontend monitor-in
 bind *:33305
 mode http
 option httplog
 monitor-uri /monitor

frontend k8s-controller
 bind 0.0.0.0:8443
 bind 127.0.0.1:8443
 mode tcp
 option tcplog
 tcp-request inspect-delay 5s
 default_backend k8s-controller


backend k8s-controller
 mode tcp
 option tcplog
 option tcp-check
 balance roundrobin
 default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
 server  k8s-controller01  192.168.109.111:6443 check
 server  k8s-controller02  192.168.109.112:6443 check
 server  k8s-controller03  192.168.109.113:6443 check
EOF

cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived

global_defs {
    router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh"
    interval 5 
    weight -5
    fall 2
    rise 1
}
vrrp_instance VI_1 {
    state controller
    # 注意网卡名
    interface ens33 
    mcast_src_ip 192.168.109.111
    virtual_router_id 51
    priority 100
    nopreempt
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        192.168.109.118
    }
    track_script {
      chk_apiserver 
} }

EOF

cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived

global_defs {
    router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh"
    interval 5 
    weight -5
    fall 2
    rise 1

}
vrrp_instance VI_1 {
    state BACKUP
    # 注意网卡名
    interface ens33
    mcast_src_ip 192.168.109.112
    virtual_router_id 51
    priority 80
    nopreempt
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        192.168.109.118
    }
    track_script {
      chk_apiserver 
} }

EOF

cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived

global_defs {
    router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh"
    interval 5 
    weight -5
    fall 2
    rise 1

}
vrrp_instance VI_1 {
    state BACKUP
    # 注意网卡名
    interface ens33
    mcast_src_ip 192.168.109.113
    virtual_router_id 51
    priority 50
    nopreempt
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        192.168.109.118
    }
    track_script {
      chk_apiserver 
} }

EOF

cat >  /etc/keepalived/check_apiserver.sh << EOF
#!/bin/bash

err=0
for k in \$(seq 1 3)
do
    check_code=\$(pgrep haproxy)
    if [[ \$check_code == "" ]]; then
        err=\$(expr \$err + 1)
        sleep 1
        continue
    else
        err=0
        break
    fi
done

if [[ \$err != "0" ]]; then
    echo "systemctl stop keepalived"
    /usr/bin/systemctl stop keepalived
    exit 1
else
    exit 0
fi
EOF

chmod +x /etc/keepalived/check_apiserver.sh

mkdir /script
cat > /script/copy_file.sh  <<-'EOF'
#!/bin/bash
# 通用文件分发脚本
# 用法: /script/copy_kubeconfig_certificate.sh [w|c|a] /path/to/file

# 节点分组
CONTROLLERS=("k8s-controller02" "k8s-controller03")
WORKERS=("k8s-worker01" "k8s-worker02")
ALL_NODES=("${CONTROLLERS[@]}" "${WORKERS[@]}")

# 参数检查
if [[ $# -ne 2 ]]; then
    echo "用法: $0 [w|c|a] /path/to/file"
    exit 1
fi

TARGET_GROUP=$1
SRC_FILE=$2

if [[ ! -f "$SRC_FILE" ]]; then
    echo "❌ 本地文件不存在: $SRC_FILE"
    exit 1
fi

# 目标节点选择
case "$TARGET_GROUP" in
    w)
        NODES=("${WORKERS[@]}")
        ;;
    c)
        NODES=("${CONTROLLERS[@]}")
        ;;
    a)
        NODES=("${ALL_NODES[@]}")
        ;;
    *)
        echo "❌ 无效参数: $TARGET_GROUP (必须是 w|c|a)"
        exit 1
        ;;
esac

# 提取目录和文件名
DST_DIR=$(dirname "$SRC_FILE")
FILENAME=$(basename "$SRC_FILE")

# 统计
SUCCESS_COUNT=0
FAIL_COUNT=0
FAILED_NODES=()

echo "开始分发文件: $SRC_FILE"
echo "目标节点组: $TARGET_GROUP"

# 循环节点
for node in "${NODES[@]}"; do
    echo ">>> 处理节点: $node"
    NODE_SUCCESS=true

    # 确保目标目录存在
    ssh "$node" "mkdir -p $DST_DIR"
    if [[ $? -ne 0 ]]; then
        echo "   [ERROR] 无法在 $node 上创建目录: $DST_DIR"
        NODE_SUCCESS=false
    else
        # 传输文件
        scp -q "$SRC_FILE" "$node:$DST_DIR/"
        if [[ $? -eq 0 ]]; then
            echo "   [OK] $FILENAME 已传输到 $node:$DST_DIR"
        else
            echo "   [ERROR] $FILENAME 传输到 $node 失败"
            NODE_SUCCESS=false
        fi
    fi

    # 节点统计
    if $NODE_SUCCESS; then
        ((SUCCESS_COUNT++))
    else
        ((FAIL_COUNT++))
        FAILED_NODES+=("$node")
    fi
done

# === 总结 ===
echo "======================"
echo "分发完成"
echo "成功节点数量: $SUCCESS_COUNT"
echo "失败节点数量: $FAIL_COUNT"

if [[ $FAIL_COUNT -gt 0 ]]; then
    echo "失败节点列表: ${FAILED_NODES[*]}"
fi
echo "======================"
EOF

chmod +x /script/copy_file.sh 

# 高可用集群输出信息
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of control-plane nodes running the following command on each as root:

  kubeadm join 192.168.109.118:8443 --token 690f18.ec60b9557b7da447 \
	--discovery-token-ca-cert-hash sha256:39a70eb8a4fa00f25311b4786b5b09cc2f9814d9eb787386f10fc3ca52abc755 \
	--control-plane --certificate-key 2f3df0f8ad1163cb5b16ad32d89548e49c1967094cc8ee0a0a590424f05968f2

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.109.118:8443 --token 690f18.ec60b9557b7da447 \
	--discovery-token-ca-cert-hash sha256:39a70eb8a4fa00f25311b4786b5b09cc2f9814d9eb787386f10fc3ca52abc755 
# 非高可用集群输出信息
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.109.111:6443 --token 690f18.ec60b9557b7da447 \
	--discovery-token-ca-cert-hash sha256:ff7e0992102cb0c5ef1036f4bdff0032ed181723d29b3d0d55712e77e13cd2c4

cd /software
cat > kubeadm-join-controller02.yaml << EOF
apiVersion: kubeadm.k8s.io/v1beta4
caCertPath: /etc/kubernetes/pki/ca.crt
discovery:
  bootstrapToken:
    apiServerEndpoint: 192.168.109.118:8443
    token: 690f18.ec60b9557b7da447
    caCertHashes:
    - "sha256:9bbc6899fbab9e6f22a11e01b9ba4c57b469fc96b468c72faab92f3b145bd86e"
    unsafeSkipCAVerification: true
  tlsBootstrapToken: 690f18.ec60b9557b7da447
kind: JoinConfiguration
controlPlane:
  localAPIEndpoint:
    advertiseAddress: "192.168.109.112"
    bindPort: 6443
  certificateKey: "1ada31aa513fdbd7116637880cc24a2bd299b1ec9be0d41b4bda4eb5fe099f84"
nodeRegistration:
  criSocket: unix:///run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  imagePullSerial: true
  name: k8s-controller02
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/control-plane
  kubeletExtraArgs:
  - name: "node-ip"
    value: "192.168.109.112"
timeouts:
  controlPlaneComponentHealthCheck: 4m0s
  discovery: 5m0s
  etcdAPICall: 2m0s
  kubeletHealthCheck: 4m0s
  kubernetesAPICall: 1m0s
  tlsBootstrap: 5m0s
  upgradeManifests: 5m0s
EOF

kubeadm join --config=kubeadm-join-controller02.yaml

cd /software
cat > kubeadm-join-controller03.yaml << EOF
apiVersion: kubeadm.k8s.io/v1beta4
caCertPath: /etc/kubernetes/pki/ca.crt
discovery:
  bootstrapToken:
    apiServerEndpoint: 192.168.109.118:8443
    token: 690f18.ec60b9557b7da447
    caCertHashes:
    - "sha256:9bbc6899fbab9e6f22a11e01b9ba4c57b469fc96b468c72faab92f3b145bd86e"
    unsafeSkipCAVerification: true
  tlsBootstrapToken: 690f18.ec60b9557b7da447
kind: JoinConfiguration
controlPlane:
  localAPIEndpoint:
    advertiseAddress: "192.168.109.113"
    bindPort: 6443
  certificateKey: "1ada31aa513fdbd7116637880cc24a2bd299b1ec9be0d41b4bda4eb5fe099f84"
nodeRegistration:
  criSocket: unix:///run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  imagePullSerial: true
  name: k8s-controller03
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/control-plane
  kubeletExtraArgs:
  - name: "node-ip"
    value: "192.168.109.113"
timeouts:
  controlPlaneComponentHealthCheck: 4m0s
  discovery: 5m0s
  etcdAPICall: 2m0s
  kubeletHealthCheck: 4m0s
  kubernetesAPICall: 1m0s
  tlsBootstrap: 5m0s
  upgradeManifests: 5m0s
EOF

kubeadm join --config=kubeadm-join-controller03.yaml

cd /software
cat > kubeadm-join-worker01.yaml << EOF
apiVersion: kubeadm.k8s.io/v1beta4
caCertPath: /etc/kubernetes/pki/ca.crt
discovery:
  bootstrapToken:
    apiServerEndpoint: 192.168.109.118:8443
    token: 690f18.ec60b9557b7da447
    caCertHashes:
    - "sha256:39a70eb8a4fa00f25311b4786b5b09cc2f9814d9eb787386f10fc3ca52abc755"
    unsafeSkipCAVerification: true
  tlsBootstrapToken: 690f18.ec60b9557b7da447
kind: JoinConfiguration
nodeRegistration:
  criSocket: unix:///run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  imagePullSerial: true
  name: k8s-worker01
  taints: null
  kubeletExtraArgs:
  - name: "node-ip"
    value: "192.168.109.114"
timeouts:
  controlPlaneComponentHealthCheck: 4m0s
  discovery: 5m0s
  etcdAPICall: 2m0s
  kubeletHealthCheck: 4m0s
  kubernetesAPICall: 1m0s
  tlsBootstrap: 5m0s
  upgradeManifests: 5m0s
EOF

kubeadm join --config=kubeadm-join-worker01.yaml

cd /software
cat > kubeadm-join-worker02.yaml << EOF
apiVersion: kubeadm.k8s.io/v1beta4
caCertPath: /etc/kubernetes/pki/ca.crt
discovery:
  bootstrapToken:
    apiServerEndpoint: 192.168.109.118:8443
    token: 690f18.ec60b9557b7da447
    caCertHashes:
    - "sha256:39a70eb8a4fa00f25311b4786b5b09cc2f9814d9eb787386f10fc3ca52abc755"
    unsafeSkipCAVerification: true
  tlsBootstrapToken: 690f18.ec60b9557b7da447
kind: JoinConfiguration
nodeRegistration:
  criSocket: unix:///run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  imagePullSerial: true
  name: k8s-worker02
  taints: null
  kubeletExtraArgs:
  - name: "node-ip"
    value: "192.168.109.115"
timeouts:
  controlPlaneComponentHealthCheck: 4m0s
  discovery: 5m0s
  etcdAPICall: 2m0s
  kubeletHealthCheck: 4m0s
  kubernetesAPICall: 1m0s
  tlsBootstrap: 5m0s
  upgradeManifests: 5m0s
EOF

kubeadm join --config=kubeadm-join-worker02.yaml

cat > /script/copy_file.sh  <<-'EOF'
#!/bin/bash
# 通用文件分发脚本
# 用法: /script/copy_kubeconfig_certificate.sh [w|c|a] /path/to/file

# 节点分组
CONTROLLERS=("k8s-controller02" "k8s-controller03")
WORKERS=("k8s-worker01" "k8s-worker02")
ALL_NODES=("${CONTROLLERS[@]}" "${WORKERS[@]}")

# 参数检查
if [[ $# -ne 2 ]]; then
    echo "用法: $0 [w|c|a] /path/to/file"
    exit 1
fi

TARGET_GROUP=$1
SRC_FILE=$2

if [[ ! -f "$SRC_FILE" ]]; then
    echo "❌ 本地文件不存在: $SRC_FILE"
    exit 1
fi

# 目标节点选择
case "$TARGET_GROUP" in
    w)
        NODES=("${WORKERS[@]}")
        ;;
    c)
        NODES=("${CONTROLLERS[@]}")
        ;;
    a)
        NODES=("${ALL_NODES[@]}")
        ;;
    *)
        echo "❌ 无效参数: $TARGET_GROUP (必须是 w|c|a)"
        exit 1
        ;;
esac

# 提取目录和文件名
DST_DIR=$(dirname "$SRC_FILE")
FILENAME=$(basename "$SRC_FILE")

# 统计
SUCCESS_COUNT=0
FAIL_COUNT=0
FAILED_NODES=()

echo "开始分发文件: $SRC_FILE"
echo "目标节点组: $TARGET_GROUP"

# 循环节点
for node in "${NODES[@]}"; do
    echo ">>> 处理节点: $node"
    NODE_SUCCESS=true

    # 确保目标目录存在
    ssh "$node" "mkdir -p $DST_DIR"
    if [[ $? -ne 0 ]]; then
        echo "   [ERROR] 无法在 $node 上创建目录: $DST_DIR"
        NODE_SUCCESS=false
    else
        # 传输文件
        scp -q "$SRC_FILE" "$node:$DST_DIR/"
        if [[ $? -eq 0 ]]; then
            echo "   [OK] $FILENAME 已传输到 $node:$DST_DIR"
        else
            echo "   [ERROR] $FILENAME 传输到 $node 失败"
            NODE_SUCCESS=false
        fi
    fi

    # 节点统计
    if $NODE_SUCCESS; then
        ((SUCCESS_COUNT++))
    else
        ((FAIL_COUNT++))
        FAILED_NODES+=("$node")
    fi
done

# === 总结 ===
echo "======================"
echo "分发完成"
echo "成功节点数量: $SUCCESS_COUNT"
echo "失败节点数量: $FAIL_COUNT"

if [[ $FAIL_COUNT -gt 0 ]]; then
    echo "失败节点列表: ${FAILED_NODES[*]}"
fi
echo "======================"
EOF
chmod +x /script/copy_file.sh 

cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: busybox
  namespace: default
spec:
  containers:
  - name: busybox
    image: docker.m.daocloud.io/library/busybox:1.28
    command:
      - sleep
      - "3600"
    imagePullPolicy: IfNotPresent
  restartPolicy: Always
EOF

cat<<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: docker.m.daocloud.io/nginx
        ports:
        - containerPort: 80
EOF

for name in $(kubectl get svc -n kube-system|awk 'NR != 1{print $1}'); do
    echo  -------------"$name".kube-system：-------------
    kubectl exec  busybox  -- nslookup "$name".kube-system
    echo
    echo
done

# 输出信息
-------------coredns.kube-system：-------------
Server:    10.96.0.10
Address 1: 10.96.0.10 coredns.kube-system.svc.cluster.local

Name:      coredns.kube-system
Address 1: 10.96.0.10 coredns.kube-system.svc.cluster.local


-------------metrics-server.kube-system：-------------
Server:    10.96.0.10
Address 1: 10.96.0.10 coredns.kube-system.svc.cluster.local

Name:      metrics-server.kube-system
Address 1: 10.96.23.63 metrics-server.kube-system.svc.cluster.local

telnet 10.96.0.1 443
telnet 10.96.0.10 53
curl 10.96.0.10:53
# 输出信息
Trying 10.96.0.1...
Connected to 10.96.0.1.
Escape character is '^]'.
Connection closed by foreign host.
Trying 10.96.0.10...
Connected to 10.96.0.10.
Escape character is '^]'.
Connection closed by foreign host.
curl: (52) Empty reply from server

cat > /script/network_test.sh <<-'EOF'
#!/bin/bash

# 颜色定义
GREEN=$'\033[32m'
RED=$'\033[31m'
BLUE=$'\033[34m'
YELLOW=$'\033[33m'
RESET=$'\033[0m'

MAX_NAME_LEN=30

# 参数判断：a 表示测试全部命名空间，否则只测试 default
ALL_NS=false
if [ "$1" == "a" ]; then
    ALL_NS=true
fi

# 获取 busybox pod
if $ALL_NS; then
    busybox_info=$(kubectl get po -A -o json | jq -r '
    .items[] | select(.metadata.name=="busybox") |
    "\(.metadata.namespace)\t\(.status.podIP)\t\(.spec.nodeName)"' | shuf -n1)
else
    busybox_info=$(kubectl get po -n default -o json | jq -r '
    .items[] | select(.metadata.name=="busybox") |
    "\(.metadata.namespace)\t\(.status.podIP)\t\(.spec.nodeName)"' | shuf -n1)
fi

if [ -z "$busybox_info" ]; then
    echo "未找到 busybox pod"
    exit 1
fi

IFS=$'\t' read -r ns busybox_ip busybox_node <<< "$busybox_info"

echo ""
echo "busybox 命名空间: $ns"
echo -e "busybox IP: ${BLUE}$busybox_ip${RESET}"
echo -e "busybox 所在 Node: ${YELLOW}$busybox_node${RESET}"
echo ""

# 获取目标 Pod
if $ALL_NS; then
    targets=$(kubectl get po -A -o json | jq -r --arg bn "$busybox_node" '
    .items[] | select(.status.podIP != null) |
    select(.status.podIP | test("^172\\.")) |
    select(.spec.nodeName != $bn) |
    "\(.metadata.namespace)\t\(.metadata.name)\t\(.status.podIP)\t\(.spec.nodeName)"')
else
    targets=$(kubectl get po -n default -o json | jq -r --arg bn "$busybox_node" '
    .items[] | select(.status.podIP != null) |
    select(.status.podIP | test("^172\\.")) |
    select(.spec.nodeName != $bn) |
    "\(.metadata.namespace)\t\(.metadata.name)\t\(.status.podIP)\t\(.spec.nodeName)"')
fi

if [ -z "$targets" ]; then
    echo "未找到同网段但不同节点的 Pod"
    exit 0
fi

total=0
reachable=0
unreachable_list=()

# 遍历目标 Pod
while IFS=$'\t' read -r target_ns target_name target_ip target_node; do
    [ -z "$target_ip" ] && continue
    total=$((total+1))
    [ ${#target_name} -gt $MAX_NAME_LEN ] && target_name="${target_name:0:$MAX_NAME_LEN}..."

    if kubectl exec -n "$ns" busybox -- ping -c 2 -W 1 "$target_ip" &> /dev/null; then
        status="${GREEN}[OK]${RESET}"
        reachable=$((reachable+1))
    else
        status="${RED}[NG]${RESET}"
        unreachable_list+=("$target_ns/$target_name/$target_ip")
    fi

    # 单行显示
    echo -e "命名空间: $target_ns | Pod 名称: $target_name | IP: $target_ip | Node: $target_node | 状态: $status"
done <<< "$targets"

# 输出统计信息
echo ""
echo "本次共找到 Pod 数量为：$total"
echo "其中网络可达数量为：$reachable"
if [ ${#unreachable_list[@]} -gt 0 ]; then
    echo "不可达的 Pod 分别为："
    for pod_info in "${unreachable_list[@]}"; do
        echo "  $pod_info"
    done
fi

exit 0

EOF

chmod +x /script/network_test.sh
/script/network_test.sh