第2关 K8S部署安装系统环境准备

环境准备"/>

第2关 K8S部署安装系统环境准备

------> 课程视频同步分享在今日头条和B站

下面是相关软件安装包及系统镜像下载地址

# VMware Workstation15
.5.6-16341506.exe
相关VMware15的安装KEY这块大家可以自行百度一下。# Ubuntu 22.04.3 LTS (Jammy Jellyfish)
# 服务器版
.04.3-live-server-amd64.iso
# 桌面版
.04.3-desktop-amd64.iso

Ubuntu-22.04阿里云源及相关注意事宜

# 配置阿里国内安装源
\cp /etc/apt/sources.list /etc/apt/sources.list_bak
cat > /etc/apt/sources.list <<CB
deb / jammy main restricted universe multiverse
deb-src / jammy main restricted universe multiversedeb / jammy-security main restricted universe multiverse
deb-src / jammy-security main restricted universe multiversedeb / jammy-updates main restricted universe multiverse
deb-src / jammy-updates main restricted universe multiverse# deb / jammy-proposed main restricted universe multiverse
# deb-src / jammy-proposed main restricted universe multiversedeb / jammy-backports main restricted universe multiverse
deb-src / jammy-backports main restricted universe multiverseCB
apt-get update# 设置静态IP及dns:
apt-get install vim -y# vim /etc/netplan/00-installer-config.yaml
network:version: 2renderer: networkdethernets:ens32:dhcp4: noaddresses:- 10.0.1.203/24gateway4: 10.0.1.2nameservers:addresses: [114.114.114.114, 223.5.5.5]netplan apply# ubuntu20.04 resolv.conf自动还原解决
apt install resolvconfvim /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5
nameserver 114.114.114.114systemctl restart resolvconf# 作为k8s的node节点，需要修改kubelet的配置解决此node节点上pod的DNS解析问题
vim /etc/systemd/system/kubelet.service 增加：
--resolv-conf=/run/systemd/resolve/resolv.conf# 安装openssh-server
apt-get install openssh-server -y# 开启root密码登陆
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'root:boge'|chpasswd
systemctl restart sshd && systemctl status sshd# 语言显示配置
echo 'export LANG=en_US.UTF-8'|tee -a ~/.bashrc && source ~/.bashrc

博哥整理好的快速初始化ubuntu系统脚本

#!/bin/bash
#  Control switch
#[[ "$1" != "" ]] && iptables_yn="$1" || iptables_yn='n'
iptables_yn="${1:-n}"# install ssh and configure
apt-get install openssh-server -y
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'root:bogeit'|chpasswd
systemctl restart sshd && systemctl status ssh -l --no-pager# Change apt-get source list
#  
ubuntuCodename=$(lsb_release -a 2>/dev/null|awk 'END{print $NF}')
\cp /etc/apt/sources.list{,_bak}
#sed -ri "s+archive.ubuntu+mirrors.aliyun+g" /etc/apt/sources.list# =a2c6h.13651102.0.0.3e221b11ev6YG5
#  ubuntu 22.04: jammy
#  ubuntu 20.04: focal
#  ubuntu 18.04: bionic
#  ubuntu 16.04: xenialecho "
deb / ${ubuntuCodename} main restricted universe multiverse
deb-src / ${ubuntuCodename} main restricted universe multiversedeb / ${ubuntuCodename}-security main restricted universe multiverse
deb-src / ${ubuntuCodename}-security main restricted universe multiversedeb / ${ubuntuCodename}-updates main restricted universe multiverse
deb-src / ${ubuntuCodename}-updates main restricted universe multiversedeb / ${ubuntuCodename}-backports main restricted universe multiverse
deb-src / ${ubuntuCodename}-backports main restricted universe multiverse" > /etc/apt/sources.listapt-get update# Install package
pkgList="curl wget unzip gcc swig automake make perl cpio git libmbedtls-dev libudns-dev libev-dev python-pip python3-pip lrzsz iftop nethogs nload htop ifstat iotop iostat vim" &&\
for Package in ${pkgList}; do apt-get -y install $Package;done
apt-get clean all# Custom profile
cat > /etc/profile.d/boge.sh << EOF
HISTSIZE=10000
HISTTIMEFORMAT="%F %T \$(whoami) "alias l='ls -AFhlt --color=auto'
alias lh='l | head'
alias ll='ls -l --color=auto'
alias ls='ls --color=auto'
alias vi=vimGREP_OPTIONS="--color=auto"
alias grep='grep --color'
alias egrep='egrep --color'
alias fgrep='fgrep --color'
EOFsed -i 's@^"syntax on@syntax on@' /etc/vim/vimrc# PS1
[ -z "$(grep ^PS1 ~/.bashrc)" ] && echo "PS1='\${debian_chroot:+(\$debian_chroot)}\\[\\e[1;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '" >> ~/.bashrc# history
[ -z "$(grep history-timestamp ~/.bashrc)" ] && echo "PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; });user=\$(whoami); echo \$(date \"+%Y-%m-%d %H:%M:%S\"):\$user:\`pwd\`/:\$msg ---- \$(who am i); } >> /tmp/\`hostname\`.\`whoami\`.history-timestamp'" >> ~/.bashrc# /etc/security/limits.conf
[ -e /etc/security/limits.d/*nproc.conf ] && rename nproc.conf nproc.conf_bk /etc/security/limits.d/*nproc.conf
[ -z "$(grep 'session required pam_limits.so' /etc/pam.d/common-session)" ] && echo "session required pam_limits.so" >> /etc/pam.d/common-session
sed -i '/^# End of file/,$d' /etc/security/limits.conf
cat >> /etc/security/limits.conf <<EOF
# End of file
* soft nproc 1000000
* hard nproc 1000000
* soft nofile 1000000
* hard nofile 1000000
root soft nproc 1000000
root hard nproc 1000000
root soft nofile 1000000
root hard nofile 1000000
EOFulimit -SHn 1000000# /etc/hosts
[ "$(hostname -i | awk '{print $1}')" != "127.0.0.1" ] && sed -i "s@127.0.0.1.*localhost@&\n127.0.0.1 $(hostname)@g" /etc/hosts# Set timezone
rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime# /etc/sysctl.conf
:<<BOGE
fs.file-max = 1000000
这个参数定义了系统中最大的文件句柄数。文件句柄是用于访问文件的数据结构。增加这个值可以提高系统同时打开文件的能力。fs.inotify.max_user_instances = 8192
inotify是Linux内核中的一个机制，用于监视文件系统事件。这个参数定义了每个用户可以创建的inotify实例的最大数量。net.ipv4.tcp_syncookies = 1
当系统遭受SYN洪水攻击时，启用syncookies可以防止系统资源被耗尽。SYN cookies是一种机制，用于在TCP三次握手中保护服务器端资源。net.ipv4.tcp_fin_timeout = 30
这个参数定义了TCP连接中，等待关闭的时间。当一端发送FIN信号后，等待对端关闭连接的超时时间。net.ipv4.tcp_tw_reuse = 1
启用该参数后，可以允许将TIME-WAIT状态的TCP连接重新用于新的连接。这可以减少系统中TIME-WAIT连接的数量。net.ipv4.ip_local_port_range = 1024 65000
这个参数定义了本地端口的范围，用于分配给发送请求的应用程序。它限制了可用于客户端连接的本地端口范围。net.ipv4.tcp_max_syn_backlog = 16384
这个参数定义了TCP连接请求的队列长度。当系统处理不及时时，超过该队列长度的连接请求将被拒绝。net.ipv4.tcp_max_tw_buckets = 6000
这个参数定义了系统同时保持TIME-WAIT状态的最大数量。超过这个数量的连接将被立即关闭。net.ipv4.route.gc_timeout = 100
这个参数定义了内核路由表清理的时间间隔，单位是秒。它影响路由缓存的生命周期。net.ipv4.tcp_syn_retries = 1
这个参数定义了在发送SYN请求后，等待对端回应的次数。超过指定次数后仍未响应，连接将被认为失败。net.ipv4.tcp_synack_retries = 1
这个参数定义了在发送SYN+ACK回应后，等待对端发送ACK的次数。超过指定次数后仍未收到ACK，连接将被认为失败。net.core.somaxconn = 32768
这个参数定义了监听队列的最大长度。当服务器正在处理的连接数超过此值时，新的连接请求将被拒绝。net.coredev_max_backlog = 32768
这个参数定义了网络设备接收队列的最大长度。当接收队列已满时，新的数据包将被丢弃。net.coredev_budget = 5000
这个参数定义了每个网络设备接收队列在每个时间间隔中可以处理的数据包数量。net.ipv4.tcp_timestamps = 0
禁用TCP时间戳。时间戳可以用于解决网络中的数据包乱序问题，但在高负载环境下可能会增加开销。net.ipv4.tcp_max_orphans = 32768
这个参数定义了系统中允许存在的最大孤立（没有关联的父连接）TCP连接数量。超过这个数量的孤立连接将被立即关闭。
BOGE[ -z "$(grep 'fs.file-max' /etc/sysctl.conf)" ] && cat >> /etc/sysctl.conf << EOF
fs.file-max = 1000000
fs.inotify.max_user_instances = 8192
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 32768
net.coredev_max_backlog = 32768
net.coredev_budget = 5000
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_max_orphans = 32768
EOF
sysctl -p# Normal display of Chinese in the text
apt-get -y install localesecho 'export LANG=en_US.UTF-8'|tee -a /etc/profile && source /etc/profilesed -i 's@^ACTIVE_CONSOLES.*@ACTIVE_CONSOLES="/dev/tty[1-2]"@' /etc/default/console-setup
#sed -i 's@^@#@g' /etc/init/tty[3-6].conf
locale-gen en_US.UTF-8
echo "en_US.UTF-8 UTF-8" > /var/lib/locales/supported.d/local
cat > /etc/default/locale << EOF
LANG=en_US.UTF-8
LANGUAGE=en_US:en
EOF
#sed -i 's@^@#@g' /etc/init/control-alt-delete.conf# Update time
which ntpdate || apt-get update;apt install ntpdate
ntpdate pool.ntp
[ ! -e "/var/spool/cron/crontabs/root" -o -z "$(grep ntpdate /var/spool/cron/crontabs/root 2>/dev/null)" ] && { echo "*/20 * * * * $(which ntpdate) pool.ntp > /dev/null 2>&1" >> /var/spool/cron/crontabs/root;chmod 600 /var/spool/cron/crontabs/root; }# iptables
if [ "${iptables_yn}" == 'y' ]; thenapt-get -y install debconf-utilsecho iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selectionsecho iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selectionsapt-get -y install iptables-persistentif [ -e "/etc/iptables/rules.v4" ] && [ -n "$(grep '^:INPUT DROP' /etc/iptables/rules.v4)" -a -n "$(grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/iptables/rules.v4)" -a -n "$(grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/iptables/rules.v4)" ]; thenIPTABLES_STATUS=yeselseIPTABLES_STATUS=nofiif [ "${IPTABLES_STATUS}" == "no" ]; thencat > /etc/iptables/rules.v4 << EOF
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:syn-flood - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
COMMIT
EOFfiFW_PORT_FLAG=$(grep -ow "dport ${ssh_port}" /etc/iptables/rules.v4)[ -z "${FW_PORT_FLAG}" -a "${ssh_port}" != "22" ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport ${ssh_port} -j ACCEPT@" /etc/iptables/rules.v4iptables-restore < /etc/iptables/rules.v4/bin/cp /etc/iptables/rules.v{4,6}sed -i 's@icmp@icmpv6@g' /etc/iptables/rules.v6ip6tables-restore < /etc/iptables/rules.v6ip6tables-save > /etc/iptables/rules.v6 
fi
service rsyslog restart
service ssh restart. /etc/profile
. ~/.bashrc# set ip and dns
validate_ip() {local ip_var_name=$1while true; doread -p "Input IP address($ip_var_name): " $ip_var_name# 检测是否为空if [ -z "${!ip_var_name}" ]; thenecho "Input is empty. Please try again."continuefi# 检测是否符合IP地址的格式if ! [[ ${!ip_var_name} =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; thenecho "Invalid IP address format. Please try again."continuefi# 输入符合要求，跳出循环breakdone
}# 调用函数并传递变量名作为参数
validate_ip "ip_address"
echo "IP address: $ip_address"validate_ip "ip_gateway"
echo "IP gateway: $ip_gateway"validate_ip "dns1_ip"
echo "Dns1 ip: $dns1_ip"validate_ip "dns2_ip"
echo "Dns2 ip: $dns2_ip"cat > /etc/netplan/00-installer-config.yaml << EOF
network:version: 2renderer: networkdethernets:ens32:dhcp4: falsedhcp6: falseaddresses:- ${ip_address}/24routes:- to: defaultvia: ${ip_gateway}nameservers:addresses: [${dns1_ip}, ${dns2_ip}]
EOFapt install resolvconf -ycat > /etc/resolvconf/resolv.conf.d/head << EOF
nameserver ${dns1_ip}
nameserver ${dns2_ip}
EOFsystemctl restart resolvconfecho "过个10秒左右的样子可以关闭终端，然后换成刚才输入的主机IP进行ssh登陆即可."
netplan apply

具体安装步骤跟着博哥的视频教程来操作吧！

------> 课程视频同步分享在今日头条和B站

开始第1关来获取后续关卡的装备吧。

安装ubuntu这类Linux发行版系统这块不算很复杂，作为想学习k8s的同学，是有必要打好Linux系统这些基本功的，相关安装教程视频可以在B站搜索下会有很多，我这里就不再重复写相关安装教程了。

这里我就先啰嗦两句…
看了下现在市面上很多k8s相关的视频教程，仅仅讲解安装就占去整个教程一半以上的时间，剩下真正企业生产实战的时间寥寥无几。
当然我这里并不是说这种方式有什么大问题，我只是根据我自己的快速学习及真实企业生产实践的经验来给大家做下分享，希望的是大家少走弯路，能更快速的在工作生产中上手使用k8s，将博哥讲的内容快速转换为自己的技术经验。
k8s的安装，我的工作生产实践经验是选取开源的二进制包的形式来安装，正所谓工欲善其事必先利其器，我们先用成熟的工具把符合生产标准的k8s集群给部署起来，边实战边理解k8s各个组成部分的原理，这样会达到事半功倍的效果，并且现在实际情况是各种云平台都推出了自家的k8s托管服务，你连搭建都不需要了，直接买机器它就帮你部署好了，直接用就行。这也好比你想开车，不一定非得自己先把车的所有组件及运行原理、还有维修手段都掌握了再买辆车开吧，估计人都没兴趣去开车了。真实生活中，大家大部分都是拿了驾照就直接去买车，开起来体验再说，在开的过程中，再慢慢学会了一些汽车的保养知识。
然后开始讲解工具安装步骤。。。

为什么要学习K8s呢？
k8s是容器编排管理平台，满足了大量使用docker容器的一切弊端，如果还非要说出为什么要学习掌握k8s，我只能说未来几年，k8s是基本所有互联网企业的技术平台会使用的技术，不会就只能被淘汰 或者拿不到自己满意的高薪。