搭建Ubuntu开发机器(docker + microk8s)
在Ubuntu上搭建基于docker+microk8s的开发环境
·
搭建Ubuntu开发机器
安装Ubuntu 22.04
- 下载安装镜像 https://ubuntu.com/download
- 安装USB启动盘写盘软件
~$ sudo apt update
~$ sudo apt install usb-creator-gtk
- 使用图形界面写盘
- 使用USB启动并按照提示安装
配置系统
安装中文输入法
- Settings -> Region & Language
- 重启系统*
- Settings -> Keyboard
配置APT
- 禁用自动更新
~$ cd /etc/apt/apt.conf.d
~$ cat 10periodic
APT::Periodic::Updat-Package-Lists "0";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Unattended-Upgrade "0";
~$ sudo systemctl stop unattended-upgrades
~$ sudo systemctl disable unattended-upgrades
// Optional
~$ sudo apt remove unattended-upgrades
- 设置mirror
~$ sudo sed -i "s@http://.*archive.ubuntu.com@https://mirrors.tuna.tsinghua.edu.cn@g" /etc/apt/sources.list
~$ sudo sed -i "s@http://.*security.ubuntu.com@https://mirrors.tuna.tsinghua.edu.cn@g" /etc/apt/sources.list
~$ sudo apt update
~$ sudo apt upgrade
配置Firefox(Privacy Settings)
- 略。请根据个人喜好配置
安装SDE工具
- Java & Maven
~$ sudo apt install openjdk-11-jdk # this includes the UI libs.
or
~$ sudo apt install openjdk-11-jdk-headless # this excludes the UI libs
~$ sudo apt install maven
~$ sudo nano -l /etc/profile.d/maven.sh
~$ cat /etc/profile.d/maven.sh
#!/usr/bin/env bash
export JAVA_HOME="/usr/lib/jvm/java-11-openjdk-amd64"
export M2_HOME="/usr/share/maven"
export MAVEN_HOME="/usr/share/maven"
~$ source /etc/profile.d/maven.sh
~$ mkdir -p ~/.m2
~$ cp ${MAVEN_HOME}/conf/settings.xml .
~$ cat ~/.m2/settings.xml
...
<mirrors>
<!-- mirror
| Specifies a repository mirror site to use instead of a given repository. The repository that
| this mirror serves has an ID that matches the mirrorOf element of this mirror. IDs are used
| for inheritance and direct lookup purposes, and must be unique across the set of mirrors.
|
<mirror>
<id>mirrorId</id>
<mirrorOf>repositoryId</mirrorOf>
<name>Human Readable Name for this Mirror.</name>
<url>http://my.repository.com/repo/path</url>
</mirror>
-->
<mirror>
<id>Ali</id>
<mirrorOf>central</mirrorOf>
<url>http://maven.aliyun.com/nexus/content/groups/public/</url>
</mirror>
<mirror>
<id>Huawei</id>
<mirrorOf>central</mirrorOf>
<url>https://mirror.huaweicloud.com/repository/maven/</url>
</mirror>
</mirrors>
...
~$ mvn help:system
Reference: https://www.cnblogs.com/wqlken/p/14090525.html
- Git
~$ sudo apt install git
~$ git config --global user.name user_a
~$ git config --global user.email a.user@company.com
~$ git config --global core.autocrlf input
~$ git config --global color.ui true
~$ git config --global gui.encoding utf-8
~$ git config --global push.default upstream
~$ git config --global core.excludesfile ~/.gitignore
- gitignore 内容( 参考: link )
# Ignore all venv mock directories
bin/
etc/
include/
lib/
lib64/
share/
venv/
# Ignore chroma sqlite files
*.bin
*.sqlite3
*.pickle
# Ignore PyCharm System Files
.idea/
# Ignore Python Caches
__pycache__/
# Generated binary folders
dist/
build/
*.egg-info/
# Jupyter Objects
.ipynb_checkpoints
- 调整gitignore
$ git add .
# make update to .gitignore
$ git rm -r --cached *
$ git add .
- Git Clone
# Using ssh
$ git clone <uid>@<git server host>:path/to/git/repo
# Using NFS
$ git clone /local/mount/point/for/git/repo
- Python
~$ sudo apt install python3-pip
~$ pip3 config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple
~$ pip3 config set global.trusted-host pypi.tuna.tsinghua.edu.cn
~$ pip3 config set global.timeout 120
安装运行环境
- ssh Server
~$ sudo apt install openssh-server # in 22.02, we no longer need to remove openssh-client
~$ sudo nano -l /etc/hosts
# make update to add all the nodes
~$ sudo nano -l /etc/ssh/sshd_config
# comment out the below line to disable ssh client timeout
ClientAliveInterval 0
~$ ssh-keygen -t rsa
~$ ssh-copy-id <user>@<node>
- Docker
~$ sudo apt install ca-certificates curl gnupg
~$ sudo mkdir -p /etc/apt/keyrings
~$ curl -fsSL https://get.docker.com -o get-docker.sh
~$ sudo sh get-docker.sh
# Executing docker install script, commit: e5543d473431b782227f8908005543bb4389b8de
+ sh -c apt-get update -qq >/dev/null
+ sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq apt-transport-https ca-certificates curl >/dev/null
+ sh -c install -m 0755 -d /etc/apt/keyrings
+ sh -c curl -fsSL "https://download.docker.com/linux/ubuntu/gpg" | gpg --dearmor --yes -o /etc/apt/keyrings/docker.gpg
+ sh -c chmod a+r /etc/apt/keyrings/docker.gpg
+ sh -c echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable" > /etc/apt/sources.list.d/docker.list
+ sh -c apt-get update -qq >/dev/null
+ sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin >/dev/null
+ sh -c docker version
Client: Docker Engine - Community
Version: 25.0.3
API version: 1.44
Go version: go1.21.6
Git commit: 4debf41
Built: Tue Feb 6 21:13:09 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 25.0.3
API version: 1.44 (minimum version 1.24)
Go version: go1.21.6
Git commit: f417435
Built: Tue Feb 6 21:13:09 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.28
GitCommit: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0
================================================================================
To run Docker as a non-privileged user, consider setting up the
Docker daemon in rootless mode for your user:
dockerd-rootless-setuptool.sh install
Visit https://docs.docker.com/go/rootless/ to learn about rootless mode.
To run the Docker daemon as a fully privileged service, but granting non-root
users access, refer to https://docs.docker.com/go/daemon-access/
WARNING: Access to the remote API on a privileged Docker daemon is equivalent
to root access on the host. Refer to the 'Docker daemon attack surface'
documentation for details: https://docs.docker.com/go/attack-surface/
================================================================================
~$ sudo usermod -aG docker $USER
~$ su - $USER # Open a new shell for the user, with updated group membership
~$ sudo chmod 666 /var/run/docker.sock
~$ sudo update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).
Selection Path Priority Status
------------------------------------------------------------
* 0 /usr/sbin/iptables-nft 20 auto mode
1 /usr/sbin/iptables-legacy 10 manual mode
2 /usr/sbin/iptables-nft 20 manual mode
Press <enter> to keep the current choice[*], or type selection number: 1
update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in manual mode
- 配置registry镜像
$ cd /etc/docker
$ sudo nano -l daemon.json
- 初始时文件不存在。创建并添加如下内容:
{
"registry-mirrors": ["http://hub-mirror.c.163.com"]
}
# 验证:
$ sudo systemctl restart docker
$ docker info
...
Registry Mirrors:
http://hub-mirror.c.163.com/
Live Restore Enabled: false
- Microk8s
~$ echo 'alias helm="microk8s helm3"' >> ~/.bashrc
~$ echo 'alias kubectl="microk8s kubectl"' >> ~/.bashrc
~$ echo 'alias k="microk8s kubectl"' >> ~/.bashrc
~$ echo 'net.ipv4.conf.all.route_localnet = 1' | sudo tee -a /etc/sysctl.conf
~$ sudo sysctl -p /etc/sysctl.conf
~$ sudo shutdown -r now
# After reboot
~$ sudo snap install microk8s --classic
microk8s (1.28/stable) v1.28.3 from Canonical instaslled
~$ sudo microk8s enable helm3
Infer repository core for addon helm3
Addon core/helm3 is already enabled
~$ sudo microk8s enable dns
Infer repository core for addon dns
Addon core/dns is already enabled
~$ sudo microk8s enable registry
Infer repository core for addon registry
Infer repository core for addon hostpath-storage
Enabling default storage class.
WARNING: Hostpath storage is not suitable for production environments.
A hostpath volume can grow beyond the size limit set in the volume claim manifest.
deployment.apps/hostpath-provisioner created
storageclass.storage.k8s.io/microk8s-hostpath created
serviceaccount/microk8s-hostpath created
clusterrole.rbac.authorization.k8s.io/microk8s-hostpath created
clusterrolebinding.rbac.authorization.k8s.io/microk8s-hostpath created
Storage will be available soon.
The registry will be created with the size of 20Gi.
Default storage class will be used.
namespace/container-registry created
persistentvolumeclaim/registry-claim created
deployment.apps/registry created
service/registry created
configmap/local-registry-hosting configured
~$ mkdir -p $HOME/.kube
~$ sudo microk8s config > $HOME/.kube/config
~$ cat $HOME/.kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0t...Cg==
server: https://192.168.<>.<>:16443
name: microk8s-cluster
contexts:
- context:
cluster: microk8s-cluster
user: admin
name: microk8s
current-context: microk8s
kind: Config
preferences: {}
users:
- name: admin
user:
client-certificate-data: LS0t...LS0K
client-key-data: LS0t...Cg==
~$ sed -i 's@\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}@127.0.0.1@g' $HOME/.kube/config
~$ cat $HOME/.kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0t...Cg==
server: https://127.0.0.1:16443
name: microk8s-cluster
contexts:
- context:
cluster: microk8s-cluster
user: admin
name: microk8s
current-context: microk8s
kind: Config
preferences: {}
users:
- name: admin
user:
client-certificate-data: LS0t...LS0K
client-key-data: LS0t...Cg==
~$ sudo adduser $USER microk8s
~$ su - $USER # Open a new shell for the user, with updated group membership
# Workaround for environments where access to k8s.io is limited
~$ docker search pause:3.7
~$ docker image pull qazwsxqwe123/pause:3.7
~$ docker image list
~$ docker image tag qazwsxqwe123/pause:3.7 registry.k8s.io/pause:3.7
~$ cd ~/Downloads
~$ docker save -o pause_3.7.tar registry.k8s.io/pause
~$ sudo microk8s ctr image import pause_3.7.tar
~$ microk8s status --wait-ready
microk8s is running
high-availability: no
datastore master nodes: 127.0.0.1:19001
datastore standby nodes: none
addons:
enabled:
dns # (core) CoreDNS
ha-cluster # (core) Configure high availability on the current node
helm # (core) Helm - the package manager for Kubernetes
helm3 # (core) Helm 3 - the package manager for Kubernetes
hostpath-storage # (core) Storage class; allocates storage from host directory
registry # (core) Private image registry exposed on localhost:32000
storage # (core) Alias to hostpath-storage add-on, deprecated
disabled:
cert-manager # (core) Cloud native certificate management
cis-hardening # (core) Apply CIS K8s hardening
community # (core) The community addons repository
dashboard # (core) The Kubernetes dashboard
gpu # (core) Automatic enablement of Nvidia CUDA
host-access # (core) Allow Pods connecting to Host services smoothly
ingress # (core) Ingress controller for external access
kube-ovn # (core) An advanced network fabric for Kubernetes
mayastor # (core) OpenEBS MayaStor
metallb # (core) Loadbalancer for your Kubernetes cluster
metrics-server # (core) K8s Metrics Server for API access to service metrics
minio # (core) MinIO object storage
observability # (core) A lightweight observability stack for logs, traces and metrics
prometheus # (core) Prometheus operator for monitoring and logging
rbac # (core) Role-Based Access Control for authorisation
rook-ceph # (core) Distributed Ceph storage using Rook
~$ microk8s stop # microk8s start
- 加入其他节点
controller $microk8s add-node
worker $microk8s join 192.168.1.230:25000/92b2db237428470dc4fcfc4ebbd9dc81/2c0cb3284b05
参考文档: Microk8s 官网
验收测试
~$ docker search agnhost:2.2
~$ docker image pull ninokop/agnhost:2.2
~$ docker image list
~$ docker image tag ninokop/agnhost:2.2 registry.k8s.io/e2e-test-images/agnhost:2.2
~$ docker image list
~$ cd ~/Downloads
~$ docker save -o agnhost2.2.tar registry.k8s.io/e2e-test-images/agnhost:2.2
~$ sudo microk8s ctr image import agnhost2.2.tar
~$ k create deployment hello-world-node --image=registry.k8s.io/e2e-test-images/agnhost:2.2 -- /agnhost netexec --http-port=8080
~$ k get pods
~$ k get deployments
~$ k get events
~$ k logs hello-world-node-69cf848f4b-jfp64
~$ k describe nodes
排错
无法访问pause 镜像导致 microk8s 无法启动
~$ k get nodes
NAME STATUS ROLES AGE VERSION
NODE_NAME NotReady <none> 7m4s v1.28.3
~$ k get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-77bd7c5b-qtnfb 0/1 Pending 0 8m15s
calico-node-r4s4l 0/1 Init:0/2 0 8m15s
coredns-864597b5fd-547h9 0/1 Pending 0 8m15s
hostpath-provisioner-7df77bc496-jl7nt 0/1 Pending 0 6m13s
animal@zoo:~$ k describe pod calico-node-r4s4l -n kube-system
Name: calico-node-r4s4l
Namespace: kube-system
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 8m46s default-scheduler Successfully assigned kube-system/calico-node-r4s4l to zoo
Warning FailedCreatePodSandBox 8m15s kubelet Failed to create pod sandbox: rpc error: code = DeadlineExceeded desc = failed to get sandbox image "registry.k8s.io/pause:3.7": failed to pull image "registry.k8s.io/pause:3.7": failed to pull and unpack image "registry.k8s.io/pause:3.7": failed to resolve reference "registry.k8s.io/pause:3.7": failed to do request: Head "https://us-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.7": dial tcp 64.233.188.82:443: i/o timeout
~$ docker search pause:3.7
~$ docker image pull qazwsxqwe123/pause:3.7
~$ docker image list
~$ docker image tag qazwsxqwe123/pause:3.7 registry.k8s.io/pause:3.7
~$ cd ~/Downloads
~$ docker save -o pause_3.7.tar registry.k8s.io/pause
~$ sudo microk8s ctr image import pause_3.7.tar
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
4
0- 0
已为社区贡献1条内容
所有评论(0)