kubeedge 1.8.1 安装部署

1.准备环境(k8s已经安装完成)

k8s安装参考：https://www.cnblogs.com/breg/p/18502675

角色	IP
master1,node1	10.167.47.12
master2,node2	10.167.47.24
master3,node3	10.167.47.25
edge	10.167.47.22
VIP（虚拟ip）	10.167.47.86

2.安装keadm（按需修改版本号这里安装1.8.1）

 

1.部署MetalLB(可选)

主要目的是开放端口出来，否则无法边端无法使用ip端口加入

kubectl edit configmap -n kube-system kube-proxy

 

#部署metallb

kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.5/config/manifests/metallb-native.yaml

 

# advertise.yaml

apiVersion: metallb.io/v1beta1

kind: L2Advertisement

metadata:

  name: l2adver

  namespace: metallb-system

spec:

  ipAddressPools: # 如果不配置则会通告所有的IP池地址

    - ip-pool

 

# ip-pool.yaml

apiVersion: metallb.io/v1beta1

kind: IPAddressPool

metadata:

  name: ip-pool

  namespace: metallb-system

spec:

  addresses:

    - 10.167.47.210-10.167.47.215 # 根据虚拟机的ip地址来配置 这些ip地址可以分配给k8s中的服务

 

kubectl apply -f advertise.yaml

kubectl apply -f ip-pool.yaml

 

2.部署cloudcore

wget https://github.com/kubeedge/kubeedge/releases/download/v1.18.1/keadm-v1.18.1-linux-amd64.tar.gz

tar -zxvf keadm-v1.18.1-linux-amd64.tar.gz # 解压keadm的tar.gz的包

 

cd keadm-v1.18.1-linux-amd64/keadm/

 

cp keadm /usr/sbin/ #将其配置进入环境变量，方便使用

 

#初始化 这里是ip-pool没有被分配的ip地址

keadm init --advertise-address="10.167.47.210" --kubeedge-version=1.18.1 --set iptablesHanager.mode="external"

 

#获取token

keadm gettoken

 

3.修改cloudcore的svc

修改服务的暴露方式，让外部可以连接
也可以使用NodePort，但是在初始化edgecore时就需要修改对应的ip映射了，上面初始化advertise-address也需要修改

kubectl edit svc cloudcore -n kubeedge

 

4.打标签

 

因为边缘计算的硬件条件都不好，这里我们需要打上标签，让一些应用不扩展到节点上去

kubectl get daemonset -n kube-system |grep -v NAME |awk '{print $1}' | xargs -n 1 kubectl patch daemonset -n kube-system --type='json' -p='[{"op": "replace","path": "/spec/template/spec/affinity","value":{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"node-role.kubernetes.io/edge","operator":"DoesNotExist"}]}]}}}}]'

 

kubectl get daemonset -n kuboard |grep -v NAME |awk '{print $1}' | xargs -n 1 kubectl patch daemonset -n kuboard --type='json' -p='[{"op": "replace","path": "/spec/template/spec/affinity","value":{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"node-role.kubernetes.io/edge","operator":"DoesNotExist"}]}]}}}}]'

 

kubectl get daemonset -n metallb-system |grep -v NAME |awk '{print $1}' | xargs -n 1 kubectl patch daemonset -n metallb-system --type='json' -p='[{"op": "replace","path": "/spec/template/spec/affinity","value":{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"node-role.kubernetes.io/edge","operator":"DoesNotExist"}]}]}}}}]'

5.边缘节点加入

# 关闭防火墙

systemctl stop firewalld

systemctl disable firewalld

 

# 禁用selinux

setenforce 0

 

# 网络配置，开启相应的转发机制

cat >> /etc/sysctl.d/k8s.conf <<EOF

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

net.ipv4.ip_forward = 1

vm.swappiness=0

EOF

 

# 生效规则

modprobe br_netfilter

sysctl -p /etc/sysctl.d/k8s.conf

 

# 查看是否生效

cat /proc/sys/net/bridge/bridge-nf-call-ip6tables

cat /proc/sys/net/bridge/bridge-nf-call-iptables

 

# 关闭系统swap

swapoff -a

 

# 设置hostname

# 边缘侧

 hostnamectl set-hostname edge1.kubeedge

 

# 配置hosts文件（示例），按照用户实际情况设置

cat >> /etc/hosts << EOF

10.167.47.22 edge1.kubeedge

EOF

 

# 同步时钟，选择可以访问的NTP服务器即可

# 时间同步

cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

yum clean all && yum makecache

yum install ntpdate -y && timedatectl set-timezone Asia/Shanghai && ntpdate time2.aliyun.com

# 加入到crontab

crontab -e

0 5 * * * /usr/sbin/ntpdate time2.aliyun.com

# 加入到开机自动同步，/etc/rc.local

vi /etc/rc.local

ntpdate time2.aliyun.com

 

#安装docker的yum源

yum install -y yum-utils device-mapper-persistent-data lvm2

  

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

#或者

https://files.cnblogs.com/files/chuanghongmeng/docker-ce.zip?t=1669080259

  

#安装

yum install docker-ce-20.10.3 -y

mkdir -p /data/docker

mkdir -p /etc/docker/

#温馨提示：由于新版kubelet建议使用systemd，所以可以把docker的CgroupDriver改成systemd

#如果/etc/docker 目录不存在，启动docker会自动创建。

cat > /etc/docker/daemon.json <<EOF

{

    "exec-opts": ["native.cgroupdriver=systemd"],

    "registry-mirrors": ["https://plqjafsr.mirror.aliyuncs.com"]

}

EOF

  

#温馨提示：根据服务器的情况，选择docker的数据存储路径，例如：/data

vi  /usr/lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd --graph=/data/docker

  

#重载配置文件

systemctl daemon-reload

systemctl restart docker

systemctl enable docker.service

 

rm /etc/containerd/config.toml

containerd config default > /etc/containerd/config.toml

ctr -n k8s.io images pull -k registry.aliyuncs.com/google_containers/pause:3.6

ctr -n k8s.io images tag registry.aliyuncs.com/google_containers/pause:3.6 registry.k8s.io/pause:3.6

  

systemctl restart containerd

 

# 安装 cri-tools 网络工具

wget --no-check-certificate https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.20.0/crictl-v1.20.0-linux-amd64.tar.gz

tar zxvf crictl-v1.20.0-linux-amd64.tar.gz -C /usr/local/bin

 

# 安装 cni 网络插件 手动 kubeedge 1.4版本后都需要安装

mkdir -p /opt/cni/bin

curl -L https://github.com/containernetworking/plugins/releases/download/v1.5.0/cni-plugins-linux-amd64-v1.5.0.tgz | sudo tar -C /opt/cni/bin -xz

 

# 配置 cni 网络插件

mkdir -p /etc/cni/net.d

cat <<EOF | sudo tee /etc/cni/net.d/10-containerd-net.conflist

{

  "cniVersion": "0.4.0",

  "name": "containerd-net",

  "plugins": [

    {

      "type": "bridge",

      "bridge": "cni0",

      "isGateway": true,

      "ipMasq": true,

      "ipam": {

        "type": "host-local",

        "ranges": [

          [{"subnet": "10.10.0.0/16"}]

        ],

        "routes": [

          {"dst": "0.0.0.0/0"}

        ]

      }

    },

    {

      "type": "portmap",

      "capabilities": {"portMappings": true}

    }

  ]

}

EOF

 

curl -LO https://github.com/containerd/nerdctl/releases/download/v1.7.6/nerdctl-1.7.6-linux-amd64.tar.gz

scp -rp /usr/sbin/keadm   10.167.47.22:/usr/sbin/

 

#安装cni方式2脚本安装

curl -LO https://github.com/kubeedge/kubeedge/blob/master/hack/lib/install.sh

# 将脚本文件放入环境

source install.sh

#修改Install.sh里面subnet子网范围 

{

            "subnet": "10.10.0.0/16"

          }

# 执行安装cni命令

install_cni_plugins

 

#加入 ip是loadblance ip, token是keadm gettoken获取 由于这里是个虚拟ip所以需要找运维开放安全组

keadm join --cloudcore-ipport=10.167.47.210:10000 \

--token f3245a6f984efb5a81e412566301656701606172e2bd854f5683d1316d3124e6.eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzAyNzA1NzF9.dbIxjSNgewTaiRnomeWKM0s4qb7px3mcz3EddcYHShs \

--edgenode-name=edge1 \

--kubeedge-version v1.18.1 \

--remote-runtime-endpoint=unix:///run/containerd/containerd.sock \

--cgroupdriver=systemd \

--with-mqtt

6.边缘节点测试

 

vi nginx-deployment.yaml

#nginx-deployment.yaml

apiVersion: apps/v1

kind: Deployment

metadata:

 name: nginx-metallb

spec:

 replicas: 1

 selector:

   matchLabels:

     app: nginx

 template:

   metadata:

     labels:

       app: nginx

   spec:

     nodeName: edge1  # 边缘端的名字 kubectl get node里面的

     hostNetwork: true   # 使用主机网络  不使用主机网络，在其它主机无法进行访问   是因为两个cni网络不是同一个

     containers:

       - name: nginx

         image: nginx:latest

         ports:

           - containerPort: 80

 

---

apiVersion: v1

kind: Service

metadata:

 name: nginx-service

spec:

 selector:

   app: nginx

 ports:

   - name: http

     port: 80

     targetPort: 80

 type: LoadBalancer

 

7.开启监控

由于kubeedge是无法通过kubelet去获取的这个时候需要开启监控

#边缘节点

vi /etc/kubeedge/config/edgecore.yaml

#enable改成true

edgeStream:

  enable: true

  handshakeTimeout: 30

  readDeadline: 15

  server: 192.168.1.1:10004

  tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt

  tlsTunnelCertFile: /etc/kubeedge/certs/server.crt

  tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key

  writeDeadline: 15

 

#执行kubectl edit cm cloudcore -nkubeedge并配置featureGates.requireAuthorization=true以下dynamiccontroller.enable=true

apiVersion: v1

data:

  cloudcore.yaml: |

    apiVersion: cloudcore.config.kubeedge.io/v1alpha2

    ...

    featureGates:

      requireAuthorization: true

    modules:

      ...

      dynamicController:

        enable: true    

 

#边缘节点

apiVersion: edgecore.config.kubeedge.io/v1alpha2

...

kind: EdgeCore

featureGates:

  requireAuthorization: true

modules:

...

  metaServer:

    enable: true

 

systemctl restart edgecore.service

 

#重启边缘核心

systemctl restart edgecore

#maste节点通过iptables进行转发

iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X

iptables -t nat -A OUTPUT -p tcp --dport 10350 -j DNAT --to 10.167.47.210:10003

iptables -t nat -A OUTPUT -p tcp --dport 10351 -j DNAT --to 10.167.47.210:10003

iptables -t nat -A OUTPUT -p tcp --dport 10352 -j DNAT --to 10.167.47.210:10003

 

#修改tunnelport

kubectl -n kubeedge edit cm tunnelport

改成10350

 

9.安装caclio

wget https://raw.githubusercontent.com/projectcalico/calico/master/manifests/calico.yaml

#修改配置

# CLUSTER_TYPE 下方添加信息

- name: CLUSTER_TYPE

  value: "k8s,bgp"

# 下方为新增内容 更改为合适的网卡

- name: IP_AUTODETECTION_METHOD

  value: "interface=eth0"

 

kubectl apply -f calico.yaml

 

#防火墙设置否则可能controller报443

 iptables -P INPUT ACCEPT

 iptables -P FORWARD ACCEPT

 iptables -P FORWARD ACCEPT

 iptables -F

 

边缘节点需要添加路由到中心容器路由器否则容器无法访问边缘节点
route add -net 10.10.0.0/16 gw 100.12.0.1