1. 前置准备
1.1 移除k8s master节点污点
如果k8s master节点上没有部署需要被代理的应用,也可以不执行此步骤:
kubectl taint nodes --all node-role.kubernetes.io/master-
1.2 给 Kubernetes API 服务添加过滤标签
正常情况下你不会希望 EdgeMesh 去代理 Kubernetes API 服务,因此需要给它添加过滤标签,更多信息请参考 服务过滤。
kubectl label services kubernetes service.edgemesh.kubeedge.io/service-proxy-name=""
1.3 启用 KubeEdge 的边缘 Kube-API 端点服务
1.3.1 在云端开启 dynamicController 模块
修改cloudcore configmap,需要重启cloudcore pod
$ kubectl edit cm cloudcore -n kubeedge
modules:...dynamicController:enable: true
1.3.2 在边缘节点,打开 metaServer 模块(如果你的 KubeEdge < 1.8.0,还需关闭旧版 edgeMesh 模块),配置完成后,需要重启 edgecore
$ vim /etc/kubeedge/config/edgecore.yaml
modules:...edgeMesh:enable: false...metaManager:metaServer:enable: true
...
systemctl restart edgecore.service
1.3.3 在边缘节点,配置 clusterDNS 和 clusterDomain,配置完成后,需要重启 edgecore
$ vim /etc/kubeedge/config/edgecore.yaml
modules:...edged:...tailoredKubeletConfig:...clusterDNS:- 169.254.96.16clusterDomain: cluster.local
...
systemctl restart edgecore.service
提示
- 步骤3的配置是为了边缘应用能够访问到 EdgeMesh 的 DNS 服务,与边缘 Kube-API 端点本身无关,但为了配置的流畅性,还是放在这里说明。
- clusterDNS 设置的值 '169.254.96.16' 来自于 commonConfig在新窗口打开 中 bridgeDeviceIP 的默认值,正常情况下无需修改,非得修改请保持两者一致。
1.3.4 在边缘节点,测试边缘 Kube-API 端点功能是否正常
curl 127.0.0.1:10550/api/v1/services
{"apiVersion":"v1","items":[{"apiVersion":"v1","kind":"Service","metadata":{"creationTimestamp":"2021-04-14T06:30:05Z","labels":{"component":"apiserver","provider":"kubernetes"},"name":"kubernetes","namespace":"default","resourceVersion":"147","selfLink":"default/services/kubernetes","uid":"55eeebea-08cf-4d1a-8b04-e85f8ae112a9"},"spec":{"clusterIP":"10.96.0.1","ports":[{"name":"https","port":443,"protocol":"TCP","targetPort":6443}],"sessionAffinity":"None","type":"ClusterIP"},"status":{"loadBalancer":{}}},{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"prometheus.io/port":"9153","prometheus.io/scrape":"true"},"creationTimestamp":"2021-04-14T06:30:07Z","labels":{"k8s-app":"kube-dns","kubernetes.io/cluster-service":"true","kubernetes.io/name":"KubeDNS"},"name":"kube-dns","namespace":"kube-system","resourceVersion":"203","selfLink":"kube-system/services/kube-dns","uid":"c221ac20-cbfa-406b-812a-c44b9d82d6dc"},"spec":{"clusterIP":"10.96.0.10","ports":[{"name":"dns","port":53,"protocol":"UDP","targetPort":53},{"name":"dns-tcp","port":53,"protocol":"TCP","targetPort":53},{"name":"metrics","port":9153,"protocol":"TCP","targetPort":9153}],"selector":{"k8s-app":"kube-dns"},"sessionAffinity":"None","type":"ClusterIP"},"status":{"loadBalancer":{}}}],"kind":"ServiceList","metadata":{"resourceVersion":"377360","selfLink":"/api/v1/services"}}
2. 安装
2.1 生成PSK cipher
openssl rand -base64 32
WifvEZLmK/bgc8SzhQ/ptZZc/9uZZ0yUsAABCHEdrQ4=
2.2 部署EdgeMesh
helm install edgemesh --namespace kubeedge \
--set agent.psk=WifvEZLmK/bgc8SzhQ/ptZZc/9uZZ0yUsAABCHEdrQ4= \
--set agent.relayNodes[0].nodeName=k8s-master,agent.relayNodes[0].advertiseAddress="{1.1.1.1}" \
https://github.com/kubeedge/edgemesh/blob/v1.15.0/build/helm/edgemesh.tgz