Git Product home page Git Product logo

edgeadm's Introduction

Edgeadm使用教程

源码编译

您可以选择使用SuperEdge Release的版本,也可以根据需要使用源代码编译出符合您需求的版本

1. 选择Release版本

2. 我要编译源代码

  • deal with dependency: go mod tidy
  • build: make build
  • clean: make clean

edgeadm 输出的二进制文件在output文件夹下

3. 版本适配列表

由于 edgeadm 依赖的 kubeadm 和 kubernetes 版本有强依赖关系,请检查您需要的 edgeadm 版本:现阶段 main 主分支支持部署 Kubernetes 1.22 版本;如果需要部署更低版本的Kubernetes ,请 checkout 到对应的分支进行编译

Branch Kubernetes 1.18.2 Kubernetes 1.20.6 Kubernetes 1.22.6
release-1.18 - -
release-1.20 - -
HEAD - -

注意:最新的v0.9.0版本仅支持 Kubernetes 1.22.6 版本

开始部署

1. 两条指令从零搭建一个边缘集群

  • 下载安装包

    edgeadm 最近两个版本[v0.9.0,v0.8.2]支持的体系结构 arch[amd64, arm64]以及kubernetes 版本[1.22.6, 1.20.6]组合如下,请大家按需下载:

    • CPU arch [amd64, arm64], kubernetes version [1.22.6], version: v0.9.0
    • CPU arch [amd64, arm64], kubernetes version [1.22.6, 1.20.6], version: v0.8.2 注意修改 arch/version/kubernetesVersion 变量参数来下载 tgz 包:
    arch=amd64 version=v0.9.0 kubernetesVersion=1.22.6 && rm -rf edgeadm-linux-* && wget https://superedge-1253687700.cos.ap-guangzhou.myqcloud.com/$version/$arch/edgeadm-linux-$arch-$version-k8s-$kubernetesVersion.tgz && tar -xzvf edgeadm-linux-* && cd edgeadm-linux-$arch-$version-k8s-$kubernetesVersion && ./edgeadm

    此静态安装包也可以从 Github Release页面 下载

  • 安装边缘 Kubernetes master 节点 将下载的压缩包解压后,进入目录,执行下面的命令:

    ./edgeadm init --kubernetes-version=1.22.6 --image-repository superedge.tencentcloudcr.com/superedge --service-cidr=10.244.0.0/16 --pod-network-cidr=10.233.0.0/16 --install-pkg-path ./kube-linux-*.tar.gz --apiserver-cert-extra-sans=<Master节点外网 IP/域名等> --apiserver-advertise-address=<Master节点内网 IP> --enable-edge=true --edge-version=0.9.0

--apiserver-cert-extra-sans=<Master节点外网 IP/域名等>:这里的外网 IP 指的是边缘节点需要接入的云端控制面的公网 IP以及外网域名,apiserver 会签发相应的证书供边缘节点访问

--apiserver-advertise-address=<Master节点内网 IP>:这里的内网 IP 指的是 edgeadm 用于初始化 etcd 和 apiserver 需要绑定的节点内部 IP

--edge-version=0.9.0:如果需要使用最新的 Kins 能力, 这里需要指定最新v0.9.0的版本(仅支持 Kubernetes 1.22.6);如果不需要 Kins 能力,同时又希望能够使用类似 1.20 的低 K8s 版本,可以使用 v0.8.2版本,支持最新的云边隧道能力,支持云端 master、worker 和边缘节点三种类型节点的 7 层协议互通,适配更加完善。

  • Join 边缘节点
./edgeadm join <Master节点外网IP/域名>:Port --token xxxx --discovery-token-ca-cert-hash sha256:xxxxxxxxxx --install-pkg-path <edgeadm kube-*静态安装包地址> --enable-edge=true

--enable-edge=true: true 代表是边缘节点,会部署 lite-apiserver 等边缘组件;false 代表是云上 worker 节点,会按照标准 kubeadm 方式部署,不会部署边缘组件

详情见:从零搭建边缘集群

2. 一键将已有集群转换成边缘集群

  • 将普通集群转换成边缘集群: edgeadm change --kubeconfig admin.kubeconfig

  • 将边缘集群回退成普通集群: edgeadm revert --kubeconfig admin.kubeconfig

  • edgeadm 一键转换

3. 以Addon方式部署SuperEdge

4. 我是高手,想一个个组件手工部署

edgeadm's People

Contributors

dodiadodia avatar 00pf00 avatar malc0lm avatar

Stargazers

AM avatar avatar avatar Charith Madhuranga avatar xlq avatar Four Hu avatar Yanghao LUO avatar avatar avatar huyunlei avatar

Watchers

Chris Aniszczyk avatar James Cloos avatar avatar avatar Yiwei Chen avatar Bobby (Jun) Zhang avatar

Forkers

00pf00 malc0lm hellolittlewei elementyang flower01840 dodiadodia zizhuoy

edgeadm's Issues

tunnel-cloud manifests 模版缺少参数

发生了什么:

在我的 minikube 中尝试使用 edgeadm 将其转换为一个具有边缘能力的集群,我执行了以下命令

edgeadm change --ca.cert ./ca.crt --ca.key ./ca.key

其日志输出如下:

image

看起来并没有成功

我猜测的原因:

从命令执行的输出来看,是往 Kubernetes 创建一个 Secret 报错了,原因是某个值不是一个合法的 base64

找到相关代码:

edgeadm/pkg/edgeadm/cmd/change/kubeadm.go

Lines 238 to 251 in d63c731

option := map[string]interface{}{
"Namespace": constant.NamespaceEdgeSystem,
"TunnelCloudEdgeToken": tunnelCloudToken,
"TunnelProxyServerKey": base64.StdEncoding.EncodeToString(kubeletKey),
"TunnelProxyServerCrt": base64.StdEncoding.EncodeToString(kubeletCert),
"TunnelPersistentConnectionServerKey": base64.StdEncoding.EncodeToString(serviceKey),
"TunnelPersistentConnectionServerCrt": base64.StdEncoding.EncodeToString(serviceCert),
}
tunnelCloudYaml := common.ReadYaml(c.manifests+"/"+manifests.APP_TUNNEL_CLOUD, manifests.TunnelCloudYaml)
err = kubeclient.CreateResourceWithFile(c.clientSet, tunnelCloudYaml, option)
if err != nil {
return "", err
}

  1. 247 行读取 tunnel-cloud 组件的 manifests 模版,因为没有指定所以使用的是默认值 manifests.TunnelCloudYaml
    其中有一个名为 tunnel-cloud-cert 的 Secret ,含有变量 {{.TunnelAnpServerCet}}{{.TunnelAnpServerKey}}
  2. 238 行定义了为 tunnel-cloud manifests 模版填充的变量,其中并没有 "TunnelAnpServerCet""TunnelAnpServerKey" 两个键,因此生成的最终的 manifests 中这两个变量会被 <no value> 替代(这不是个合法的 base64 字符串)
  3. 248 行的 CreateResourceWithFile 方法会使用变量填充模版,然后提交到 Kubernetes ,导致了上述报错

经过我验证,如果在 manifests 中注释掉相关 Secret 中 tunnel-anp-server.crttunnel-anp-server.key 即可无错误地通过这段逻辑。但是因为不了解这个证书的用途,因此也不确定这样是否会导致其它问题。

其它信息:

执行 edgeadm version 的输出:

{
   "gitVersion": "v0.8.0",
   "gitBranch": "release-1.20",
   "gitCommit": "d63c731345424cd26e39734144b852784f4245aa",
   "gitTreeState": "dirty",
   "buildDate": "2022-07-25T14:11:51Z",
   "goVersion": "go1.17.11",
   "compiler": "gc",
   "platform": "linux/amd64"
}

how to certs renew all

Unable to connect to the server: x509:
certificate has expired or is not yet valid: current time 2023-10-24T18:48:24+08:00 is after 2023-10-18T16:37:06Z

support
”kubeadm alpha certs renew all “ ?

how to renew certs?

创建 edge-kube-proxy 命名空间错误

发生了什么:

在我的 minikube 中尝试使用 edgeadm 将其转换为一个具有边缘能力的集群,我执行了以下命令

edgeadm change --ca.cert ./ca.crt --ca.key ./ca.key -m ./manifests

其日志输出如下:

image

与默认操作不同的是,我修改了 ./manifests/tunnel-cloud.yaml 中的内容,将第 82 和 83 行注释了,为了能跑下去(以避免出现 #27 提到的情况)

image

除此之外其他内容都是由 edgeadm manifests 命令生成的

我猜测的原因:

从日志输出来看,报错出现在创建 ConfigMap edge-kube-proxy 时

相关代码:

edgeadm/pkg/edgeadm/cmd/change/kubeadm.go

Lines 376 to 414 in d63c731

func (c *changeAction) updateKubeProxyKubeconfig() error {
kubeClient := c.clientSet
kubeProxyCM, err := kubeClient.CoreV1().ConfigMaps(
constant.NamespaceKubeSystem).Get(context.TODO(), constant.KubeProxy, metav1.GetOptions{})
if err != nil {
return err
}
edgeKubeProxyCM := kubeProxyCM.DeepCopy()
edgeKubeProxyCM.Name = constant.EdgeKubeProxy
edgeKubeProxyCM.Namespace = constant.NamespaceKubeSystem
edgeKubeProxyCM.ResourceVersion = ""
proxyConfig, ok := edgeKubeProxyCM.Data[constant.CMKubeConfig]
if !ok {
return errors.New("Get kube-proxy kubeconfig.conf nil\n")
}
config, err := clientcmd.Load([]byte(proxyConfig))
if err != nil {
return err
}
for key := range config.Clusters {
config.Clusters[key].Server = constant.ApplicationGridWrapperServiceAddr
}
content, err := clientcmd.Write(*config)
if err != nil {
return err
}
edgeKubeProxyCM.Data[constant.CMKubeConfig] = string(content)
if _, err := kubeClient.CoreV1().ConfigMaps(
constant.NamespaceEdgeSystem).Create(context.TODO(), edgeKubeProxyCM, metav1.CreateOptions{}); err != nil {
return err
}

按我的理解,这一段逻辑做的操作是:

  1. 读取 kube-system 命名空间的 ConfigMap kube-proxy
  2. 对该 ConfigMap 做一些修改
  3. 更名为 edge-kube-proxy 然后创建到 edge-system 命名空间

错误发生在第 3 步。因为第 386 行将该 ConfigMap 的命名空间设置为 kube-system ,而第 410 行创建该 ConfigMap 时调用的接口请求的是 edge-system 命名空间。导致了上述错误

我猜测第 386 行正确应该为 edgeKubeProxyCM.Namespace = constant.NamespaceEdgeSystem

其它信息:

执行 edgeadm version 的输出:

{
   "gitVersion": "v0.8.0",
   "gitBranch": "release-1.20",
   "gitCommit": "d63c731345424cd26e39734144b852784f4245aa",
   "gitTreeState": "dirty",
   "buildDate": "2022-07-25T14:11:51Z",
   "goVersion": "go1.17.11",
   "compiler": "gc",
   "platform": "linux/amd64"
}

Edgeadm doesn't output the installation log

What happened:
edgeadm init function doesn't output the log file correctly.
What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

  • SuperEdge version:
  • Kubernetes version (use kubectl version):
  • OS (e.g. cat /etc/os-release):
  • Kernel (e.g. uname -a):
  • Hardware configuration (e.g. lscpu)
  • Go Version (e.g. go version)
  • Others:

Flannel 版本错误,无法实现节点断网重启后,pod ip 不变等特性

What happened:

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

  • SuperEdge version:
  • Kubernetes version (use kubectl version):
  • OS (e.g. cat /etc/os-release):
  • Kernel (e.g. uname -a):
  • Hardware configuration (e.g. lscpu)
  • Go Version (e.g. go version)
  • Others:

Edgeadm reset 遗留问题清理

What happened:
Edgeadm reset 后,还遗留一些信息需要清理:

  1. iptables 规则:iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
  2. kubelet 未清理,包括 kubelet 二进制以及 systemd 文件,以及/var/lib/kubelet
  3. cni未清理,包括/etc/cni/和/var/lib/cni/
  4. 几个虚拟 ip 未清理,包括tkeedgedns,flannel.1,cni0

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

  • SuperEdge version:
  • Kubernetes version (use kubectl version):
  • OS (e.g. cat /etc/os-release):
  • Kernel (e.g. uname -a):
  • Hardware configuration (e.g. lscpu)
  • Go Version (e.g. go version)
  • Others:

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.