在k8s集群中部署EdgeMesh

1. 前置准备

1.1 移除k8s master节点污点

如果k8s master节点上没有部署需要被代理的应用，也可以不执行此步骤：

kubectl taint nodes --all node-role.kubernetes.io/master-

1.2 给 Kubernetes API 服务添加过滤标签

正常情况下你不会希望 EdgeMesh 去代理 Kubernetes API 服务，因此需要给它添加过滤标签，更多信息请参考 服务过滤。

kubectl label services kubernetes service.edgemesh.kubeedge.io/service-proxy-name=""

1.3 启用 KubeEdge 的边缘 Kube-API 端点服务

1.3.1 在云端开启 dynamicController 模块

修改cloudcore configmap，需要重启cloudcore pod

$ kubectl edit cm cloudcore -n kubeedge
modules:
  ...
  dynamicController:
    enable: true

1.3.2 在边缘节点，打开 metaServer 模块（如果你的 KubeEdge < 1.8.0，还需关闭旧版 edgeMesh 模块），配置完成后，需要重启 edgecore

$ vim /etc/kubeedge/config/edgecore.yaml
modules:
  ...
  edgeMesh:
    enable: false
  ...
  metaManager:
    metaServer:
      enable: true
...

systemctl restart edgecore.service 

1.3.3  在边缘节点，配置 clusterDNS 和 clusterDomain，配置完成后，需要重启 edgecore

$ vim /etc/kubeedge/config/edgecore.yaml
modules:
  ...
  edged:
    ...
    tailoredKubeletConfig:
      ...
      clusterDNS:
      - 169.254.96.16
      clusterDomain: cluster.local
...

systemctl restart edgecore.service 

提示

• 步骤3的配置是为了边缘应用能够访问到 EdgeMesh 的 DNS 服务，与边缘 Kube-API 端点本身无关，但为了配置的流畅性，还是放在这里说明。
• clusterDNS 设置的值 '169.254.96.16' 来自于 commonConfig在新窗口打开 中 bridgeDeviceIP 的默认值，正常情况下无需修改，非得修改请保持两者一致。

1.3.4 在边缘节点，测试边缘 Kube-API 端点功能是否正常

curl 127.0.0.1:10550/api/v1/services
{"apiVersion":"v1","items":[{"apiVersion":"v1","kind":"Service","metadata":{"creationTimestamp":"2021-04-14T06:30:05Z","labels":{"component":"apiserver","provider":"kubernetes"},"name":"kubernetes","namespace":"default","resourceVersion":"147","selfLink":"default/services/kubernetes","uid":"55eeebea-08cf-4d1a-8b04-e85f8ae112a9"},"spec":{"clusterIP":"10.96.0.1","ports":[{"name":"https","port":443,"protocol":"TCP","targetPort":6443}],"sessionAffinity":"None","type":"ClusterIP"},"status":{"loadBalancer":{}}},{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"prometheus.io/port":"9153","prometheus.io/scrape":"true"},"creationTimestamp":"2021-04-14T06:30:07Z","labels":{"k8s-app":"kube-dns","kubernetes.io/cluster-service":"true","kubernetes.io/name":"KubeDNS"},"name":"kube-dns","namespace":"kube-system","resourceVersion":"203","selfLink":"kube-system/services/kube-dns","uid":"c221ac20-cbfa-406b-812a-c44b9d82d6dc"},"spec":{"clusterIP":"10.96.0.10","ports":[{"name":"dns","port":53,"protocol":"UDP","targetPort":53},{"name":"dns-tcp","port":53,"protocol":"TCP","targetPort":53},{"name":"metrics","port":9153,"protocol":"TCP","targetPort":9153}],"selector":{"k8s-app":"kube-dns"},"sessionAffinity":"None","type":"ClusterIP"},"status":{"loadBalancer":{}}}],"kind":"ServiceList","metadata":{"resourceVersion":"377360","selfLink":"/api/v1/services"}}

2. 安装

2.1 生成PSK cipher

openssl rand -base64 32
WifvEZLmK/bgc8SzhQ/ptZZc/9uZZ0yUsAABCHEdrQ4=

2.2 部署EdgeMesh

helm install edgemesh --namespace kubeedge \
--set agent.psk=WifvEZLmK/bgc8SzhQ/ptZZc/9uZZ0yUsAABCHEdrQ4= \
--set agent.relayNodes[0].nodeName=k8s-master,agent.relayNodes[0].advertiseAddress="{1.1.1.1}" \
https://github.com/kubeedge/edgemesh/blob/v1.15.0/build/helm/edgemesh.tgz