kubeedge离线搭建
kubeedge搭建前绝条件
1.cloud端部署kubernetes>1.18&&<=1.21
2.edge端部署docker>1.9
一、Cloud端和Edge端部署keadm
1.进入GitHub的release页面复制keadm的下载地址:https://github.com/kubeedge/kubeedge/releases
cloud
2.解压文件
tar -zxvf keadm-v1.9.2-linux-amd64.tar.gzcd keadm-v1.9.2-linux-amd64/keadm/chmod +x keadmcp keadm /usr/local/bin/keadm version
二、在Cloud端部署
获取适合自己云端机器类型的keadm
离线物料准备(在网络能正常拉到物料时可跳过)
a. 将crds文件夹中的所有内容平移到部署机的/etc/kubeedge/crds目录下
b. 将kubeedge压缩包放置到/etc/kubeedge目录下
c. 将checksum放置到/etc/kubeedge目录下
d. 将cloudcore.service放置到/etc/kubeedge目录下
e. 将certgen.sh放置到/etc/kubeedge目录下
1.生成密钥
export CLOUDCOREIPS="x.x.x.x"/etc/kubeedge/certgen.sh stream/etc/kubeedge/certgen.sh genCertAndKey server
注:x.x.x.x为对外IP地址
2.设置iptable
iptables -t nat -A OUTPUT -p tcp --dport 10350 -j DNAT --to $CLOUDCOREIPS:10003
3.cloudcore运行
keadm init --advertise-address="THE-EXPOSED-IP"
4.修改yaml文件/etc/kubeedge/config/cloudcore.yaml,中enable改成true
cloudStream: enable: true streamPort: 10003 tlsStreamCAFile: /etc/kubeedge/ca/streamCA.crt tlsStreamCertFile: /etc/kubeedge/certs/stream.crt tlsStreamPrivateKeyFile: /etc/kubeedge/certs/stream.key tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt tlsTunnelCertFile: /etc/kubeedge/certs/server.crt tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key tunnelPort: 10004
5.设置systemctl
将cloudcore.server复制到/usr/lib/systemd/system/
pkill cloudcorecp /etc/kubeedge/cloudcore.service /usr/lib/systemd/system/systemctl restart cloudcore
6.修改kube-proxy文件
kubectl edit daemonsets.apps -n kube-system kube-proxy
添加如下字段
affinity:nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: node-role.kubernetes.io/edge operator: DoesNotExist
7.获取token
keadm gettoken
三、在Edge端部署
在云端运行 keadm gettoken 将返回token令牌,该令牌将在加入边缘节点时使用。
离线物料准备
a. 将kubeedge压缩包放置到/etc/kubeedge目录下
b. 将checksum下载到/etc/kubeedge目录下
c. 将edgecore.service下载到/etc/kubeedge目录下
d.将cloud端ca、certs复制到edge端的/etc/kubeedge目录下
1.运行edgecore
./keadm join --cloudcore-ipport=x.x.x.x:10000 --token=xxxx
2.修改yaml文件/etc/kubeedge/config/edgecore.yaml,将enable设置成true
edgeStream: enable: true handshakeTimeout: 30 readDeadline: 15 server: 192.168.0.139:10004 tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt tlsTunnelCertFile: /etc/kubeedge/certs/server.crt tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key writeDeadline: 15
重启edgecore
systemcl restart edgecore.service
四、kubeedge卸载方案
#或者强制卸载 --force./keadm reset --force#删除相关文件rm -rf /etc/systemd/system/edgecore.servicerm -rf /usr/lib/systemd/system/edgecore.servicerm -rf /etc/kubeedge#停止服务systemctl stop edgecore.servicesystemctl daemon-reloadps aux|grep edgecore