下载安装包并解压
kubeedge-1.11.1.zip
kubeedge-v1.11.1-linux-amd64.tar.gz
设置环境变量
设置为你的下载包的对应目录
export KE_INSTALL="/workspace/kubeedge/kubeedge-v1.11.1-linux-amd64"
export KE_PKG="/workspace/kubeedge/kubeedge-1.11.1"
创建CRD
cd $KE_PKG/build/crds/
kubectl apply -f $KE_PKG/build/crds/devices/devices_v1alpha2_devicemodel.yaml
kubectl apply -f $KE_PKG/build/crds/devices/devices_v1alpha2_device.yaml
kubectl apply -f $KE_PKG/build/crds/reliablesyncs/cluster_objectsync_v1alpha1.yaml
kubectl apply -f $KE_PKG/build/crds/reliablesyncs/objectsync_v1alpha1.yaml
kubectl apply -f $KE_PKG/build/crds/router/router_v1_ruleEndpoint.yaml
kubectl apply -f $KE_PKG/build/crds/router/router_v1_rule.yaml
安装cloud
配置文件
默认路径:/etc/kubeedge/config/cloudcore.yaml
生成默认配置文件
cp $KE_INSTALL/cloud/cloudcore/cloudcore /usr/local/bin/
mkdir -p /etc/kubeedge/config/
cloudcore --defaultconfig > /etc/kubeedge/config/cloudcore.yaml
修改配置文件
vim /etc/kubeedge/config/cloudcore.yaml
- 设置
kubeAPIConfig.kubeConfig: "/root/.kube/config" - 设置 cloudStream 如下
cloudStream:
enable: true
streamPort: 10003
tlsStreamCAFile: /etc/kubeedge/ca/rootCA.crt
tlsStreamCertFile: /etc/kubeedge/certs/server.crt
tlsStreamPrivateKeyFile: /etc/kubeedge/certs/server.key
tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt
tlsTunnelCertFile: /etc/kubeedge/certs/server.crt
tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key
tunnelPort: 10004
创建证书
安装cfssl
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl-certinfo_1.6.1_linux_amd64
chmod +x cfssl*
mv cfssl_1.6.1_linux_amd64 /usr/local/bin/cfssl
mv cfssljson_1.6.1_linux_amd64 /usr/local/bin/cfssljson
mv cfssl-certinfo_1.6.1_linux_amd64 /usr/bin/cfssl-certinfo
创建 CA 证书
cat > ca-csr.json <<EOF
{
"CN": "Kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "GD",
"L": "ShenZhen",
"O": "Kubernetes",
"OU": "CA"
}
]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
# 生成 ca.csr ca-csr.json ca-key.pem ca.pem
# ca-key.pem(CA证书密钥) ca.pem(CA证书)
cat > ca-config.json <<EOF
{
"signing": {
"default": {
"expiry": "876000h"
},
"profiles": {
"kubernetes": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "876000h"
}
}
}
}
EOF
# ca-config.json: 证书签发配置,用 CA 证书来签发其它证书时需要用
签发服务证书
cat > kubeedge-csr.json <<EOF
{
"CN": "kubeedge",
"hosts": [
"*.com",
"*.com.cn",
"*.cn",
"*.kubeedge.cn",
"*.kubeedge.com"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "GD",
"L": "ShenZhen",
"O": "kubeedge",
"OU": "kubeedge"
}
]
}
EOF
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes \
kubeedge-csr.json | cfssljson -bare kubeedge
# 生成 kubeedge-csr.json kubeedge-key.pem kubeedge.pem
# kubeedge-key.pem(密钥)kubeedge.pem(证书)
拷贝证书
mkdir -p /etc/kubeedge/ca/
mkdir -p /etc/kubeedge/certs/
cp ca.pem /etc/kubeedge/ca/rootCA.crt
cp ca-key.pem /etc/kubeedge/ca/rootCA.key
cp kubeedge.pem /etc/kubeedge/certs/server.crt
cp kubeedge-key.pem /etc/kubeedge/certs/server.key
启动
cloudcore
安装edge
将$KE_INSTALL/edge/edgecore放到节点机器的/usr/local/bin/
配置文件
默认路径:/etc/kubeedge/config/edgecore.yaml
生成默认配置文件
mkdir -p /etc/kubeedge/config/
edgecore --defaultconfig > /etc/kubeedge/config/edgecore.yaml
添加域名
vim /etc/hosts
# 这里是为了和证书允许的域名匹配上,添加以下
{{ 集群ip }} test.kubeedge.com
修改配置文件
vim /etc/kubeedge/config/edgecore.yaml
# 将相关ip修改为集群的test.kubeedge.com
# edgeStream.enable: true 打开stream才可以 kubectl log -f
# edged.hostnameOverride: edge-1 这里是节点的名称
拷贝证书
有两种方式:重新生成证书;直接使用服务端的证书
这里直接使用服务端证书
mkdir /etc/kubeedge/ca
mkdir /etc/kubeedge/certs
将服务端的对应证书拷贝到以上目录
启动
edgecore
查看节点
在集群执行kubectl get pods可以看到
edge-1 Ready agent,edge 8s v1.22.6-kubeedge-v1.11.1
