Kubernetes边缘计算部署方案:将K8s延伸到边缘节点
Kubernetes边缘计算部署方案:将K8s延伸到边缘节点
一、边缘计算概述
边缘计算是一种将计算资源部署在靠近数据源的网络边缘的架构模式。在Kubernetes中实现边缘计算可以实现更低的延迟和更高的可靠性。
1.1 边缘计算场景
| 场景 | 说明 | 需求 |
|---|---|---|
| IoT设备管理 | 管理大量物联网设备 | 低延迟、本地处理 |
| 实时视频分析 | 视频流实时处理 | 高性能计算 |
| 智能网关 | 数据预处理和过滤 | 数据压缩、协议转换 |
| CDN加速 | 内容分发网络 | 就近服务 |
1.2 边缘架构
云端Kubernetes集群 │ ▼ ┌─────────────────────┐ │ 中心控制器 │ └──────────┬──────────┘ │ ┌────────────────┼────────────────┐ │ │ │ ▼ ▼ ▼ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ 边缘节点A │ │ 边缘节点B │ │ 边缘节点C │ │ (工厂现场) │ │ (零售门店) │ │ (智能城市) │ └──────────────┘ └──────────────┘ └──────────────┘二、K3s边缘部署
2.1 K3s安装
# 在边缘节点安装K3s agent curl -sfL https://get.k3s.io | K3S_URL=https://server-ip:6443 K3S_TOKEN=token sh - # 配置节点标签 kubectl label node edge-node-01 node-role.kubernetes.io/edge=2.2 K3s配置优化
apiVersion: v1 kind: ConfigMap metadata: name: k3s-agent-config namespace: kube-system data: config.yaml: | node-name: edge-node-01 server: https://server-ip:6443 token: <token> node-label: - "edge=enabled" - "location=factory"三、KubeEdge部署
3.1 KubeEdge安装
# 安装cloud core keadm init --advertise-address=<cloud-core-address> # 在边缘节点安装edge core keadm join --cloudcore-ipport=<cloud-core-address>:10000 --token=<token>3.2 EdgeCore配置
apiVersion: v1 kind: ConfigMap metadata: name: edgecore-config namespace: kubeedge data: edgecore.yaml: | modules: edgeHub: server: wss://cloud-core:10000/e632ba82-1d82-41a7-9bc9-696d22765d85 token: <token> edgeMesh: enable: true metaManager: contextSendGroup: edge-node3.3 EdgePod配置
apiVersion: apps/v1 kind: Deployment metadata: name: edge-app labels: app: edge-app spec: replicas: 1 selector: matchLabels: app: edge-app template: metadata: labels: app: edge-app annotations: nodeSelector: edge: enabled spec: nodeSelector: edge: enabled containers: - name: app image: edge-app:latest resources: limits: memory: "256Mi" cpu: "500m"四、边缘节点管理
4.1 节点亲和性配置
apiVersion: apps/v1 kind: Deployment metadata: name: edge-service spec: template: spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: edge operator: In values: - "true" - key: location operator: In values: - factory4.2 污点和容忍度
apiVersion: v1 kind: Pod metadata: name: edge-pod spec: tolerations: - key: "edge" operator: "Equal" value: "true" effect: "NoSchedule" nodeSelector: edge: "true"五、边缘存储方案
5.1 本地存储配置
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: local-storage provisioner: kubernetes.io/no-provisioner volumeBindingMode: WaitForFirstConsumer --- apiVersion: v1 kind: PersistentVolume metadata: name: local-pv spec: capacity: storage: 10Gi volumeMode: Filesystem accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Delete storageClassName: local-storage local: path: /mnt/local-storage nodeAffinity: required: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/hostname operator: In values: - edge-node-015.2 分布式缓存配置
apiVersion: apps/v1 kind: StatefulSet metadata: name: edge-cache spec: serviceName: edge-cache replicas: 3 selector: matchLabels: app: edge-cache template: metadata: labels: app: edge-cache spec: nodeSelector: edge: enabled containers: - name: redis image: redis:latest ports: - containerPort: 6379 volumeMounts: - name: data mountPath: /data volumeClaimTemplates: - metadata: name: data spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 5Gi storageClassName: local-storage六、边缘网络配置
6.1 网络隔离
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: edge-network-policy spec: podSelector: matchLabels: edge: enabled policyTypes: - Ingress - Egress ingress: - from: - ipBlock: cidr: 192.168.1.0/24 ports: - protocol: TCP port: 80806.2 服务发现
apiVersion: v1 kind: Service metadata: name: edge-service spec: type: ClusterIP selector: app: edge-app ports: - port: 80 targetPort: 8080七、边缘安全策略
7.1 证书管理
apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: edge-cert spec: secretName: edge-tls issuerRef: name: edge-issuer kind: ClusterIssuer dnsNames: - edge.example.com7.2 访问控制
apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: edge-role namespace: edge rules: - apiGroups: [""] resources: ["pods", "services"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: edge-binding namespace: edge subjects: - kind: ServiceAccount name: edge-sa roleRef: kind: Role name: edge-role apiGroup: rbac.authorization.k8s.io八、边缘监控与日志
8.1 监控配置
apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: edge-monitor namespace: monitoring spec: selector: matchLabels: app: edge-exporter endpoints: - port: metrics interval: 30s scrapeTimeout: 10s8.2 日志收集
apiVersion: v1 kind: ConfigMap metadata: name: fluent-bit-config namespace: logging data: fluent-bit.conf: | [INPUT] Name tail Path /var/log/containers/*.log Tag edge.* Parser docker DB /var/log/flb_edge.db [OUTPUT] Name loki Match edge.* Host loki.example.com Port 3100九、边缘应用部署模式
9.1 边缘优先部署
apiVersion: apps/v1 kind: Deployment metadata: name: edge-first-app spec: strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 template: spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 preference: matchExpressions: - key: edge operator: In values: - "true"9.2 混合部署策略
apiVersion: apps/v1 kind: Deployment metadata: name: hybrid-app spec: replicas: 5 template: spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: tier operator: In values: - edge - cloud十、总结
Kubernetes边缘计算部署需要考虑:
- 边缘节点管理:使用K3s或KubeEdge部署轻量级Kubernetes
- 节点亲和性:确保应用部署到正确的边缘节点
- 本地存储:配置边缘节点本地存储
- 网络配置:隔离边缘网络,优化通信
- 安全策略:证书管理和访问控制
- 监控日志:收集边缘节点的监控数据和日志
- 部署策略:边缘优先或混合部署模式
建议根据边缘场景的特点选择合适的部署方案,实现低延迟、高可靠的边缘计算。
参考资料:
- K3s官方文档
- KubeEdge官方文档
- Kubernetes边缘计算指南