summaryrefslogtreecommitdiff
path: root/build/cloud
diff options
context:
space:
mode:
authorXujiejie <406347136@qq.com>2020-05-29 22:18:10 +0800
committerXujiejie <406347136@qq.com>2020-08-04 21:26:03 +0800
commit6c1cefe1582827028c7d27df81acb839e0a0747b (patch)
tree0115243de49ebd1b46e443a2a4447d645283d4bf /build/cloud
parentMerge pull request #1843 from daixiang0/dns (diff)
downloadkubeedge-6c1cefe1582827028c7d27df81acb839e0a0747b.tar.gz
add docs for CloudCore HA deployment
Diffstat (limited to 'build/cloud')
-rw-r--r--build/cloud/ha/01-ha-prepare.yaml768
-rw-r--r--build/cloud/ha/02-ha-configmap.yaml.example48
-rw-r--r--build/cloud/ha/03-ha-deployment.yaml.example (renamed from build/cloud/ha/ha-deployment.yaml)20
-rw-r--r--build/cloud/ha/README.md160
-rw-r--r--build/cloud/ha/ha-clusterrole.yaml23
5 files changed, 983 insertions, 36 deletions
diff --git a/build/cloud/ha/01-ha-prepare.yaml b/build/cloud/ha/01-ha-prepare.yaml
new file mode 100644
index 000000000..ccd3b3a6a
--- /dev/null
+++ b/build/cloud/ha/01-ha-prepare.yaml
@@ -0,0 +1,768 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: kubeedge
+ labels:
+ k8s-app: kubeedge
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ k8s-app: kubeedge
+ kubeedge: cloudcore
+ name: cloudcore
+ namespace: kubeedge
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cloudcore
+ labels:
+ k8s-app: kubeedge
+ kubeedge: cloudcore
+rules:
+ - apiGroups: [""]
+ resources: ["nodes", "nodes/status", "configmaps", "pods", "pods/status", "secrets", "endpoints", "services"]
+ verbs: ["get", "list", "watch", "create", "update"]
+ - apiGroups: [""]
+ resources: ["namespaces"]
+ verbs: ["get", "create"]
+ - apiGroups: [""]
+ resources: ["pods/status"]
+ verbs: ["patch"]
+ - apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["delete"]
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["get", "list", "watch", "create", "update"]
+ - apiGroups: ["devices.kubeedge.io"]
+ resources: ["devices", "devicemodels", "devices/status", "devicemodels/status"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+ - apiGroups: ["reliablesyncs.kubeedge.io"]
+ resources: ["objectsyncs", "clusterobjectsyncs", "objectsyncs/status", "clusterobjectsyncs/status"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cloudcore
+ labels:
+ k8s-app: kubeedge
+ kubeedge: cloudcore
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cloudcore
+subjects:
+ - kind: ServiceAccount
+ name: cloudcore
+ namespace: kubeedge
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ controller-tools.k8s.io: "1.0"
+ name: devices.devices.kubeedge.io
+spec:
+ group: devices.kubeedge.io
+ names:
+ kind: Device
+ plural: devices
+ scope: Namespaced
+ validation:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ deviceModelRef:
+ description: 'Required: DeviceModelRef is reference to the device model
+ used as a template to create the device instance.'
+ type: object
+ nodeSelector:
+ description: NodeSelector indicates the binding preferences between
+ devices and nodes. Refer to k8s.io/kubernetes/pkg/apis/core NodeSelector
+ for more details
+ type: object
+ protocol:
+ description: 'Required: The protocol configuration used to connect to
+ the device.'
+ properties:
+ bluetooth:
+ description: Protocol configuration for bluetooth
+ properties:
+ macAddress:
+ description: Unique identifier assigned to the device.
+ type: string
+ type: object
+ modbus:
+ description: Protocol configuration for modbus
+ properties:
+ slaveID:
+ description: Required. 0-255
+ format: int64
+ type: integer
+ minimum: 0
+ maximum: 255
+ required:
+ - slaveID
+ type: object
+ opcua:
+ description: Protocol configuration for opc-ua
+ properties:
+ certificate:
+ description: Certificate for access opc server.
+ type: string
+ password:
+ description: Password for access opc server.
+ type: string
+ privateKey:
+ description: PrivateKey for access opc server.
+ type: string
+ securityMode:
+ description: Defaults to "none".
+ type: string
+ securityPolicy:
+ description: Defaults to "none".
+ type: string
+ timeout:
+ description: Timeout seconds for the opc server connection.???
+ format: int64
+ type: integer
+ url:
+ description: 'Required: The URL for opc server endpoint.'
+ type: string
+ userName:
+ description: Username for access opc server.
+ type: string
+ required:
+ - url
+ type: object
+ common:
+ description: Common part of protocol configuration
+ properties:
+ com:
+ properties:
+ baudRate:
+ description: Required. BaudRate 115200|57600|38400|19200|9600|4800|2400|1800|1200|600|300|200|150|134|110|75|50
+ format: int64
+ type: integer
+ enum:
+ - 115200
+ - 57600
+ - 38400
+ - 19200
+ - 9600
+ - 4800
+ - 2400
+ - 1800
+ - 1200
+ - 600
+ - 300
+ - 200
+ - 150
+ - 134
+ - 110
+ - 75
+ - 50
+ dataBits:
+ description: Required. Valid values are 8, 7, 6, 5.
+ format: int64
+ type: integer
+ enum:
+ - 8
+ - 7
+ - 6
+ - 5
+ parity:
+ description: Required. Valid options are "none", "even",
+ "odd". Defaults to "none".
+ type: string
+ enum:
+ - none
+ - even
+ - odd
+ serialPort:
+ description: Required.
+ type: string
+ stopBits:
+ description: Required. Bit that stops 1|2
+ format: int64
+ type: integer
+ enum:
+ - 1
+ - 2
+ required:
+ - baudRate
+ - dataBits
+ - parity
+ - serialPort
+ - stopBits
+ type: object
+ tcp:
+ properties:
+ ip:
+ description: Required.
+ type: string
+ port:
+ description: Required.
+ format: int64
+ type: integer
+ required:
+ - ip
+ - port
+ type: object
+ commType:
+ description: Communication type, like tcp client, tcp server or COM
+ type: string
+ reconnTimeout:
+ description: Reconnection timeout
+ type: integer
+ reconnRetryTimes:
+ description: Reconnecting retry times
+ type: integer
+ collectTimeout:
+ description: 'Define timeout of mapper collect from device.'
+ format: int64
+ type: integer
+ collectRetryTimes:
+ description: 'Define retry times of mapper will collect from device.'
+ format: int64
+ type: integer
+ collectType:
+ description: 'Define collect type, sync or async.'
+ type: string
+ enum:
+ - sync
+ - async
+ customizedValues:
+ description: Customized values for provided protocol
+ type: object
+ type: object
+ customizedProtocol:
+ description: Protocol configuration for customized Protocol
+ properties:
+ protocolName:
+ description: The name of protocol
+ type: string
+ configData:
+ description: customized config data
+ type: object
+ required:
+ - protocolName
+ type: object
+ type: object
+ propertyVisitors:
+ description: 'Required: List of property visitors which describe how
+ to access the device properties. PropertyVisitors must unique by propertyVisitor.propertyName.'
+ items:
+ properties:
+ bluetooth:
+ description: Bluetooth represents a set of additional visitor
+ config fields of bluetooth protocol.
+ properties:
+ characteristicUUID:
+ description: 'Required: Unique ID of the corresponding operation'
+ type: string
+ dataConverter:
+ description: Responsible for converting the data being read
+ from the bluetooth device into a form that is understandable
+ by the platform
+ properties:
+ endIndex:
+ description: 'Required: Specifies the end index of incoming
+ byte stream to be considered to convert the data the
+ value specified should be inclusive for example if 3
+ is specified it includes the third index'
+ format: int64
+ type: integer
+ orderOfOperations:
+ description: Specifies in what order the operations(which
+ are required to be performed to convert incoming data
+ into understandable form) are performed
+ items:
+ properties:
+ operationType:
+ description: 'Required: Specifies the operation
+ to be performed to convert incoming data'
+ type: string
+ enum:
+ - Add
+ - Subtract
+ - Multiply
+ - Divide
+ operationValue:
+ description: 'Required: Specifies with what value
+ the operation is to be performed'
+ format: double
+ type: number
+ type: object
+ type: array
+ shiftLeft:
+ description: Refers to the number of bits to shift left,
+ if left-shift operation is necessary for conversion
+ format: int64
+ type: integer
+ shiftRight:
+ description: Refers to the number of bits to shift right,
+ if right-shift operation is necessary for conversion
+ format: int64
+ type: integer
+ startIndex:
+ description: 'Required: Specifies the start index of the
+ incoming byte stream to be considered to convert the
+ data. For example: start-index:2, end-index:3 concatenates
+ the value present at second and third index of the incoming
+ byte stream. If we want to reverse the order we can
+ give it as start-index:3, end-index:2'
+ format: int64
+ type: integer
+ required:
+ - endIndex
+ - startIndex
+ type: object
+ dataWrite:
+ description: 'Responsible for converting the data coming from
+ the platform into a form that is understood by the bluetooth
+ device For example: "ON":[1], "OFF":[0]'
+ type: object
+ required:
+ - characteristicUUID
+ type: object
+ modbus:
+ description: Modbus represents a set of additional visitor config
+ fields of modbus protocol.
+ properties:
+ isRegisterSwap:
+ description: Indicates whether the high and low register swapped.
+ Defaults to false.
+ type: boolean
+ isSwap:
+ description: Indicates whether the high and low byte swapped.
+ Defaults to false.
+ type: boolean
+ limit:
+ description: 'Required: Limit number of registers to read/write.'
+ format: int64
+ type: integer
+ offset:
+ description: 'Required: Offset indicates the starting register
+ number to read/write data.'
+ format: int64
+ type: integer
+ register:
+ description: 'Required: Type of register'
+ type: string
+ enum:
+ - CoilRegister
+ - DiscreteInputRegister
+ - InputRegister
+ - HoldingRegister
+ scale:
+ description: The scale to convert raw property data into final
+ units. Defaults to 1.0
+ format: double
+ type: number
+ required:
+ - limit
+ - offset
+ - register
+ type: object
+ opcua:
+ description: Opcua represents a set of additional visitor config
+ fields of opc-ua protocol.
+ properties:
+ browseName:
+ description: The name of opc-ua node
+ type: string
+ nodeID:
+ description: 'Required: The ID of opc-ua node, e.g. "ns=1,i=1005"'
+ type: string
+ required:
+ - nodeID
+ type: object
+ customizedProtocol:
+ description: customized protocol
+ properties:
+ protocolName:
+ description: The name of protocol
+ type: string
+ configData:
+ description: customized config data
+ type: object
+ required:
+ - protocolName
+ - configData
+ type: object
+ propertyName:
+ description: 'Required: The device property name to be accessed.
+ This should refer to one of the device properties defined in
+ the device model.'
+ type: string
+ reportCycle:
+ description: 'Define how frequent mapper will report the value.'
+ format: int64
+ type: integer
+ collectCycle:
+ description: 'Define how frequent mapper will collect from device.'
+ format: int64
+ type: integer
+ customizedValues:
+ description: Customized values for visitor of provided protocols
+ type: object
+ required:
+ - propertyName
+ type: object
+ type: array
+ data:
+ properties:
+ dataTopic:
+ description: 'Topic used by mapper, all data collected from dataProperties
+ should be published to this topic,
+ the default value is $ke/events/device/+/data/update'
+ type: string
+ dataProperties:
+ description: A list of data properties, which are not required to be processed by edgecore
+ items:
+ properties:
+ propertyName:
+ description: 'Required: The property name for which the desired/reported
+ values are specified. This property should be present in the
+ device model.'
+ type: string
+ metadata:
+ description: Additional metadata like filter policy, should be k-v format
+ type: object
+ required:
+ - propertyName
+ type: object
+ type: array
+ type: object
+ required:
+ - deviceModelRef
+ - nodeSelector
+ type: object
+ status:
+ properties:
+ twins:
+ description: A list of device twins containing desired/reported desired/reported
+ values of twin properties. A passive device won't have twin properties
+ and this list could be empty.
+ items:
+ properties:
+ desired:
+ description: 'Required: the desired property value.'
+ properties:
+ metadata:
+ description: Additional metadata like timestamp when the value
+ was reported etc.
+ type: object
+ value:
+ description: 'Required: The value for this property.'
+ type: string
+ required:
+ - value
+ type: object
+ propertyName:
+ description: 'Required: The property name for which the desired/reported
+ values are specified. This property should be present in the
+ device model.'
+ type: string
+ reported:
+ description: 'Required: the reported property value.'
+ properties:
+ metadata:
+ description: Additional metadata like timestamp when the value
+ was reported etc.
+ type: object
+ value:
+ description: 'Required: The value for this property.'
+ type: string
+ required:
+ - value
+ type: object
+ required:
+ - propertyName
+ type: object
+ type: array
+ type: object
+ version: v1alpha2
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: devicemodels.devices.kubeedge.io
+spec:
+ group: devices.kubeedge.io
+ names:
+ kind: DeviceModel
+ plural: devicemodels
+ scope: Namespaced
+ validation:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ properties:
+ description: 'Required: List of device properties.'
+ items:
+ properties:
+ description:
+ description: The device property description.
+ type: string
+ name:
+ description: 'Required: The device property name.'
+ type: string
+ type:
+ description: 'Required: PropertyType represents the type and data
+ validation of the property.'
+ properties:
+ int:
+ properties:
+ accessMode:
+ description: 'Required: Access mode of property, ReadWrite
+ or ReadOnly.'
+ type: string
+ enum:
+ - ReadOnly
+ - ReadWrite
+ defaultValue:
+ format: int64
+ type: integer
+ maximum:
+ format: int64
+ type: integer
+ minimum:
+ format: int64
+ type: integer
+ unit:
+ description: The unit of the property
+ type: string
+ required:
+ - accessMode
+ type: object
+ string:
+ properties:
+ accessMode:
+ description: 'Required: Access mode of property, ReadWrite
+ or ReadOnly.'
+ type: string
+ enum:
+ - ReadOnly
+ - ReadWrite
+ defaultValue:
+ type: string
+ required:
+ - accessMode
+ type: object
+ double:
+ properties:
+ accessMode:
+ description: 'Required: Access mode of property, ReadWrite
+ or ReadOnly.'
+ type: string
+ enum:
+ - ReadOnly
+ - ReadWrite
+ defaultValue:
+ format: double
+ type: number
+ maximum:
+ format: double
+ type: number
+ minimum:
+ format: double
+ type: number
+ unit:
+ description: The unit of the property
+ type: string
+ required:
+ - accessMode
+ type: object
+ float:
+ properties:
+ accessMode:
+ description: 'Required: Access mode of property, ReadWrite
+ or ReadOnly.'
+ type: string
+ enum:
+ - ReadOnly
+ - ReadWrite
+ defaultValue:
+ format: float
+ type: number
+ maximum:
+ format: float
+ type: number
+ minimum:
+ format: float
+ type: number
+ unit:
+ description: The unit of the property
+ type: string
+ required:
+ - accessMode
+ type: object
+ boolean:
+ properties:
+ accessMode:
+ description: 'Required: Access mode of property, ReadWrite
+ or ReadOnly.'
+ type: string
+ enum:
+ - ReadOnly
+ - ReadWrite
+ defaultValue:
+ type: boolean
+ required:
+ - accessMode
+ type: object
+ bytes:
+ properties:
+ accessMode:
+ description: 'Required: Access mode of property, ReadWrite
+ or ReadOnly.'
+ type: string
+ enum:
+ - ReadOnly
+ - ReadWrite
+ required:
+ - accessMode
+ type: object
+ type: object
+ required:
+ - name
+ - type
+ type: object
+ type: array
+ type: object
+ version: v1alpha2
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ controller-tools.k8s.io: "1.0"
+ name: clusterobjectsyncs.reliablesyncs.kubeedge.io
+spec:
+ group: reliablesyncs.kubeedge.io
+ names:
+ kind: ClusterObjectSync
+ plural: clusterobjectsyncs
+ scope: Cluster
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ objectType:
+ description: NodeSelector indicates the binding preferences between
+ devices and nodes. Refer to k8s.io/kubernetes/pkg/apis/core NodeSelector
+ for more details
+ type: string
+ objectName:
+ description: 'Required: The protocol configuration used to connect to
+ the device.'
+ type: string
+ status:
+ properties:
+ objectResourceVersion:
+ description: 'Required: DeviceModelRef is reference to the device model
+ used as a template to create the device instance.'
+ type: string
+ version: v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ controller-tools.k8s.io: "1.0"
+ name: objectsyncs.reliablesyncs.kubeedge.io
+spec:
+ group: reliablesyncs.kubeedge.io
+ names:
+ kind: ObjectSync
+ plural: objectsyncs
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ objectType:
+ description: NodeSelector indicates the binding preferences between
+ devices and nodes. Refer to k8s.io/kubernetes/pkg/apis/core NodeSelector
+ for more details
+ type: string
+ objectName:
+ description: 'Required: The protocol configuration used to connect to
+ the device.'
+ type: string
+ status:
+ properties:
+ objectResourceVersion:
+ description: 'Required: DeviceModelRef is reference to the device model
+ used as a template to create the device instance.'
+ type: string
+ version: v1alpha1 \ No newline at end of file
diff --git a/build/cloud/ha/02-ha-configmap.yaml.example b/build/cloud/ha/02-ha-configmap.yaml.example
new file mode 100644
index 000000000..d2d3652fc
--- /dev/null
+++ b/build/cloud/ha/02-ha-configmap.yaml.example
@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: cloudcore
+ namespace: kubeedge
+ labels:
+ k8s-app: kubeedge
+ kubeedge: cloudcore
+data:
+ cloudcore.yaml: |
+ apiVersion: cloudcore.config.kubeedge.io/v1alpha1
+ kind: CloudCore
+ kubeAPIConfig:
+ kubeConfig: ""
+ master: ""
+ leaderelection:
+ LeaderElect: true
+ LeaseDuration: 15s
+ RenewDeadline: 10s
+ ResourceLock: endpointsleases
+ ResourceName: cloudcorelease
+ ResourceNamespace: kubeedge
+ RetryPeriod: 2s
+ modules:
+ cloudHub:
+ advertiseAddress:
+ - YOUR CLOUDCORE VIP HERE !!!
+ nodeLimit: 10
+ tlsCAFile: /etc/kubeedge/ca/rootCA.crt
+ tlsCertFile: /etc/kubeedge/certs/server.crt
+ tlsPrivateKeyFile: /etc/kubeedge/certs/server.key
+ unixsocket:
+ address: unix:///var/lib/kubeedge/kubeedge.sock
+ enable: true
+ websocket:
+ address: 0.0.0.0
+ enable: true
+ port: 10000
+ cloudStream:
+ enable: false
+ streamPort: 10003
+ tlsStreamCAFile: /etc/kubeedge/ca/streamCA.crt
+ tlsStreamCertFile: /etc/kubeedge/certs/stream.crt
+ tlsStreamPrivateKeyFile: /etc/kubeedge/certs/stream.key
+ tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt
+ tlsTunnelCertFile: /etc/kubeedge/certs/server.crt
+ tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key
+ tunnelPort: 10004
diff --git a/build/cloud/ha/ha-deployment.yaml b/build/cloud/ha/03-ha-deployment.yaml.example
index 0ad458fa4..8fb33ca71 100644
--- a/build/cloud/ha/ha-deployment.yaml
+++ b/build/cloud/ha/03-ha-deployment.yaml.example
@@ -18,6 +18,8 @@ spec:
k8s-app: kubeedge
kubeedge: cloudcore
spec:
+ nodeSelector: # configure the nodeSelector here to directly schedule pods to specific nodes
+ [key]: [value]
hostNetwork: true
readinessGates:
- conditionType: "kubeedge.io/CloudCoreIsLeader"
@@ -39,12 +41,15 @@ spec:
topologyKey: kubernetes.io/hostname
containers:
- name: cloudcore
- image: kubeedge/cloudcore:v1.3.0
+ image: kubeedge/cloudcore:{tag}
imagePullPolicy: IfNotPresent
ports:
- containerPort: 10000
name: cloudhub
protocol: TCP
+ - containerPort: 10002
+ name: certAndReadyz
+ protocol: TCP
resources:
limits:
cpu: 200m
@@ -55,8 +60,6 @@ spec:
volumeMounts:
- name: conf
mountPath: /etc/kubeedge/config
- - name: certs
- mountPath: /etc/kubeedge
env:
- name: CLOUDCORE_POD_NAME
valueFrom:
@@ -73,13 +76,4 @@ spec:
- name: conf
configMap:
name: cloudcore
- - name: certs
- secret:
- secretName: cloudcore
- items:
- - key: edge.crt
- path: certs/edge.crt
- - key: edge.key
- path: certs/edge.key
- - key: rootCA.crt
- path: ca/rootCA.crt
+
diff --git a/build/cloud/ha/README.md b/build/cloud/ha/README.md
new file mode 100644
index 000000000..c422bd6f1
--- /dev/null
+++ b/build/cloud/ha/README.md
@@ -0,0 +1,160 @@
+# The HA of CloudCore(deployed in k8s cluster)
+
+**Note:**
+
+There are several ways to achieve the HA of cloudcore, for example, ingress, keepalived etc. Here we adopt the keepalived. The HA of cloudcore according to ingress will be achieved later.
+
+## Determine the virtual IP of CloudCore
+
+Determine a VIP that the CloudCore service exposed to the edge nodes. Here we recommend `keepalived` to do that. You had better directly schedule pods to specific number of nodes by `nodeSelector` when using `keepalived`. And you have to install `keepalived` in each of nodes where CloudCore runs. The configuration of `keepalived` is shown in the end. Here suppose the VIP is 10.10.102.242.
+
+The use of `nodeSelector` is as follow:
+
+```bash
+kubectl label nodes [nodename] [key]=[value] # label the nodes where the cloudcore will run
+```
+
+modify the term of `nodeselector`:
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: cloudcore
+spec:
+ template:
+ spec:
+ nodeSelector: # configure the nodeSelector here!
+ [key]: [value]
+```
+
+## Create k8s resources
+
+The manifests and scripts in `github.com/kubeedge/kubeedge/build/cloud/ha` will be used, so place these files to somewhere you can kubectl with (You have to make some modifications to manifests/scrips to suit your environment.)
+
+First, ensure your k8s cluster can pull cloudcore image. If the image not exist. We can make one, and push to your registry.
+
+```bash
+cd $GOPATH/src/github.com/kubeedge/kubeedge
+make cloudimage
+```
+
+We create k8s resources from the manifests in name order. Before creating, **check the content of each manifest to make sure it meets your environment.**
+
+**Note:** Now the follow manifests don't support `kubectl logs` command yet. If need, you have to make more configuration manually.
+
+### 02-ha-configmap.yaml
+
+Configure the VIP address of CloudCore which is exposed to the edge nodes in the `advertiseAddress`, which will be added to SANs in cert of CloudCore. For example:
+
+```yaml
+modules:
+ cloudHub:
+ advertiseAddress:
+ - 10.10.102.242
+```
+
+**Note:** If you want to reset the CloudCore, run this before creating k8s resources:
+
+```bash
+kubectl delete namespace kubeedge
+```
+
+Then create k8s resources:
+
+```shell
+cd build/cloud/ha
+for resource in $(ls *.yaml); do kubectl create -f $resource; done
+```
+
+## keepalived
+
+The `keepalived` configuration we recommend is as following. You can adjust it according to your needs.
+
+**keepalived.conf:**
+
+- master:
+
+```yaml
+! Configuration File for keepalived
+
+global_defs {
+ router_id lb01
+ vrrp_mcast_group4 224.0.0.19
+}
+# CloudCore
+vrrp_script CloudCore_check {
+ script "/etc/keepalived/check_cloudcore.sh" # the script for health check
+ interval 2
+ weight 2
+ fall 2
+ rise 2
+}
+vrrp_instance CloudCore {
+ state MASTER
+ interface eth0 # based on your host
+ virtual_router_id 167
+ priority 100
+ advert_int 1
+ authentication {
+ auth_type PASS
+ auth_pass 1111
+ }
+ virtual_ipaddress {
+ 10.10.102.242/24 # VIP
+ }
+ track_script {
+ CloudCore_check
+ }
+}
+```
+
+- backup:
+
+```yaml
+! Configuration File for keepalived
+
+global_defs {
+ router_id lb02
+ vrrp_mcast_group4 224.0.0.19
+}
+# CloudCore
+vrrp_script CloudCore_check {
+ script "/etc/keepalived/check_cloudcore.sh" # the script for health check
+ interval 2
+ weight 2
+ fall 2
+ rise 2
+}
+vrrp_instance CloudCore {
+ state BACKUP
+ interface eth0 # based on your host
+ virtual_router_id 167
+ priority 99
+ advert_int 1
+ authentication {
+ auth_type PASS
+ auth_pass 1111
+ }
+ virtual_ipaddress {
+ 10.10.102.242/24 # VIP
+ }
+ track_script {
+ CloudCore_check
+ }
+}
+```
+
+check_cloudcore.sh:
+
+```shell
+#!/usr/bin/env bash
+http_code=`curl -k -o /dev/null -s -w %{http_code} https://127.0.0.1:10002/readyz`
+if [ $http_code == 200 ]; then
+ exit 0
+else
+ exit 1
+fi
+
+```
+
diff --git a/build/cloud/ha/ha-clusterrole.yaml b/build/cloud/ha/ha-clusterrole.yaml
deleted file mode 100644
index 3a8e1ee2d..000000000
--- a/build/cloud/ha/ha-clusterrole.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: cloudcore
- labels:
- k8s-app: kubeedge
- kubeedge: cloudcore
-rules:
-- apiGroups: [""]
- resources: ["nodes", "nodes/status", "configmaps", "pods", "pods/status", "secrets", "endpoints", "services"]
- verbs: ["get", "list", "watch", "create", "update"]
-- apiGroups: [""]
- resources: ["pods"]
- verbs: ["delete", "patch"]
-- apiGroups: ["coordination.k8s.io"]
- resources: ["leases"]
- verbs: ["get", "list", "watch", "create", "update"]
-- apiGroups: ["devices.kubeedge.io"]
- resources: ["devices", "devicemodels", "devices/status", "devicemodels/status"]
- verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
-- apiGroups: ["reliablesyncs.kubeedge.io"]
- resources: ["objectsyncs", "clusterobjectsyncs", "objectsyncs/status", "clusterobjectsyncs/status"]
- verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
generated by cgit v1.2.3 (git 2.52.0) at 2026-01-17 05:11:26 +0000