Shifu 是一个 Kubernetes 原生的 IoT 设施虚拟化框架。Shifu 心愿帮忙 IoT 利用开发者以即插即用的形式实现 IoT 设施的虚拟化、监督、管控和自动化。本文通过在本地集群中部署 Shifu,实现通过 MQTT、Http 等形式接入物联设施,体验了用容器开发的门路实现物联网利用开发。
- Shifu 官网:https://shifu.run/zh-Hans/
- Github 仓库:https://github.com/Edgenesis/…
背景
- K3s 是 SUSE 基于 Kubernetes 做的一款开源的轻量发行版。它能够在边缘端算力受限制的场景中运行,非常适合边缘端有 IoT 设施的场景。
- Shifu 作为 Kubernetes 原生的开源物联网开发框架,利用分布式的思维将每一个 IoT 设施进行结构性的虚拟化,并将他们的能力通过 Kubernetes 服务的形式凋谢给下层利用。
总体架构图
施行指南
须要:
软件:
硬件:
步骤:
1. 在服务器端部署 wireguard server
a. 利用一件脚本
https://github.com/angristan/…
b. 执行以下命令
curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
chmod +x wireguard-install.sh
./wireguard-install.sh c. 依照命令输出服务器的公网 IP,按需增加用户,以下为理论输入,请按需更改:
[email protected]:~# ./wireguard-install.sh
Welcome to the WireGuard installer!
The git repository is available at: https://github.com/angristan/wireguard-install
I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.
IPv4 or IPv6 public address: 192.168.0.1 # 这里批改为你的公网 IP, 能够通过 "curl ip.sb" 来获取
Public interface: ens5
WireGuard interface name: wg0
Server's WireGuard IPv4: 10.66.66.1 # wireguard 服务器接口的 IPv4 地址,如无需要,默认即可
Server's WireGuard IPv6: fd42:42:42::1 # wireguard 服务器接口的 IPv6 地址,如无需要,默认即可
Server's WireGuard port [1-65535]: 64191 # 这里批改为你的端口,开启端口后须要在主机的防火墙开始容许 UDP
First DNS resolver to use for the clients: 114.114.114.114
Second DNS resolver to use for the clients (optional): 119.29.29.29
Okay, that was all I needed. We are ready to setup your WireGuard server now.
.................................
这里输入省略
.................................
Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash and can't exceed 15 chars.
Client name: client1 # 装置结束提醒输出用户名子,自定义即可
Client's WireGuard IPv4: 10.66.66.2 # wireguard 客户端接口的 IPv4 地址,如无需要,默认即可
Client's WireGuard IPv6: fd42:42:42::2 # wireguard 客户端接口的 IPv6 地址,如无需要,默认即可
.................................
这里输入省略
.................................
It is also available in /home/ubuntu/wg0-client-client1.conf # 生成给 worker 节点的配置文件 d. 请将脚本最初生成的配置文件 /home/ubuntu/wg0-client-client1.conf 保留下来,之后会放到 worker 节点上
e. 脚本运行实现后接口增加结束, 能够通过 wg show all 来查看状态:
[email protected]:~# wg show all
interface: wg0
public key: adsdadhkaskdhadkjhs12312kl3j1l2o
private key: (hidden)
listening port: 64191
peer: adsdadhkaskdhadkjhs12312kl3j1l2odsada2
preshared key: (hidden)
allowed ips: 10.66.66.2/32, fd42:42:42::2/128f. 至此,服务器端配置结束,如果须要生成更多客户端只需再次执行 ./wireguard-install.sh 按需增加即可
2. 在服务器部署 K3s server
a. 实现步骤 1 后,咱们能够在服务器端部署 K3s,利用 wireguard 的接口,命令如下:
curl -sfL https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_TOKEN=token INSTALL_K3S_EXEC="--advertise-address=10.66.66.1 --flannel-iface=wg0" sh -b. 其中的配置项:
i. K3S_TOKEN=token
这里的 token 按需更换,然而 worker 节点退出的时候须要统一
ii. INSTALL_K3S_EXEC="--advertise-address=10.66.66.1 --flannel-iface=wg0"
这里咱们配置了两项:
a. --advertise-address=10.66.66.1
i. 以 wireguard 的接口来作为连贯的 IP,而不是服务器 IP
b. --flannel-iface=wg0
i. 通知 K3s 的 flannel 组件应用 wg0 接口
c. 执行胜利后的输入如下:
[INFO] Finding release for channel stable
[INFO] Using v1.24.4+k3s1 as release
[INFO] Downloading hash rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/v1.24.4-k3s1/sha256sum-arm64.txt
[INFO] Downloading binary rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/v1.24.4-k3s1/k3s-arm64
[INFO] Verifying binary download
[INFO] Installing k3s to /usr/local/bin/k3s
[INFO] Skipping installation of SELinux RPM
[INFO] Creating /usr/local/bin/kubectl symlink to k3s
[INFO] Creating /usr/local/bin/crictl symlink to k3s
[INFO] Creating /usr/local/bin/ctr symlink to k3s
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-agent-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s-agent.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s-agent.service
[INFO] systemd: Enabling k3s-agent unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s-agent.service → /etc/systemd/system/k3s-agent.service.
[INFO] systemd: Starting k3s-agent
[email protected]:~# d. 在服务器端能够通过 kubectl get nodes 验证是否退出胜利,显示节点 ready 即可
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
ip-172-31-37-138 Ready control-plane,master 24m v1.24.4+k3s1
k3s Ready <none> 2m52s v1.24.4+k3s15. 利用云边协同部署 Shifu
a. 克隆 Shifu
git clone https://gitee.com/edgenesis/shifu.giti. 批改 controller 外面的镜像(国内可能拉不下来 )
vim shifu/pkg/k8s/crd/install/shifu_install.yml
将 428 行改为:
image: bitnami/kube-rbac-proxy:latest
b. 装置 Shifu:
i. kubectl apply -f shifu/pkg/k8s/crd/install/shifu_install.yml
c. 将 k3s 的 worker 节点打上标记:
i. kubectl label nodes k3s type=worker
d. 尝试将 Pod 运行在指定节点上,比方一个 nginx Pod
kubectl run nginx --image=nginx -n deviceshifu --overrides='{"spec": {"nodeSelector": {"type":"worker"}}}'e. 再通过 kubectl get pods -n deviceshifu -owide,能够看到咱们胜利将 Pod 运行在了边缘节点 k3s 上
# kubectl get pods -n deviceshifu -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx 1/1 Running 0 42s 10.42.1.3 k3s <none> <none>本文由边无际受权公布