Kubernetes边缘计算部署方案将K8s延伸到边缘节点一、边缘计算概述边缘计算是一种将计算资源部署在靠近数据源的网络边缘的架构模式。在Kubernetes中实现边缘计算可以实现更低的延迟和更高的可靠性。1.1 边缘计算场景场景说明需求IoT设备管理管理大量物联网设备低延迟、本地处理实时视频分析视频流实时处理高性能计算智能网关数据预处理和过滤数据压缩、协议转换CDN加速内容分发网络就近服务1.2 边缘架构云端Kubernetes集群 │ ▼ ┌─────────────────────┐ │ 中心控制器 │ └──────────┬──────────┘ │ ┌────────────────┼────────────────┐ │ │ │ ▼ ▼ ▼ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ 边缘节点A │ │ 边缘节点B │ │ 边缘节点C │ │ (工厂现场) │ │ (零售门店) │ │ (智能城市) │ └──────────────┘ └──────────────┘ └──────────────┘二、K3s边缘部署2.1 K3s安装# 在边缘节点安装K3s agent curl -sfL https://get.k3s.io | K3S_URLhttps://server-ip:6443 K3S_TOKENtoken sh - # 配置节点标签 kubectl label node edge-node-01 node-role.kubernetes.io/edge2.2 K3s配置优化apiVersion: v1 kind: ConfigMap metadata: name: k3s-agent-config namespace: kube-system data: config.yaml: | node-name: edge-node-01 server: https://server-ip:6443 token: token node-label: - edgeenabled - locationfactory三、KubeEdge部署3.1 KubeEdge安装# 安装cloud core keadm init --advertise-addresscloud-core-address # 在边缘节点安装edge core keadm join --cloudcore-ipportcloud-core-address:10000 --tokentoken3.2 EdgeCore配置apiVersion: v1 kind: ConfigMap metadata: name: edgecore-config namespace: kubeedge data: edgecore.yaml: | modules: edgeHub: server: wss://cloud-core:10000/e632ba82-1d82-41a7-9bc9-696d22765d85 token: token edgeMesh: enable: true metaManager: contextSendGroup: edge-node3.3 EdgePod配置apiVersion: apps/v1 kind: Deployment metadata: name: edge-app labels: app: edge-app spec: replicas: 1 selector: matchLabels: app: edge-app template: metadata: labels: app: edge-app annotations: nodeSelector: edge: enabled spec: nodeSelector: edge: enabled containers: - name: app image: edge-app:latest resources: limits: memory: 256Mi cpu: 500m四、边缘节点管理4.1 节点亲和性配置apiVersion: apps/v1 kind: Deployment metadata: name: edge-service spec: template: spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: edge operator: In values: - true - key: location operator: In values: - factory4.2 污点和容忍度apiVersion: v1 kind: Pod metadata: name: edge-pod spec: tolerations: - key: edge operator: Equal value: true effect: NoSchedule nodeSelector: edge: true五、边缘存储方案5.1 本地存储配置apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: local-storage provisioner: kubernetes.io/no-provisioner volumeBindingMode: WaitForFirstConsumer --- apiVersion: v1 kind: PersistentVolume metadata: name: local-pv spec: capacity: storage: 10Gi volumeMode: Filesystem accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Delete storageClassName: local-storage local: path: /mnt/local-storage nodeAffinity: required: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/hostname operator: In values: - edge-node-015.2 分布式缓存配置apiVersion: apps/v1 kind: StatefulSet metadata: name: edge-cache spec: serviceName: edge-cache replicas: 3 selector: matchLabels: app: edge-cache template: metadata: labels: app: edge-cache spec: nodeSelector: edge: enabled containers: - name: redis image: redis:latest ports: - containerPort: 6379 volumeMounts: - name: data mountPath: /data volumeClaimTemplates: - metadata: name: data spec: accessModes: [ReadWriteOnce] resources: requests: storage: 5Gi storageClassName: local-storage六、边缘网络配置6.1 网络隔离apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: edge-network-policy spec: podSelector: matchLabels: edge: enabled policyTypes: - Ingress - Egress ingress: - from: - ipBlock: cidr: 192.168.1.0/24 ports: - protocol: TCP port: 80806.2 服务发现apiVersion: v1 kind: Service metadata: name: edge-service spec: type: ClusterIP selector: app: edge-app ports: - port: 80 targetPort: 8080七、边缘安全策略7.1 证书管理apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: edge-cert spec: secretName: edge-tls issuerRef: name: edge-issuer kind: ClusterIssuer dnsNames: - edge.example.com7.2 访问控制apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: edge-role namespace: edge rules: - apiGroups: [] resources: [pods, services] verbs: [get, list, watch] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: edge-binding namespace: edge subjects: - kind: ServiceAccount name: edge-sa roleRef: kind: Role name: edge-role apiGroup: rbac.authorization.k8s.io八、边缘监控与日志8.1 监控配置apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: edge-monitor namespace: monitoring spec: selector: matchLabels: app: edge-exporter endpoints: - port: metrics interval: 30s scrapeTimeout: 10s8.2 日志收集apiVersion: v1 kind: ConfigMap metadata: name: fluent-bit-config namespace: logging data: fluent-bit.conf: | [INPUT] Name tail Path /var/log/containers/*.log Tag edge.* Parser docker DB /var/log/flb_edge.db [OUTPUT] Name loki Match edge.* Host loki.example.com Port 3100九、边缘应用部署模式9.1 边缘优先部署apiVersion: apps/v1 kind: Deployment metadata: name: edge-first-app spec: strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 template: spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 preference: matchExpressions: - key: edge operator: In values: - true9.2 混合部署策略apiVersion: apps/v1 kind: Deployment metadata: name: hybrid-app spec: replicas: 5 template: spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: tier operator: In values: - edge - cloud十、总结Kubernetes边缘计算部署需要考虑边缘节点管理使用K3s或KubeEdge部署轻量级Kubernetes节点亲和性确保应用部署到正确的边缘节点本地存储配置边缘节点本地存储网络配置隔离边缘网络优化通信安全策略证书管理和访问控制监控日志收集边缘节点的监控数据和日志部署策略边缘优先或混合部署模式建议根据边缘场景的特点选择合适的部署方案实现低延迟、高可靠的边缘计算。参考资料K3s官方文档KubeEdge官方文档Kubernetes边缘计算指南