jmhbnz/kubernetes-edge-demo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added initial demo walkthrough.

Browse Source
This commit is contained in:
James Blair
2022-11-09 08:45:07 +13:00
parent 532dcabd6b
commit fe0d9deab6
1 changed files with 73 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
README.org
View File

@ -1,3 +1,74 @@
# kubernetes-edge-demo
#+TITLE: Pinephone kubernetes edge deployment
#+AUTHOR: James Blair <mail@jamesblair.net>
#+DATE: 9th November 2022
A hands on demo of deploying kubernetes to a pinephone edge device.
This repository is intended to guide you through the process of deploying [[https://kubernetes.io/][kubernetes]] on an edge device, specifically an original [[https://www.pine64.org/pinephone/][pinephone]].
I used this guide to run a live demo at the [[https://community.cncf.io/events/details/cncf-wellington-presents-cloud-native-computing-wellington-november-2022-meetup/][November 2022 Wellington CNCF Meetup]] as part of a talk titled "A hitchhikers guide to edge kubernetes."
* Pre-requisites
This guide assumes you have the following:
- A pinephone running [[https://mobian-project.org/][mobian]] that has internet connectivity.
- A domain with authoritative dns managed by cloudflare.
* Remote access to edge device
Our first challenge will be how we will setup secure remote access to an edge device. When we are dealing with edge devices traditional network concepts like static ip's, port forwarding and firewalls can go out the window as these devices are often operating on networks that we don't have any control over.
In our example we have a pinephone that is currently on a 4G cellular connection. We need to establish a secure tunnel connection to the device, in our case we will use [[https://www.cloudflare.com/products/tunnel/][cloudflare tunnel]] as it is very quick to setup however there are a lot of solutions in this space including options you can self host like [[https://goteleport.com/][teleport]].
Let's start by installing and configuriong ~openssh-server~ on our device:
#+Setup openssh-server
#+begin_src tmate
# Install openssh-server
sudo apt install -y openssh-server
# Configure openssh-server auth to be key based
sudo sed -i -e 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
# Add my key to authorized keys
mkdir ~/.ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsYhu2xE5cxq+sA7bNyHjZUk9IHKXHsd58ZCFLfCHbK5nnWLgJwxFnF1NzBylyOJviJ2v54VYQoXvsWLTbehlyH/kqJS8icmo0iu2mUFcp09n/3NcGw2BJefwMbK+mofxBBR78RRNI8DG3yk7Apa19BrLpFWaL/VljGidgR61WhPH7FbXjTh5NuQR494LG3yBRn16yIPNN+xZhf0TW7uoVCiSr77kFELgrTqjpPyoYiYLZZdKqJZ7PDgOEcLq5oDEZfYME8sGRPyufGByH7tnK9fgFaZ9wW747wTNN2naUIhCNzJLxKgr8fMMRBXuqeUjk+5/EzxGFXjxE+4a+dhD51OO5mSN1ctG/061HIQjJwZ2Zk6CACypBEv6nLVREaMqKQtcEPPooZ2SK4SdiMtwC8XLCZ6wRQDVskMentI1uy3bbCwV9AG0auiLA3sfbyKI8093p5NLsLEiR+BScu4/tLx7kzPetl89QOKzTI60GXzBaSnBXhAtQTijZZFrOGbQ1NQ1deWb6pT8foOPOs3P2F0a4Y/nY/xlomBuNqTI48Vi8MZJjhTvAe8BF+Y7C8HlSaCZeH1DrnymkbLhpXvVH7Tuir/DLOyhrwnXqNuxpMyWsfy5UrTfe67GP2+jzriFxteTMbvZjmgbF2UDMYs5U59NaYPdAYxjwdzH5nHoIWw== james@james-desktop" >> ~/.ssh/authorized_keys
# Start and enable ssh daemon
sudo systemctl enable --now sshd.service
#+end_src
Once we have ssh running we are ready to set up our cloudflare access tunnel. The first step here is to install the ~cloudflared~ daemon on our device:
#+NAME: Install cloudflared
#+begin_src tmate
# Download latest cloudflared release
curl -L --output cloudflared.deb "https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb"
# Install cloudflared via dpkg
sudo dpkg -i cloudflared.deb
#+end_src
Once ~cloudflared~ is installed we need to set up a tunnel in the [[https://one.dash.cloudflare.com][cloudflare zero trust dashboard]]. Once a tunnel has been created we will have a token that can be used with the following command to establish our secure tunnel:
#+NAME: Start cloudflare tunnel service
#+begin_src tmate
sudo cloudflared service install "<token>"
#+end_src
Wohoo - we now have secure access to our device, from anywhere, provided our device has any active internet connection 🎉
* Install kubernetes
Now that we have secure connectivity to our edge device, let's install kubernetes. For our demo today we need a lightweight kubernetes distribution because our device has an old CPU with four slow 1.2Ghz cores and 3GB of low power DDR3 ram.
With these constraints in mind we will be deploying ~k3s~ today which is a [[https://www.cncf.io/projects/k3s/][sandbox cncf project]].
#+NAME: Install k3s without traefik
#+begin_src tmate
curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable traefik" sh -s -
#+end_src
* Deploy a workload