jmhbnz/kubernetes-edge-demo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5 Commits 1 Branch 0 Tags
def344df8c34b53c356f4d5518b80574ead0567d
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.org

Pinephone kubernetes edge deployment

This repository is intended to guide you through the process of deploying kubernetes on an edge device, specifically an original pinephone.

I used this guide to run a live demo at the November 2022 Wellington CNCF Meetup as part of a talk titled "A hitchhikers guide to edge kubernetes."

Pre-requisites

This guide assumes you have the following:

  • A pinephone running mobian that has internet connectivity.
  • A domain with authoritative dns managed by cloudflare.

Remote access to edge device

Our first challenge will be how we will setup secure remote access to an edge device. When we are dealing with edge devices traditional network concepts like static ip's, port forwarding and firewalls can go out the window as these devices are often operating on networks that we don't have any control over.

In our example we have a pinephone that is currently on a 4G cellular connection. We need to establish a secure tunnel connection to the device, in our case we will use cloudflare tunnel as it is very quick to setup however there are a lot of solutions in this space including options you can self host like teleport.

Let's start by installing and configuriong openssh-server on our device:

#+Setup openssh-server

# Install openssh-server
sudo apt install -y openssh-server

# Configure openssh-server auth to be key based
sudo sed -i -e 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config

# Add my key to authorized keys
mkdir ~/.ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsYhu2xE5cxq+sA7bNyHjZUk9IHKXHsd58ZCFLfCHbK5nnWLgJwxFnF1NzBylyOJviJ2v54VYQoXvsWLTbehlyH/kqJS8icmo0iu2mUFcp09n/3NcGw2BJefwMbK+mofxBBR78RRNI8DG3yk7Apa19BrLpFWaL/VljGidgR61WhPH7FbXjTh5NuQR494LG3yBRn16yIPNN+xZhf0TW7uoVCiSr77kFELgrTqjpPyoYiYLZZdKqJZ7PDgOEcLq5oDEZfYME8sGRPyufGByH7tnK9fgFaZ9wW747wTNN2naUIhCNzJLxKgr8fMMRBXuqeUjk+5/EzxGFXjxE+4a+dhD51OO5mSN1ctG/061HIQjJwZ2Zk6CACypBEv6nLVREaMqKQtcEPPooZ2SK4SdiMtwC8XLCZ6wRQDVskMentI1uy3bbCwV9AG0auiLA3sfbyKI8093p5NLsLEiR+BScu4/tLx7kzPetl89QOKzTI60GXzBaSnBXhAtQTijZZFrOGbQ1NQ1deWb6pT8foOPOs3P2F0a4Y/nY/xlomBuNqTI48Vi8MZJjhTvAe8BF+Y7C8HlSaCZeH1DrnymkbLhpXvVH7Tuir/DLOyhrwnXqNuxpMyWsfy5UrTfe67GP2+jzriFxteTMbvZjmgbF2UDMYs5U59NaYPdAYxjwdzH5nHoIWw== james@james-desktop" >> ~/.ssh/authorized_keys

# Start and enable ssh daemon
sudo systemctl enable --now sshd.service

Once we have ssh running we are ready to set up our cloudflare access tunnel. The first step here is to install the cloudflared daemon on our device:

# Download latest cloudflared release
curl -L --output cloudflared.deb "https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb"

# Install cloudflared via dpkg
sudo dpkg -i cloudflared.deb

Once cloudflared is installed we need to set up a tunnel in the cloudflare zero trust dashboard. Once a tunnel has been created we will have a token that can be used with the following command to establish our secure tunnel:

sudo cloudflared service install "<token>"

Wohoo - we now have secure access to our device, from anywhere, provided our device has any active internet connection 🎉

Install kubernetes

Now that we have secure connectivity to our edge device, let's install kubernetes. For our demo today we need a lightweight kubernetes distribution because our device has an old CPU with four slow 1.2Ghz cores and 3GB of low power DDR3 ram.

With these constraints in mind we will be deploying k3s today which is a sandbox cncf project.

curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable traefik" sh -s -

Deploy a workload

Description
A hands on demo of deploying kubernetes to a pinephone edge device.
Readme 284 KiB
Languages
Shell 100%