fabedge / fabedge Goto Github PK
View Code? Open in Web Editor NEWSecure Edge Networking Solution Based On Kubernetes
Home Page: http://www.fabedge.io/
License: Apache License 2.0
Secure Edge Networking Solution Based On Kubernetes
Home Page: http://www.fabedge.io/
License: Apache License 2.0
Is your feature request related to a problem? Please describe.
After nodes are added into a community, they will try to establish tunnels with internal ip addresses. In the cases they belong to different cloud provides, it does not work anymore. We need to tell them use public ip instead of internal ip.
I follw the guide here to install fabedge upon openyurt.
After installed fabedge seems work fine.
[root@k8s-node1 ~]# kubectl get no
NAME STATUS ROLES AGE VERSION
centos72-k8s Ready <none> 5d v1.20.9
k8s-node1 Ready connector,control-plane,master 22d v1.20.9
k8s-node2 Ready <none> 22d v1.20.9
openyurt-edge2 Ready <none> 15d v1.20.9
[root@k8s-node1 ~]# kubectl get po -n fabedge
NAME READY STATUS RESTARTS AGE
cert-m5rb4 0/1 Completed 0 41m
connector-68dbbdf547-dp8sq 2/2 Running 0 41m
fabedge-agent-k8s-node2 2/2 Running 0 41m
fabedge-agent-openyurt-edge2 2/2 Running 0 41m
fabedge-operator-6544c47c56-k7htx 1/1 Running 0 41m
[root@k8s-node1 ~]# kubectl get po -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-5897cd56c4-8pb5p 1/1 Running 0 22d
coredns-5897cd56c4-tvm4n 1/1 Running 0 22d
etcd-k8s-node1 1/1 Running 5 22d
kube-apiserver-k8s-node1 1/1 Running 9 22d
kube-controller-manager-k8s-node1 1/1 Running 6 19d
kube-flannel-ds-2mh9n 1/1 Running 0 16m
kube-proxy-fgs6k 1/1 Running 3 15d
kube-proxy-h2lfs 1/1 Running 5 22d
kube-proxy-rzfc2 1/1 Running 0 22d
kube-proxy-vvt7n 1/1 Running 5 5d
kube-scheduler-k8s-node1 1/1 Running 8 22d
yurt-app-manager-7864899795-2fhmh 1/1 Running 1 15d
yurt-app-manager-7864899795-4djvj 1/1 Running 1 15d
yurt-controller-manager-77b97fd47b-ctj42 1/1 Running 6 19d
yurt-hub-k8s-node1 1/1 Running 4 19d
yurt-hub-k8s-node2 1/1 Running 0 19d
yurt-hub-openyurt-edge2 1/1 Running 3 15d
yurt-tunnel-agent-knm57 1/1 Running 0 18d
yurt-tunnel-agent-x5r4z 1/1 Running 3 15d
yurt-tunnel-server-69cb47d8fc-766lh 1/1 Running 7 18d
yurtctl-servant-convert-k8s-node1-cdl22 0/1 Completed 1 19d
yurtctl-servant-convert-k8s-node2-5kp42 0/1 Completed 1 19d
Then i deploy a pod on cloud master and openyurt edge using nginx image to experience fabedge cloud-egde communication feature, but after i enter pod use commandkubecl exec -it
and use curl <edge nginx pod ip>
to get response, but just timeout. edge-cloud communication the same.
[root@k8s-node1 ~]# kubectl get pod -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
test-k8s-node1-pod 1/1 Running 0 33m 192.168.0.13 k8s-node1 <none> <none>
test-k8s-node2-pod 1/1 Running 0 33m 192.168.1.3 k8s-node2 <none> <none>
test-openyurt-edge2-pod 1/1 Running 0 32m 192.168.3.12 openyurt-edge2 <none> <none>
[root@k8s-node1 ~]# kubectl exec -it test-k8s-node1-pod -n dev -- /bin/sh
# curl 192.168.3.12
curl: (7) Failed to connect to 192.168.3.12 port 80: Connection timed out
What's the matter?
This is the list of all bullet points from the CNCF onboarding issue that this issue will track:
In the install.md , root@node1:~# git clone https://github.com/fabedge/fabeedge.git
the link of the fabedge is wrong
Hello fabedge community!
In preparation for this year's Cloud Native Security Slam, we've completed a survey of CNCF end users across multiple industries, including Construction, Cybersecurity, Aerospace & Defense, Game Development & Consumer Services, Consulting, and Nuclear.
Through this survey, end users have identified their interest in seeing security improvements to the projects they use. We've asked them to share which Security Slam goals are most interesting to them— and we've compiled the results in a hope that this will help your prioritization during the upcoming event.
While some users have not authorized us to share their name, we've still included their responses in our calculation for you. We CAN tell you that the fabedge responses included Epic Games.
After calculating the responses according to the interest-weight, we've found these to be the most interesting things that fabedge end users would like to see, from the five possible Security Slam badges.
More information will be announced in the event kickoff webinar on October 10th, including how to register for cash & swag prizes, details about how success is measured, and resources to help achieve each of the badge goals.
If you can't make it to the webinar, a recording will be made available within 24hrs. It will be sent out to the community newsletter with any essential details you may have missed.
Join the community & sign up for the webinar here: https://community.cncf.io/cloud-native-security-slam/
Ensure that security documentation has properly formatted data relating to software supply chain security decisions, including instructions for end users seeking to validate provenance artifacts.
Ensure that a security self-assessment has been completed according to TAG-Security documented standards.
Bring all CLOMonitor non-security scores to 100% for the project, indirectly increasing overall supply chain security (Best Practices, Documentation, License, Legal).
Ensure each project repo is accounted for within CLOMonitor; Ensure proper check set is assigned to each project repo; Bring security score to 100% for the project (This statistically decreases the future likelihood of vulnerabilities).
Ensure that every release has an automated mechanism to supply SBOM and provenance artifacts.
This is the list of all bullet points from the CNCF onboarding issue that this issue will track:
Describe the bug
pod can not access the service backed by itself.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
pod should be able to access any service
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
According to the https://github.com/FabEdge/fabedge/blob/main/docs/roadmap.md, what features have support now? 1. the communication between edge pods 2. the communication between edge node and cloud node
This is the list of all bullet points from the CNCF onboarding issue that this issue will track:
按照https://github.com/FabEdge/fabedge/blob/main/docs/install_k8s.md 文档第二部添加k8s边缘节点时候出错 add-edge-node.sh ,debug了一下,应该是找不到tokensecret
[root@ubuntu ansible]# kubectl get secret -nkubeedge tokensecret
Error from server (NotFound): secrets "tokensecret" not found
[root@ubuntu ansible]#
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
What kubeedge feature does fabedge depend on, such as Autonomic Kube-API Endpoint for list-watch, kubectl exec on the edge or others?
This is the list of all bullet points from the CNCF onboarding issue that this issue will track:
请问是否支持在标准K8S集群下部署使用?
集群是由边缘节点和云端节点组成的普通K8S集群,想实现云边通信的能力。
Our team has recently identified a potential security risk in the fabedge project. We would like to report it to you and provide you with the relevant details so that you can fix and improve it accordingly, we have sent the specific details to your private email [email protected] and look forward to hearing from you!
This is the list of all bullet points from the CNCF onboarding issue that this issue will track:
As part of our ongoing effort to cncf/techdocs#198, we noticed that the website does not pass the trademark criteria on CLOMonitor.
To fix this:
Head to the source code of the website. In the <footer>
section, add a disclaimer or link to the Linux foundation trademark disclaimer page:
Disclaimer
<footer>
<p>The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation,
please see our <a href="https://www.linuxfoundation.org/legal/trademark-usage">Trademark Usage page</a>.
</p>
</footer>
Link
<footer>
<ul>
<li><a href="https://www.linuxfoundation.org/legal/trademark-usage">Trademarks</a></li>
</ul>
</footer>
Describe the bug
There is still flannel cni remaining on edge when fabedge take effects.
To Reproduce
Steps to reproduce the behavior:
$ ip r
...
192.168.1.0/24 dev cni0 proto kernel scope link src 192.168.1.1
192.168.1.0/24 dev br-fabedge proto kernel scope link src 192.168.1.1
and env-prepares scripts output below:
+ find /etc/cni/net.d/ -type f -not -name fabedge.conf -exec rm '{}' ';'
+ cp -f /usr/local/bin/bridge /usr/local/bin/host-local /usr/local/bin/loopback /opt/cni/bin
+ ip link delete cni0
ip: can't find device 'cni0'
+ ip link delete flannel.1
ip: can't find device 'flannel.1'
+ ip route
+ grep flannel
+ read dst via gw others
+ iptables -t nat -F POSTROUTING
+ exit 0
Environments
Centos 7.8
Expected behavior
No flannel cni remains on edge when fabedge takes over edge network.
This is the list of all bullet points from the CNCF onboarding issue that this issue will track:
This is the list of all bullet points from the CNCF onboarding issue that this issue will track:
Describe the bug
When using fabedge on superedge, there is a problem when pod accessing its service.
To Reproduce
Steps to reproduce the behavior:
apiVersion: apps/v1
kind: Deployment
metadata:
name: echo-service
spec:
replicas: 2
selector:
matchLabels:
app: echo
template:
metadata:
labels:
app: echo
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- echo
topologyKey: "kubernetes.io/hostname"
containers:
- image: superedge/echoserver:2.2
name: echo
ports:
- containerPort: 8080
protocol: TCP
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
resources: {}
---
apiVersion: v1
kind: Service
metadata:
name: echo-service
namespace: default
spec:
selector:
app: echo
ports:
- protocol: TCP
port: 80
targetPort: 8080
Expected behavior
Pod normally access its service.
This is the list of all bullet points from the CNCF onboarding issue that this issue will track:
Sandbox projects are subject to an annual review by the TOC. This is intended to be a lightweight process to ensure that projects are on track, and getting the support they need.
CLOMonitor has detected that the annual review for this project has not been filed yet. CLOMonitor relies on the information in the annual_review_url
and annual_review_date
fields in the CNCF Landscape configuration file for this check. If your annual review has already been presented, please make sure this information has been correctly added.
For more information about how to file your annual review please see the Sandbox annual review documentation.
This is the list of all bullet points from the CNCF onboarding issue that this issue will track:
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
This is the list of all bullet points from the CNCF onboarding issue that this issue will track:
This is the list of all bullet points from the CNCF onboarding issue that this issue will track:
FabEdge welcomes all to complete Sandbox onboarding through the community.
Please see cncf/toc#798 for more information!
As an open source community, we must come together to complete all the required elements for FabEdge to become a full-fledged Sandbox project.
We welcome all to participate in this work, and to better accomplish our goals, I suggest you follow following points.
Open an issue in fabEdge, describing which parts of the CNCF onboarding effort the issue will track. There are dedicated issue template and label for that, please follow them.
Considering that our community is based on Chinese, so, I am working on the process of translating the relevant documents into Chinese and will upload them to the relevant files in FabEdge Community for your understanding when they are completed. We welcome more people to participate, as well as we thank you for pointing out our mistakes.
Once the issue is closed, we will update the CNCF issue itself.
I'm sorry, FabEdge has actually been in the sandbox for a while, but my partner and I have been delayed by some other work.
Also, I would like to thank confidential-containers, a sandbox project, for being a reference for our sandbox processes. We are new to sandbox and in many cases, we don't know how to operate it, and their process is a good example for us.
Thank you for your contribution and help!
This is the list of all bullet points from the [CNCF onboarding issue](cncf/toc#798) that this issue will track:
This is the list of all bullet points from the CNCF onboarding issue that this issue will track:
This is the list of all bullet points from the CNCF onboarding issue that this issue will track:
Describe the bug
cloud nodes except connector cannot visit pods in edge nodes
environment
amd64处理器
centos7虚拟机环境
软件版本如截图所示:
安装步骤:
安装好kubeedge之后
patch掉边端的kube-proxy
执行quickstart.sh脚本
然后建立节点之间的community
错误场景
在边缘节点worker01搭建了一个nginx服务。
worker01和worker02以及connector节点都能通过pod的ip地址访问nginx服务,master节点和其他节点无法访问这个nginx服务
I follow the guide here, and then i try to install fabedge use helm, but i got error message below.
[root@k8s-node1 ~]# helm install fabedge --create-namespace -n fabedge -f values.yaml http://116.62.127.76/fabedge-0.3.0.tgz
W1130 11:41:51.051053 23950 warnings.go:70] apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
Error: failed pre-install: timed out waiting for the condition
Is there someone take a look for me?
I want to know that does fabedge respect podCIDR which allocated to every node by rangeAllocator in kube-controller-manager or fabedge will generate a know one?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.