Merge pull request #660 from WillardHu/config-ipv6

CloudHub-EdgeHub Supports IPv6

Author: kubeedge-bot

docs/advanced/support_ipv6.md

@@ -0,0 +1,150 @@
+---
+title: CloudHub-EdgeHub Supports IPv6
+sidebar_position: 8
+---
+
+## Abstract
+
+With the surge of Internet of Things (IoT) devices and the increasing demand for real-time data processing, edge computing has emerged as a vital computing paradigm. Edge computing brings data processing and storage capabilities closer to the data sources and users by decentralizing them to the network's edge, effectively reducing latency and enhancing network performance. However, the traditional IPv4 protocol has many limitations in terms of address space, routing efficiency, and security, which cannot meet the growing needs of edge computing. IPv6, as the next-generation Internet protocol, offers vast address space, efficient routing mechanisms, and robust security, making it an ideal choice for edge computing.
+
+
+## Getting Started
+
+### Cloud configuration
+
+When EdgeCore uses the K8s native service to access CloudCore (Ingress or NodePort), the K8s cluster network needs to enable the IPv4/IPv6 dual-stack.
+
+:::note
+If CloudCore uses hostNetwork mode to expose service, the K8s cluster does not need to enable dual-stack networking, and EdgeCore can access CloudCore through the IPv6 address + port of the node where CloudCore is located.
+:::
+
+
+#### Check IPv6 is enabled on the node
+
+First, you need to make sure that IPv6 is enabled on the node. Use the command `ip -6 route show` to view IPv6 routing. If there is output, it means that it is supported. Otherwise, you need to configure /etc/sysctl.conf to modify kernel parameters and set the network card configuration to enable IPv6 according to the operating system type.
+
+
+#### Enable IPv4/IPv6 dual-stack on K8s cluster
+
+Configure the CIDR of K8s components and network plugin. Normally, kube-apiserver and kube-controller-manager are maintained by static container in the control node, static container YAMLs are in the /etc/kubernetes/manifests directory. kube-proxy and network plugin are maintained by DaemonSet. Kubelet is maintained by Systemd in each node.
+
+- kube-apiserver: Configure the command args
+  - `--server-cluster-ip-range=<IPv4 CIDR>,<IPv6 CIDR>`
+- kube-controller-manager: Configure the command args
+  - `--cluster-cidr=<IPv4 CIDR>,<IPv6 CIDR>`
+  - `--service-cluster-ip-range=<IPv4 CIDR>,<IPv6 CIDR>`
+  - `--node-cidr-mask-size-ipv4 | --node-cidr-mask-size-ipv6` defaults to /24 for IPv4 and /64 for IPv6
+- kube-proxy: Configure the ConfigMap and restart the DaemonSet
+  - `kubectl -n kube-system edit configmaps kube-proxy`, edit the property `clusterCIDR: <IPv4 CIDR>,<IPv6 CIDR>`
+  - Restart the kube-proxy (if it does not work, delete the Pod)
+    ```bash
+    kubectl -n kube-system rollout restart daemonsets kube-proxy
+    ```
+- kubelet: Configure the command args
+  - `--node-ip=<IPv4 IP>,<IPv6 IP>`
+- Network plugin Calico (other plugins can refer to relevant documents to modify the configuration)
+  - Edit the ConfigMap of Calico
+    ```bash
+    kubectl -n kube-system edit configmap calico-config
+    ```
+    Edit the ipam property
+    ```json
+    "ipam": {
+        "type": "calico-ipam",
+        "assign_ipv4": true,
+        "assign_ipv6": true
+    }
+    ```
+  - Edit the DaemonSet environments of Calico
+    ```bash
+    kubectl -n kube-system set env daemonset/calico-node IP6=autodetect
+    kubectl -n kube-system set env daemonset/calico-node FELIX_IPV6SUPPORT="true"
+    kubectl -n kube-system set env daemonset/calico-node CALICO_IPV6POOL_NAT_OUTGOING="true"
+    kubectl -n kube-system set env daemonset/calico-node CALICO_IPV4POOL_CIDR="<IPv4 CIDR>"
+    kubectl -n kube-system set env daemonset/calico-node CALICO_IPV6POOL_CIDR="<IPv6 CIDR>"
+    kubectl -n kube-system set env daemonset/calico-node IP_AUTODETECTION_METHOD="interface=<Name>"
+    kubectl -n kube-system set env daemonset/calico-node IP6_AUTODETECTION_METHOD="interface=<Name>"
+    ```
+
+
+#### Edit the Service of CloudCore
+
+```bash
+kubectl -n kubeedge edit svc cloudcore
+```
+
+Edit ipFamilies and ipFamilyPolicy properties in YAML.
+```yaml
+kind: Service
+apiVersion: v1
+metadata:
+  name: cloudcore
+  namespace: kubeedge
+  ...
+spec:
+  ...
+  ipFamilies:
+    - IPv4
+    - IPv6
+  ipFamilyPolicy: PreferDualStack
+```
+
+Call the https service of CloudCore to verify whether the configuration is successful.
+```bash
+curl -gk6 "https://[<node_ipv6_address>]:<cloudhub-https-port>/ca.crt"
+```
+
+#### Regenerate the KubeEdge certificate (Optional)
+
+If K8s supports IPv6 before installing KubeEdge, skip this step. 
+
+Edit the ConfigMap of CloudCore.
+```bash
+kubectl -n kubeedge edit configmaps cloudcore
+```
+
+Edit the advertiseAddress property to add IPv6 IP.
+```yaml
+modules:
+  cloudHub:
+    advertiseAddress:
+    - <IPv4 IP>
+    - <IPv6 IP>
+```
+
+Delete the old secrets.
+```bash
+kubectl -n kubeedge delete secrets tokensecret casecret cloudcoresecret
+```
+
+Restart CloudCore (if it does not work, delete the Pod).
+```bash
+kubectl -n kubeedge rollout restart deployments/cloudcore
+```
+
+
+### Join the edge node with IPv6
+
+Directly use the IPv6 address to join the edge node, the IPv6 address needs to be defined in `[]`.
+```bash
+keadm join --cloudcore-ipport=[<IPv6 IP>]:<Port> --token=...
+```
+
+Normally, the edge node will only report the IPv4 address to the cloud. If you need to report the IPv6 address, you can modify the configuration file /etc/kubeedge/config/edgecore.yaml and add the nodeIP under the edged property to specify the reported address.
+```yaml
+modules:
+  edged:
+    nodeIP: <Node IPv4 IP>,<Node IPv6 IP>
+```
+
+After configuration, the node will report two IP addresses and show them in the status.
+```yaml
+status:
+  addresses:
+    - type: InternalIP
+      address: <IPv4 IP>
+    - type: InternalIP
+      address: <IPv6 IP>
+```
+
+Finally, use `kubectl get node` command on the cloud to check whether the edge node is ready.

i18n/zh/docusaurus-plugin-content-docs/current/advanced/support_ipv6.md

@@ -0,0 +1,149 @@
+---
+title: CloudHub-EdgeHub 支持 IPv6
+sidebar_position: 8
+---
+
+## 概要
+
+随着物联网设备的激增和对实时数据处理需求的不断增长，边缘计算逐渐成为一种重要的计算模式。边缘计算通过将数据处理和存储功能下沉到网络边缘，靠近数据源和用户，有效降低了延迟，提高了网络性能。然而，传统的IPv4协议在地址空间、路由效率和安全性等方面存在诸多局限，无法满足边缘计算日益增长的需求。IPv6作为下一代互联网协议，凭借其广阔的空间、高效的路由机制和强大的安全性，成为边缘计算的理想选择。
+
+
+## 操作方式
+
+### 云端配置
+
+当 EdgeCore 使用 K8s 原生服务能力访问 CloudCore（Ingress 或者 NodePort），则云端 K8s 集群网络需要开启 IPv4/IPv6 双协议栈。
+
+:::note
+如果 CloudCore 用 hostNetwork 模式暴露服务，则 K8s 集群无需开启双协议栈网络，EdgeCore 只需要通过 CloudCore 所在节点的 IPv6 地址+端口即可访问 CloudCore。
+:::
+
+
+#### 确保节点支持 IPv6
+
+首先需要确保节点是否开启 IPv6，使用命令查看 IPv6 路由：`ip -6 route show`。如果有输出说明已支持，否则需要配置 /etc/sysctl.conf 修改内核参数，并且按操作系统类型设置网卡配置开启 IPv6。
+
+
+#### 云端 K8s 集群开启双栈协议
+
+配置 K8s 各个组件以及网络插件的 CIDR，正常情况 kube-apiserver 和 kube-controller-manager 在控制节点中使用静态容器维护，YAML 在 /etc/kubernetes/manifests 目录下。kube-proxy 和网络插件以 DaemonSet 方式维护。kubelet 则是在每个节点中以 Systemd 方式维护。
+- kube-apiserver 修改启动参数
+  - `--server-cluster-ip-range=<IPv4 CIDR>,<IPv6 CIDR>`
+- kube-controller-manager 修改启动参数
+  - `--cluster-cidr=<IPv4 CIDR>,<IPv6 CIDR>`
+  - `--service-cluster-ip-range=<IPv4 CIDR>,<IPv6 CIDR>`
+  - `--node-cidr-mask-size-ipv4 | --node-cidr-mask-size-ipv6` 对于 IPv4 默认为 /24，对于 IPv6 默认为 /64
+- kube-proxy 修改配置文件并重启 DaemonSet
+  - 修改配置 `kubectl -n kube-system edit configmaps kube-proxy`，修改字段 `clusterCIDR: <IPv4 CIDR>,<IPv6 CIDR>`
+  - 重启 kube-proxy （如果不行，删除 Pod）
+    ```bash
+    kubectl -n kube-system rollout restart daemonsets kube-proxy
+    ```
+- kubelet 修改启动参数
+  - `--node-ip=<IPv4 IP>,<IPv6 IP>`
+- 修改网络插件 Calico （其他插件可以查找相关资料修改配置）
+  - 修改 Calico 的 ConfigMap 配置
+    ```bash
+    kubectl -n kube-system edit configmap calico-config
+    ```
+    修改 ipam 字段
+    ```json
+    "ipam": {
+        "type": "calico-ipam",
+        "assign_ipv4": true,
+        "assign_ipv6": true
+    }
+    ```
+  - 修改 Calico 的 DaemonSet 环境变量
+    ```bash
+    kubectl -n kube-system set env daemonset/calico-node IP6=autodetect
+    kubectl -n kube-system set env daemonset/calico-node FELIX_IPV6SUPPORT="true"
+    kubectl -n kube-system set env daemonset/calico-node CALICO_IPV6POOL_NAT_OUTGOING="true"
+    kubectl -n kube-system set env daemonset/calico-node CALICO_IPV4POOL_CIDR="<IPv4 CIDR>"
+    kubectl -n kube-system set env daemonset/calico-node CALICO_IPV6POOL_CIDR="<IPv6 CIDR>"
+    kubectl -n kube-system set env daemonset/calico-node IP_AUTODETECTION_METHOD="interface=<Name>"
+    kubectl -n kube-system set env daemonset/calico-node IP6_AUTODETECTION_METHOD="interface=<Name>"
+    ```
+
+
+#### 修改 CloudCore 的 Service
+
+```bash
+kubectl -n kubeedge edit svc cloudcore
+```
+
+编辑 YAML 中的 ipFamilies 和 ipFamilyPolicy 字段
+```yaml
+kind: Service
+apiVersion: v1
+metadata:
+  name: cloudcore
+  namespace: kubeedge
+  ...
+spec:
+  ...
+  ipFamilies:
+    - IPv4
+    - IPv6
+  ipFamilyPolicy: PreferDualStack
+```
+
+请求 CloudCore 的 https 服务验证配置是否成功
+```bash
+curl -gk6 "https://[<node_ipv6_address>]:<cloudhub-https-port>/ca.crt"
+```
+
+#### 重新生成云端证书（可选）
+
+K8s 先支持 IPv6 再安装 KubeEdge 的话无需操作。
+
+修改 CloudCore 的 ConfigMap 配置
+```bash
+kubectl -n kubeedge edit configmaps cloudcore
+```
+
+修改 advertiseAddress 添加 IPv6 的 IP 地址
+```yaml
+modules:
+  cloudHub:
+    advertiseAddress:
+    - <IPv4 IP>
+    - <IPv6 IP>
+```
+
+删除老证书 secrets 资源
+```bash
+kubectl -n kubeedge delete secrets tokensecret casecret cloudcoresecret
+```
+
+重启 CloudCore（如果不行，删除 Pod）
+```bash
+kubectl -n kubeedge rollout restart deployments/cloudcore
+```
+
+
+### 使用 IPv6 接入边缘节点
+
+直接使用 IPv6 地址接入节点，注意 IPv6 地址需要定义在 `[]` 中
+```bash
+keadm join --cloudcore-ipport=[<IPv6 IP>]:<Port> --token=...
+```
+
+正常情况下，节点只会上报 IPv4 的地址到云端，如果需要上报 IPv6 的地址，可以修改配置文件 /etc/kubeedge/config/edgecore.yaml，在 edged 下添加 nodeIP 字段指定上报的地址：
+```yaml
+modules:
+  edged:
+    nodeIP: <Node IPv4 IP>,<Node IPv6 IP>
+```
+
+配置完后，节点会上报两个 IP 地址显示到节点状态中。
+```yaml
+status:
+  addresses:
+    - type: InternalIP
+      address: <IPv4 IP>
+    - type: InternalIP
+      address: <IPv6 IP>
+```
+
+最后在云端使用 `kubectl get node` 查看接入的节点是否 Ready。