Kubernetes 边缘 AI 部署与管理最佳实践

Kubernetes 边缘 AI 部署与管理最佳实践 | 极客日志

# 安装 Docker
apt-get update
apt-get install -y docker.io

# 安装 kubeadm、kubelet 和 kubectl
apt-get update && apt-get install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y kubelet kubeadm kubectl

# 初始化主节点
kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=<主节点 IP>

# 配置 kubectl
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

# 安装网络插件
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

# 在边缘节点上执行
kubeadm join <主节点 IP>:6443 --token <token> --discovery-token-ca-cert-hash <hash>

# 下载并优化模型
mkdir -p models/yolo/1
wget -O models/yolo/1/model.onnx https://github.com/onnx/models/raw/main/vision/object_detection_segmentation/yolov4/model/yolov4.onnx

# 创建模型存储
kubectl create -f - <<EOF
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: model-pvc
  namespace: default
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
EOF

apiVersion: apps/v1
kind: Deployment
metadata:
  name: edge-ai-service
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: edge-ai-service
  template:
    metadata:
      labels:
        app: edge-ai-service
    spec:
      nodeSelector:
        node-role.kubernetes.io/edge: "true"
      containers:
      - name: edge-ai-service
        image: edge-ai-service:latest
        ports:
        - containerPort: 8080
        resources:
          limits:
            cpu: 1
            memory: 1Gi
          requests:
            cpu: 500m
            memory: 512Mi
        volumeMounts:
        - name: model-volume
          mountPath: /models
      volumes:
      - name: model-volume
        persistentVolumeClaim:
          claimName: model-pvc

apiVersion: v1
kind: Service
metadata:
  name: edge-ai-service
  namespace: default
spec:
  selector:
    app: edge-ai-service
  ports:
  - port: 8080
    targetPort: 8080
  type: NodePort

# 部署服务
kubectl apply -f deployment.yaml
kubectl apply -f service.yaml

# 测试服务
NODE_PORT=$(kubectl get svc edge-ai-service -o jsonpath='{.spec.ports[0].nodePort}')
EDGE_NODE_IP=$(kubectl get nodes -l node-role.kubernetes.io/edge=true -o jsonpath='{.items[0].status.addresses[0].address}')
curl -X POST http://$EDGE_NODE_IP:$NODE_PORT/predict -H "Content-Type: application/json" -d '{"image": "base64_encoded_image"}'

# 为边缘节点添加标签
kubectl label nodes <edge-node> node-role.kubernetes.io/edge=true

# 为边缘节点添加污点
kubectl taint nodes <edge-node> node-role.kubernetes.io/edge:NoSchedule

# 为应用添加容忍度
kubectl patch deployment edge-ai-service -p '{"spec":{"template":{"spec":{"tolerations":[{"key":"node-role.kubernetes.io/edge","operator":"Exists","effect":"NoSchedule"}]}}}}'

apiVersion: v1
kind: ResourceQuota
metadata:
  name: edge-node-quota
  namespace: default
spec:
  hard:
    requests.cpu: "2"
    requests.memory: "4Gi"
    limits.cpu: "4"
    limits.memory: "8Gi"
    pods: "10"

# 安装 Calico CNI 插件
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

# 配置网络策略
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: edge-ai-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: edge-ai-service
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: edge-gateway
    ports:
    - protocol: TCP
      port: 8080
  egress:
  - to:
    - podSelector:
        matchLabels:
          app: edge-storage
    ports:
    - protocol: TCP
      port: 9000

apiVersion: apps/v1
kind: Deployment
metadata:
  name: edge-gateway
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: edge-gateway
  template:
    metadata:
      labels:
        app: edge-gateway
    spec:
      nodeSelector:
        node-role.kubernetes.io/edge: "true"
      containers:
      - name: edge-gateway
        image: nginx:latest
        ports:
        - containerPort: 80
        volumeMounts:
        - name: nginx-config
          mountPath: /etc/nginx/nginx.conf
          subPath: nginx.conf
      volumes:
      - name: nginx-config
        configMap:
          name: edge-gateway-config

apiVersion: v1
kind: ConfigMap
metadata:
  name: edge-gateway-config
  namespace: default
data:
  nginx.conf: |
    events {}
    http {
      server {
        listen 80;
        location / {
          proxy_pass http://edge-ai-service:8080;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
        }
      }
    }

apiVersion: v1
kind: PersistentVolume
metadata:
  name: edge-local-storage
  namespace: default
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  local:
    path: /mnt/edge-storage
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: node-role.kubernetes.io/edge
          operator: In
          values:
          - "true"

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: edge-local-pvc
  namespace: default
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
  storageClassName: ""
  selector:
    matchLabels:
      type: local

# 安装 Prometheus Operator
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install prometheus prometheus-community/kube-prometheus-stack -n monitoring --create-namespace

# 配置边缘节点监控
kubectl apply -f - <<EOF
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: edge-ai-service-monitor
  namespace: monitoring
spec:
  selector:
    matchLabels:
      app: edge-ai-service
  endpoints:
  - port: 8080
    path: /metrics
    interval: 15s
EOF

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentd
  namespace: kube-system
  labels:
    k8s-app: fluentd-logging
spec:
  selector:
    matchLabels:
      k8s-app: fluentd-logging
  template:
    metadata:
      labels:
        k8s-app: fluentd-logging
    spec:
      containers:
      - name: fluentd
        image: fluent/fluentd-kubernetes-daemonset:v1.14.6
        env:
        - name: FLUENTD_ARGS
          value: --no-supervisor -q
        volumeMounts:
        - name: varlog
          mountPath: /var/log
        - name: varlibdockercontainers
          mountPath: /var/lib/docker/containers
          readOnly: true
      volumes:
      - name: varlog
        hostPath:
          path: /var/log
      - name: varlibdockercontainers
        hostPath:
          path: /var/lib/docker/containers

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: edge-ai-role
  namespace: default
rules:
- apiGroups: [""]
  resources: ["pods", "services"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: edge-ai-rolebinding
  namespace: default
subjects:
- kind: ServiceAccount
  name: edge-ai-service-account
  namespace: default
roleRef:
  kind: Role
  name: edge-ai-role
  apiGroup: rbac.authorization.k8s.io

apiVersion: apps/v1
kind: Deployment
metadata:
  name: video-analytics
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: video-analytics
  template:
    metadata:
      labels:
        app: video-analytics
    spec:
      nodeSelector:
        node-role.kubernetes.io/edge: "true"
      containers:
      - name: video-analytics
        image: video-analytics:latest
        ports:
        - containerPort: 8080
        env:
        - name: MODEL_PATH
          value: /models/yolo
        - name: CAMERA_URL
          value: rtsp://camera:554/stream
        volumeMounts:
        - name: model-volume
          mountPath: /models
      volumes:
      - name: model-volume
        persistentVolumeClaim:
          claimName: model-pvc

apiVersion: apps/v1
kind: Deployment
metadata:
  name: sensor-processing
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sensor-processing
  template:
    metadata:
      labels:
        app: sensor-processing
    spec:
      nodeSelector:
        node-role.kubernetes.io/edge: "true"
      containers:
      - name: sensor-processing
        image: sensor-processing:latest
        ports:
        - containerPort: 8080
        env:
        - name: SENSOR_ENDPOINT
          value: http://sensor:8000
        - name: MODEL_PATH
          value: /models/anomaly
        volumeMounts:
        - name: model-volume
          mountPath: /models
      volumes:
      - name: model-volume
        persistentVolumeClaim:
          claimName: model-pvc

# 查看边缘节点状态
kubectl get nodes

# 查看边缘应用状态
kubectl get pods -l app=edge-ai-service

# 查看应用日志
kubectl logs -l app=edge-ai-service

# 检查边缘节点资源使用情况
kubectl top node <edge-node>

# 检查网络连接
kubectl exec -it <pod-name> -- ping <target-host>

Kubernetes 边缘 AI 部署与管理最佳实践

Kubernetes 边缘 AI 部署与管理最佳实践

1. 边缘 AI 核心概念

1.1 什么是边缘 AI

1.2 边缘 AI 的优势

2. 边缘 Kubernetes 集群搭建

2.1 边缘节点配置

2.2 搭建边缘 Kubernetes 集群

3. 边缘 AI 应用部署

3.1 模型准备

3.2 部署边缘 AI 服务

4. 边缘节点管理

4.1 节点标签和污点

4.2 资源管理

5. 网络配置

5.1 边缘网络优化

5.2 边缘与云端通信

6. 存储配置

6.1 边缘存储管理

7. 监控与可观测性

7.1 边缘节点监控

7.2 日志管理

8. 安全最佳实践

8.1 边缘节点安全

8.2 模型安全

9. 实际应用场景

9.1 智能视频分析

9.2 智能传感器数据处理

10. 故障排查

10.1 常见问题解决

10.2 调试技巧

11. 总结

更多推荐文章

相关免费在线工具

Kubernetes 边缘 AI 部署与管理最佳实践

Kubernetes 边缘 AI 部署与管理最佳实践

1. 边缘 AI 核心概念

1.1 什么是边缘 AI

1.2 边缘 AI 的优势

2. 边缘 Kubernetes 集群搭建

2.1 边缘节点配置

2.2 搭建边缘 Kubernetes 集群

3. 边缘 AI 应用部署

3.1 模型准备

3.2 部署边缘 AI 服务

4. 边缘节点管理

4.1 节点标签和污点

4.2 资源管理

5. 网络配置

5.1 边缘网络优化

5.2 边缘与云端通信

6. 存储配置

6.1 边缘存储管理

7. 监控与可观测性

7.1 边缘节点监控

7.2 日志管理

8. 安全最佳实践

8.1 边缘节点安全

8.2 模型安全

9. 实际应用场景

9.1 智能视频分析

9.2 智能传感器数据处理

10. 故障排查

10.1 常见问题解决

10.2 调试技巧

11. 总结

微信扫一扫，关注极客日志

更多推荐文章

相关免费在线工具