Azure IoT Edge Connector for Kubernetes
Azure IoT Edge Connector leverages the Virtual Kubelet project to provide a virtual Kubernetes node backed by an Azure IoT hub. It translates a Kubernetes pod specification to an IoT Edge Deployment and submits it to the backing IoT hub. The edge deployment contains a device selector query that controls which subset of edge devices the deployment will be applied to.
This project does not provide Kubernetes-backed high availability or disaster recovery to IoT Edge deployments. It is about software deployment and management of the edge devices using Kubernetes concepts and primitives. Ingress to the edge device is not controlled by the Kubernetes load balancer.
The components provided by this project are depicted in the blue boxes in the diagram above. An IoT Edge provider container is spawned alongside the virtual kubelet container in the same pod. This pod instantiates the IoT Edge Connector virtual node.
The IoT Edge provider handles kubelet API calls forwarded by the virtual kubelet. It talks to the Azure IoT hub using the Azure IoT SDKs to submit an equivalent container specification in form of an IoT Edge deployment manifest.
Kubernetes pod annotations and configmaps are used to encode IoT Edge specific information like module routes and device selector query.
Quickstart instructions assume an AKS cluster setup, but can be easily translated to any Kubernetes cluster.
Create a Kubernetes secrets store to hold the IoT Hub connection string. To find the connection string, navigate to your IoT Hub resource in the Azure portal and click on "Shared access policies" and the "iothubowner" will contain your connection string.
kubectl create secret generic my-secrets \ --from-literal=hub0-cs='<iot-hub-owner-connection-string>'
If you using kubectl from cmd.exe or PowerShell, use double-quotes around the connection string:
kubectl create secret generic my-secrets --from-literal=hub0-cs="<iot-hub-owner-connection-string>"
Add a new
--from-literalentry if you want to store multiple keys
Use Helm, a Kubernetes package manager, to install the iot-edge-connector
Initialize Helm in the cluster using the following command. If the command is executed for the first time, it may take upto a minute for all Helm components to become ready.
Use the command below to allow installation in the Kubernetes default namespace:
kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default
Install the IoT Edge connector.
helm install -n hub0 src/charts/iot-edge-connector
AKS clusters have RBAC enabled by default, use the following command to install the iot-edge-connector on Kubernetes clusters that don't have RBAC enabled.
helm install -n hub0 --set rbac.install=false src/charts/iot-edge-connector
After a few seconds
kubectl get nodesshould show
Submit the sample Kubernetes deployment.
kubectl apply -f \ src/Microsoft.Azure.VirtualKubelet.Edge.Provider/sample-deployment.yaml
The sample deployment contains the simulated temperature sensor container. You can use it as a example to create your own deployment.
In a few seconds, you should see the deployment show up the IoT Hub portal under IoT Edge Deployments. Example screenshot below:
Connected edge devices targetted by the deployment will get the new deployment manifest applied within 5 minutes!
More use cases
There are more interesting use cases for this project like:
Using a single Kubernetes deployment that controls your cloud-side and device-side software configuration.
Creating multiple virtual kubelets (by changing values.yaml in the Helm chart) mapped to different IoT hubs, and scaling the Kubernetes deployment to push the same deployment manifest to edge devices connecting to different hubs. Here is a demo of this use case.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.