+IEC Reference Foundation Overview
+This document provides a general description about the reference foundation of IEC.
+The Integrated Edge Cloud (IEC) will enable new functionalities and business models
+on the network edge. The benefits of running applications on the network edge are
+- Better latencies for end users
+- Less load on network since more data can be processed locally
+- Fully utilize the computation power of the edge devices
+.. _Kubernetes: https://kubernetes.io/
+.. _Calico: https://www.projectcalico.org/
+.. _Contiv: https://github.com/contiv/vpp
+.. _OVN-kubernetes: https://github.com/openvswitch/ovn-kubernetes
+Currently, the chosen operating system(OS) is Ubuntu 16.04 and/or 18.04.
+The infrastructure orchestration of IEC is based on Kubernetes_, which is a
+production-grade container orchestration with rich running eco-system.
+The current container networking mechanism (CNI) choosed for Kubernetes is project
+Calico, which is a high performance, scalable, policy enabled and widely used container
+networking solution with rather easy installation and arm64 support. In the future,
+Contiv/VPP or OVN-Kubernetes would also be candidates for Kubernetes networking.
+Kubernetes Install for Ubuntu
+Install Docker as Prerequisite
+.. _Docker: https://www.docker.com/
+.. _install: https://docs.docker.com/install/linux/docker-ce/ubuntu/
+Docker_ is used for Kuberntes docker images management. The installation script for docker
+version 18.06 is given below. More docker install information can be found in the install_
+ ARCH=arm64
+ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+ sudo apt-key fingerprint 0EBFCD88
+ sudo add-apt-repository \
+ "deb [arch=${ARCH}] https://download.docker.com/linux/ubuntu \
+ $(lsb_release -cs) \
+ stable"
+ sudo apt-get update
+ sudo apt-get install -y docker-ce=${DOCKER_VERSION}~ce~3-0~ubuntu
+Disable swap on your machine
+Turn off all swap devices and files with::
+ sudo swapoff -a
+.. _kubeadm: https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/
+Install Kubernetes with Kubeadm
+kubeadm_ helps you bootstrap a minimum viable Kubernetes cluster that conforms
+to best practices which a preferred installation method for IEC currently.
+Now we choose v1.13.0 as a current stable version of Kubernetes for arm64.
+Usually the current host(edge server/gateway)'s management interface is chosen as
+the Kubeapi-server advertise address which is indicated here as ``$MGMT_IP``.
+The common installation steps for both Kubernetes master and slave node are given
+as Linux shell scripts::
+ sudo bash
+ apt-get update && apt-get install -y apt-transport-https curl
+ curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
+ cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
+ deb https://apt.kubernetes.io/ kubernetes-xenial main
+ apt-get update
+ apt-get install -y kubelet=1.13.0-00 kubeadm=1.13.0-00 kubectl=1.13.0-00
+ apt-mark hold kubelet kubeadm kubectl
+ sysctl net.bridge.bridge-nf-call-iptables=1
+For host setup as Kubernetes `master`::
+ sudo kubeadm config images pull
+ sudo kubeadm init --pod-network-cidr= --apiserver-advertise-address=$MGMT_IP \
+ --service-cidr=
+To start using your cluster, you need to run (as a regular user)::
+ mkdir -p $HOME/.kube
+ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+ sudo chown $(id -u):$(id -g) $HOME/.kube/config
+or if you are the ``root`` user::
+ export KUBECONFIG=/etc/kubernetes/admin.conf
+For hosts setup as Kubernetes `slave`::
+ kubeadm join --token <token> <master-ip>:6443 --discovery-token-ca-cert-hash sha256:<hash>
+in which the token is given in the master's ``kubeadm init``.
+or using following command which will skip ca-cert verification::
+ kubeadm join --token <token> <master_ip>:6443 --discovery-token-unsafe-skip-ca-verification
+After the `slave` joining the Kubernetes cluster, in the master node, you could check the cluster
+node with the command::
+ kubectl get nodes
+Install the Calico CNI Plugin to Kubernetes Cluster
+Now we install a Calico_ network add-on so that Kubernetes pods can communicate with each other.
+The network must be deployed before any applications. Kubeadm only supports Container Networking
+Interface(CNI) based networks for which Calico has supported.
+Install the Etcd Database
+ kubectl apply -f https://raw.githubusercontent.com/Jingzhao123/arm64TemporaryCalico/temporay_arm64/
+ v3.3/getting-started/kubernetes/installation/hosted/etcd-arm64.yaml
+Install the RBAC Roles required for Calico
+ kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/rbac.yaml
+Install Calico to system
+Firstly, we should get the configuration file from web site and modify the corresponding image
+from amd64 to arm64 version. Then, by using kubectl, the calico pod will be created.
+ wget https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/calico.yaml
+Since the "quay.io/calico" image repo does not support does not multi-arch, we have
+to replace the “quay.io/calico” image path to "calico" which supports multi-arch.
+ sed -i "s/quay.io\/calico/calico/" calico.yaml
+Deploy the Calico using following command::
+ kubectl apply -f calico.yaml
+.. Attention::
+ In calico.yaml file, there is an option "IP_AUTODETECTION_METHOD" about choosing
+ network interface. The default value is "first-found" which means the first valid
+ IP address (except local interface, docker bridge). So if the number of network-interface
+ is more than 1 on your server, you should configure it depends on your networking
+ environments. If it does not configure it properly, there are some error about
+ calico-node pod: "BGP not established with X.X.X.X".
+Remove the taints on master node
+ kubectl taint nodes --all node-role.kubernetes.io/master-
+Verification for the Work of Kubernetes
+Now we can verify the work of Kubernetes and Calico with Kubernets pod and service creation and accessing
+based on Nginx which is a widely used web server.
+Firstly, create a file named nginx-app.yaml to describe a Pod and service by::
+ $ cat <<EOF >~/nginx-app.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: nginx
+ labels:
+ app: nginx
+ spec:
+ type: NodePort
+ ports:
+ - port: 80
+ protocol: TCP
+ name: http
+ selector:
+ app: nginx
+ ---
+ apiVersion: v1
+ kind: ReplicationController
+ metadata:
+ name: nginx
+ spec:
+ replicas: 2
+ template:
+ metadata:
+ labels:
+ app: nginx
+ spec:
+ containers:
+ - name: nginx
+ image: nginx
+ ports:
+ - containerPort: 80
+then test the Kubernetes working status with the script::
+ set -ex
+ kubectl create -f ~/nginx-app.yaml
+ kubectl get nodes
+ kubectl get services
+ kubectl get pods
+ kubectl get rc
+ r="0"
+ while [ $r -ne "2" ]
+ do
+ r=$(kubectl get pods | grep Running | wc -l)
+ sleep 60
+ done
+ svcip=$(kubectl get services nginx -o json | grep clusterIP | cut -f4 -d'"')
+ sleep 10
+ wget http://$svcip
+ kubectl delete -f ./examples/nginx-app.yaml
+ kubectl delete -f ./nginx-app.yaml
+ kubectl get rc
+ kubectl get pods
+ kubectl get services
+.. _Helm: https://github.com/helm/helm
+Helm Install on Arm64
+Helm_ is a tool for managing Kubernetes charts. Charts are packages of pre-configured
+Kubernetes resources. The installation of Helm on arm64 is as followes::
+ wget https://storage.googleapis.com/kubernetes-helm/helm-v2.12.3-linux-arm64.tar.gz
+ xvf helm-v2.12.3-linux-arm64.tar.gz
+ sudo cp linux-arm64/helm /usr/bin
+ sudo cp linux-arm64/tiller /usr/bin
+Further Information
+We would like to provide a walk through shell script to automate the installation of Kubernetes
+and Calico in the future. But this README is still useful for IEC developers and users.
+For issues or anything on the reference foundation stack of IEC, you could contact:
+Trevor Tao: trevor.tao@arm.com
+Jingzhao Ni: jingzhao.ni@arm.com
+Jianlin Lv: jianlin.lv@arm.com