How to Integrate OpenYurt with FabEdge for Secure Edge‑Cloud Communication

Background

Traditional cloud computing can no longer meet the massive, geographically distributed data processing demands of modern industries. Edge computing has emerged to address these needs, especially with the rise of 5G and IoT. However, edge networks differ fundamentally from data‑center networks: they often operate over weak, high‑latency wireless links, lack fixed public IPs, and rely on the insecure public Internet.

OpenYurt is the first non‑intrusive, cloud‑native edge‑computing project. Its Yurt‑Tunnel component handles control‑plane traffic, but OpenYurt does not provide a native solution for cross‑public‑network data‑plane communication, prompting collaboration with mature cloud‑native networking projects such as FabEdge.

FabEdge Overview

FabEdge is a Kubernetes‑based CNI solution designed specifically for edge scenarios. It complies with the CNI specification and can be seamlessly integrated into any Kubernetes environment, solving cross‑region communication challenges between cloud‑edge and edge‑edge nodes.

Integration and Deployment Steps

1. Prepare the OpenYurt Environment

Two cloud nodes (master, cloud‑node) running CentOS 7.9, placed in the same private network, with Flannel v0.14.0 installed. OpenYurt components: Yurt‑Tunnel‑Server, Yurt‑Controller‑Manager.

Two edge nodes (edge‑node1, edge‑node2) with the same OS. OpenYurt components: Yurt‑Tunnel‑Agent, Yurt‑Hub.

2. Deploy OpenYurt

Manual deployment guide:

https://github.com/openyurtio/openyurt/blob/master/docs/tutorial/manually-setup.md

Kubernetes one‑click conversion to OpenYurt:

https://github.com/openyurtio/openyurt/releases

3. Configure Yurt‑Tunnel

When deploying Yurt‑Tunnel‑Server, add the argument --cert-ips=tunnel-server with the public IP of the server node, because the default certificate IP is a private address.

When deploying Yurt‑Tunnel‑Agent, add the argument --tunnelserver-addr specifying the public IP and exposed port of the Yurt‑Tunnel‑Server, so the agent can establish a connection.

4. Integrate FabEdge

Reference integration documentation:

https://github.com/FabEdge/fabedge/blob/main/docs/integrate-with-openyurt.md

Verification Tests

The integrated environment was evaluated under two main communication patterns: cloud‑side Pods accessing edge‑side Pods/Services and edge‑side Pods accessing cloud‑side Pods/Services. Both hostNetwork Pods and normal container‑network Pods were tested.

The tests confirmed that cross‑public‑network cloud‑edge communication functions as expected, satisfying current requirements. Further testing for cross‑public‑network edge‑edge communication is planned.

Conclusion

Only cross‑public‑network cloud‑edge communication has been validated so far, and it meets basic functional needs.

FabEdge takes over existing container network solutions (e.g., Flannel, Calico) in edge environments, which may impact upgrade paths for existing users who already have a full network stack deployed in the cloud.