How YurtHub Extends Native Kubernetes for Edge Computing: Key Capabilities Explained

OpenYurt, an open‑source project from Alibaba Cloud, aims to extend native Kubernetes to edge environments without modifying the core system, providing a one‑click conversion for Kubernetes clusters to gain edge capabilities.

YurtHub Architecture Overview

The article presents the architecture of YurtHub, a core component that acts as a reverse proxy with local caching, enabling edge nodes to continue operating when disconnected from the cloud.

与 Kubernetes 设计理念契合，YurtHub 非常容易扩展出更多的能力

1. Edge Network Autonomy

Edge network autonomy ensures that cross‑node communication continues or automatically recovers when the edge loses connectivity to the cloud, even after container or node restarts.

Problem 1: Network configurations (kube‑proxy iptables/ipvs rules, flannel fdb/arp/route, CoreDNS DNS records) must be restored automatically after node reboot.

Problem 2: Container IPs must remain stable during cloud disconnection.

Problem 3: The MAC address of the VXLAN tunnel endpoint (vtep) must stay unchanged.

YurtHub stores service and other network resources in local storage, allowing components like kube‑proxy, flannel, and CoreDNS to retrieve their previous state after a network outage or node restart.

2. Multi‑Cloud Endpoint Support

In high‑availability Kubernetes deployments, a load balancer (SLB) typically fronts multiple kube‑apiserver instances. In private‑cloud or edge scenarios, nodes may need to reach the control plane via several cloud addresses.

Private‑cloud: Users must implement their own VIP or deploy Nginx on each node for load balancing.

Edge: Nodes may switch between dedicated lines and public networks for resilience.

YurtHub supports both round‑robin (default) and priority‑based load‑balancing modes for cloud endpoints.

3. Node‑Level Cloud Flow Control

Native Kubernetes flow control is implemented at the cluster level (kube‑apiserver) and client‑go library, which is unsuitable for edge scenarios. YurtHub intercepts all traffic from system components and workloads, applying a per‑node limit of 250 concurrent cloud requests; excess requests are rejected.

4. Node Certificate Rotation Management

Kubernetes can automatically rotate node certificates, but network disconnections at the edge may prevent kubelet from obtaining new certificates, leading to node restarts after expiration. YurtHub can manage node‑certificate rotation on behalf of the node, ensuring continuity even when the cloud is temporarily unreachable.

5. Additional Capabilities

Multi‑tenant isolation: In a multi‑tenant cluster, YurtHub ensures that a node only receives resources belonging to its tenant.

Cross‑cluster node migration: Nodes can migrate between clusters by injecting new cluster information into YurtHub without downtime.

Domain‑based access to the cloud kube‑apiserver and other utilities.

Conclusion

YurtHub functions as a reverse proxy with caching, adding a layer of lifecycle management for edge nodes and delivering essential control capabilities for edge computing. Its design also makes it useful as a general‑purpose component in any Kubernetes deployment, promising future improvements in performance and stability.

References

HA endpoints for K8s: https://kubespray.io/#/docs/ha-mode

OpenYurt project repository: https://github.com/alibaba/openyurt