Use edgeadm In cloud-edge deployments, edge nodes can go offline when the network is unstable. If node autonomy is enabled, workloads keep running, but you cannot manage them from the cloud console. Use edgeadm to make emergency changes to Pods, ConfigMaps, and Secrets on offline edge nodes.
-
Roll back a misbehaving image after a bad deployment
-
Fix a misconfigured ConfigMap causing a service outage
-
Rotate a Secret that has expired or been compromised
edgeadm changes are local to the node. When the node reconnects, cloud-side state overwrites local changes. For permanent changes, update the cluster from the cloud.
Prerequisites
Ensure the following:
-
An ACK Edge cluster running Kubernetes 1.26 or later.
-
Edge nodes added to the cluster.
Limitations
-
edgeadmis for emergency use only, when edge nodes are offline. -
Only three resource types can be modified: Pod, ConfigMap, and Secret.
-
Modifications are local to the node. For example, a ConfigMap change affects only that node, not others using the same ConfigMap.
-
Changes are not synced to the cloud. Once the node reconnects, cloud-side state overwrites local changes. For permanent changes, update the cluster from the cloud.
Download edgeadm
Download edgeadm on the edge node:
export REGION="" INTERCONNECT_MODE="" CLUSTER_VERSION=""; export ARCH=$(uname -m | awk '{print ($1 == "x86_64") ? "amd64" : (($1 == "aarch64") ? "arm64" : "amd64")}') INTERNAL=$( [ "$INTERCONNECT_MODE" = "private" ] && echo "-internal" || echo "" ); wget http://aliacs-k8s-${REGION}.oss-${REGION}${INTERNAL}.aliyuncs.com/public/pkg/run/attach/${CLUSTER_VERSION}/${ARCH}/edgeadm -O edgeadm; chmod u+x edgeadm;
Replace the following parameters:
| Parameter | Description | Example |
|---|---|---|
CLUSTER_VERSION |
ACK Edge cluster version. See Release notes for Kubernetes versions supported. | 1.26.3-aliyun.1 |
REGION |
Region ID of the ACK Edge cluster. See Supported regions. | cn-hangzhou |
INTERCONNECT_MODE |
Network type for the node connection: basic (Internet mode) or private (Express Connect mode).basic (public network) or private (Express Connect circuits). |
basic |
The command detects the node architecture (amd64 for x86\_64, arm64 for aarch64) and downloads the matching binary.
Common O&M operations
Identify the following values for your target resources:
| Variable | Description | How to get it |
|---|---|---|
{pod-name} |
Name of the pod to modify | Run crictl pods on the node |
{namespace} |
Namespace the pod belongs to | — |
{pod-id} |
ID of the pod | — |
{configmap-name} |
Name of the ConfigMap to modify | Run ls /etc/kubernetes/cache/kubelet/configmaps.v1.core/{namespace} on the node |
{secret-name} |
Name of the Secret to modify | Run ls /etc/kubernetes/cache/kubelet/secrets.v1.core/{namespace} on the node |
Edit a pod template
-
Open the pod spec for editing:
edgeadm -n {namespace} edit pod {pod-name} -
Modify the pod template, save, and exit.
-
The pod restarts automatically. Verify the changes took effect:
crictl inspectp {pod-id}
Edit a ConfigMap
-
Open the ConfigMap for editing, scoped to the pod that uses it:
edgeadm -n {namespace} -p {pod-name} edit configmap {configmap-name} -
Modify the ConfigMap, save, and exit.
-
The pod restarts with the updated ConfigMap. For other pods on the same node that use this ConfigMap, restart them manually:
crictl stopp {pod-id}Notecrictl stoppstops the pod. kubelet restarts it automatically.
Edit a Secret
-
Open the Secret for editing, scoped to the pod that uses it:
edgeadm -n {namespace} -p {pod-name} edit secret {secret-name} -
Modify the Secret, save, and exit.
-
The pod restarts with the updated Secret. For other pods on the same node that use this Secret, restart them manually:
crictl stopp {pod-id}Notecrictl stoppstops the pod. kubelet restarts it automatically.