All Products
Search

This Product

    Container Service for Kubernetes:Offline O&M for edge nodes

    Document Center

    Container Service for Kubernetes:Offline O&M for edge nodes

    Last Updated:Mar 26, 2026

    When an edge node goes offline due to network instability, cloud-side management commands can no longer reach it. If node autonomy is enabled, workloads continue running on the node — but making changes becomes a challenge. The edgeadm tool lets you make emergency changes directly on the node without waiting for the cloud connection to recover. Use it to:

    • Roll back a misbehaving image after a bad deployment

    • Fix a misconfigured ConfigMap that is causing a service outage

    • Rotate a Secret that has expired or been compromised

    Important

    Changes made with edgeadm are local to the node. When the node reconnects to the cloud, the cloud-side state overwrites any local changes. For permanent changes, update the cluster from the cloud.

    Prerequisites

    Before you begin, ensure that you have:

    Limitations

    • edgeadm is for emergency use only, when edge nodes are offline.

    • Only three resource types can be modified: Pod, ConfigMap, and Secret.

    • Modifications are local to the node. For example, a ConfigMap change affects only that node, not other nodes using the same ConfigMap.

    • Changes are not synchronized to the cloud. Once the node reconnects, cloud-side state overwrites any local changes. For permanent changes, update the cluster from the cloud.

    Download edgeadm

    Run the following command on the edge node to download edgeadm:

    export REGION="" INTERCONNECT_MODE="" CLUSTER_VERSION=""; export ARCH=$(uname -m | awk '{print ($1 == "x86_64") ? "amd64" : (($1 == "aarch64") ? "arm64" : "amd64")}') INTERNAL=$( [ "$INTERCONNECT_MODE" = "private" ] && echo "-internal" || echo "" ); wget http://aliacs-k8s-${REGION}.oss-${REGION}${INTERNAL}.aliyuncs.com/public/pkg/run/attach/${CLUSTER_VERSION}/${ARCH}/edgeadm -O edgeadm; chmod u+x edgeadm;

    Replace the following parameters before running the command:

    Parameter Description Example
    CLUSTER_VERSION ACK Edge cluster version. For supported versions, see Release notes for Kubernetes versions supported. 1.26.3-aliyun.1
    REGION Region ID where the ACK Edge cluster resides. For supported regions, see Supported regions. cn-hangzhou
    INTERCONNECT_MODE Network type for the node connection: basic (public network) or private (Express Connect circuits). basic

    The command automatically detects the node architecture (amd64 for x86\_64, arm64 for aarch64) and downloads the matching binary.

    Common O&M operations

    Before running the commands below, identify the values for your target resources:

    Variable Description How to get it
    {pod-name} Name of the pod to modify Run crictl pods on the node
    {namespace} Namespace the pod belongs to
    {pod-id} ID of the pod
    {configmap-name} Name of the ConfigMap to modify Run ls /etc/kubernetes/cache/kubelet/configmaps.v1.core/{namespace} on the node
    {secret-name} Name of the Secret to modify Run ls /etc/kubernetes/cache/kubelet/secrets.v1.core/{namespace} on the node

    Edit a pod template

    1. Open the pod spec for editing:

      edgeadm -n {namespace} edit pod {pod-name}

    2. Modify the pod template, save the changes, and exit.

    3. The pod restarts automatically. Verify that the changes took effect:

      crictl inspectp {pod-id}

    Edit a ConfigMap

    1. Open the ConfigMap for editing, scoped to the pod that uses it:

      edgeadm -n {namespace} -p {pod-name} edit configmap {configmap-name}

    2. Modify the ConfigMap, save the changes, and exit.

    3. The specified pod restarts automatically and picks up the updated ConfigMap. For other pods on the same node that use this ConfigMap, restart them manually:

      crictl stopp {pod-id}
      Note

      crictl stopp stops the specified pod. kubelet then restarts it automatically.

    Edit a Secret

    1. Open the Secret for editing, scoped to the pod that uses it:

      edgeadm -n {namespace} -p {pod-name} edit secret {secret-name}

    2. Modify the Secret, save the changes, and exit.

    3. The specified pod restarts automatically and uses the updated Secret. For other pods on the same node that use this Secret, restart them manually:

      crictl stopp {pod-id}
      Note

      crictl stopp stops the specified pod. kubelet then restarts it automatically.