参考官方文档:https://docs.kubeedge.io/en/latest/setup/keadm.html?highlight=10350#enable-kubectl-logs-feature
一、在云端节点操作
1.1.生成证书
export CLOUDCOREIPS="192.168.1.1" #192.168.1.1为cloudcore所在宿主机的IP地址
mkdir -p /etc/kubeedge/ca
mkdir -p /etc/kubeedge/certs
$GOPATH/src/github.com/kubeedge/kubeedge/build/tools/certgen.sh stream
1.2.添加防火墙规则
iptables -t nat -A OUTPUT -p tcp --dport 10350 -j DNAT --to $CLOUDCOREIPS:10003
1.3.修改cloudcore.yaml文件
增加如下内容
注意:/etc/kubeedge/ca/rootCA.crt、/etc/kubeedge/certs/server.crt、/etc/kubeedge/certs/server.crt不需要本地存在
cloudStream:
enable: true
streamPort: 10003
tlsStreamCAFile: /etc/kubeedge/ca/streamCA.crt
tlsStreamCertFile: /etc/kubeedge/certs/stream.crt
tlsStreamPrivateKeyFile: /etc/kubeedge/certs/stream.key
tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt
tlsTunnelCertFile: /etc/kubeedge/certs/server.crt
tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key
tunnelPort: 10004
重启cloudcore
systemctl restart cloudcore
查看10003和10004端口
ss -nutlp |egrep "10003|10004"
二、在边缘节点操作
2.1.修改配置文件edgecore.yaml
vi /etc/kubeedge/config/edgecore.yaml
添加如下内容:
edgeStream:
enable: true
handshakeTimeout: 30
readDeadline: 15
server: 192.168.1.1:10004
tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt
tlsTunnelCertFile: /etc/kubeedge/certs/server.crt
tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key
writeDeadline: 15
2.2.重启edgecore
systemctl restart edgecore