Enable Kubectl logs/exec to debug pods on the edge
Prepare certs
Make sure you can find the kubernetes
ca.crt
andca.key
files. If you set up your kubernetes cluster bykubeadm
, those files will be in/etc/kubernetes/pki/
dir.ls /etc/kubernetes/pki/
Set
CLOUDCOREIPS
env. The environment variable is set to specify the IP address of cloudcore, or a VIP if you have a highly available cluster.export CLOUDCOREIPS="192.168.0.139"
(Warning: the same terminal is essential to continue the work, or it is necessary to type this command again.) Checking the environment variable with the following command:
echo $CLOUDCOREIPS
Generate the certificates for CloudStream on cloud node, however, the generation file is not in the
/etc/kubeedge/
, we need to copy it from the repository which was git cloned from GitHub. Change user to root:sudo su
Copy certificates generation file from original cloned repository:
cp $GOPATH/src/github.com/kubeedge/kubeedge/build/tools/certgen.sh /etc/kubeedge/
Change directory to the kubeedge directory:
cd /etc/kubeedge/
Generate certificates from certgen.sh
/etc/kubeedge/certgen.sh stream
Set Iptables Rule
Set iptables on the host. This command should be executed on every node which deployed apiserver.(In this case, it is the master node, and execute this command by root.)
Run the following command on the host on which each apiserver runs:
Note: Make sure
CLOUDCOREIPS
environment variable is setiptables -t nat -A OUTPUT -p tcp --dport 10350 -j DNAT --to $CLOUDCOREIPS:10003
Port 10003 and 10350 are the default ports for the CloudStream and edgecore, use your own ports if you have changed them.
If you are not sure whether you have a setting of iptables, and you want to clean all of them. (If you set up iptables wrongly, it will block you out of this feature)
The following command can be used to clean up iptables:
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
Update Configurations
Update
cloudcore
configuration to enable cloudStream.If
cloudcore
is installed as binary, you can directly modify/etc/kubeedge/config/cloudcore.yaml
with using editor. Ifcloudcore
is running as kubernetes deployment, you can usekubectl edit cm -n kubeedge cloudcore
to updatecloudcore
‘s ConfigurationMap.cloudStream:
enable: true
streamPort: 10003
tlsStreamCAFile: /etc/kubeedge/ca/streamCA.crt
tlsStreamCertFile: /etc/kubeedge/certs/stream.crt
tlsStreamPrivateKeyFile: /etc/kubeedge/certs/stream.key
tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt
tlsTunnelCertFile: /etc/kubeedge/certs/server.crt
tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key
tunnelPort: 10004
Update
edgecore
configuration to enable edgeStream.This modification needs to be done all edge system where
edgecore
runs to update/etc/kubeedge/config/cloudcore.yaml
. Make sure theserver
IP address to the cloudcore IP (the same as $CLOUDCOREIPS).edgeStream:
enable: true
handshakeTimeout: 30
readDeadline: 15
server: 192.168.0.139:10004
tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt
tlsTunnelCertFile: /etc/kubeedge/certs/server.crt
tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key
writeDeadline: 15
Restart
Restart all the cloudcore and edgecore to apply the Stream configuration.
If
cloudcore
is installed as binary:sudo systemctl restart cloudcore.service
or
cloudcore
is running in kubernetes deployment:kubectl rollout restart deployment -n kubeedge cloudcore
At the all edge side where
edgecore
runs:sudo systemctl restart edgecore.service