Consulte el documento oficial: https://docs.kubeedge.io/en/latest/setup/keadm.html?highlight=10350#enable-kubectl-logs-feature
1. Operación en el nodo de la nube
1.1.生成证书
export CLOUDCOREIPS="192.168.1.1" #192.168.1.1为cloudcore所在宿主机的IP地址
mkdir -p /etc/kubeedge/ca
mkdir -p /etc/kubeedge/certs
$GOPATH/src/github.com/kubeedge/kubeedge/build/tools/certgen.sh stream
1.2.添加防火墙规则
iptables -t nat -A OUTPUT -p tcp --dport 10350 -j DNAT --to $CLOUDCOREIPS:10003
1.3.修改cloudcore.yaml文件
Agrega el siguiente contenido
注意:/etc/kubeedge/ca/rootCA.crt、/etc/kubeedge/certs/server.crt、/etc/kubeedge/certs/server.crt不需要本地存在
cloudStream:
enable: true
streamPort: 10003
tlsStreamCAFile: /etc/kubeedge/ca/streamCA.crt
tlsStreamCertFile: /etc/kubeedge/certs/stream.crt
tlsStreamPrivateKeyFile: /etc/kubeedge/certs/stream.key
tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt
tlsTunnelCertFile: /etc/kubeedge/certs/server.crt
tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key
tunnelPort: 10004
Reiniciar cloudcore
systemctl restart cloudcore
Ver puertos 10003 y 10004
ss -nutlp |egrep "10003|10004"
2. Operación en el nodo de borde
2.1.修改配置文件edgecore.yaml
vi /etc/kubeedge/config/edgecore.yaml
Agrega el siguiente contenido:
edgeStream:
enable: true
handshakeTimeout: 30
readDeadline: 15
server: 192.168.1.1:10004
tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt
tlsTunnelCertFile: /etc/kubeedge/certs/server.crt
tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key
writeDeadline: 15
2.2.重启edgecore
systemctl reiniciar edgecore