Resolva o problema de que o kubeedge não pode se conectar à porta 10350 ao usar os registros do kubectl

Consulte o documento oficial: https://docs.kubeedge.io/en/latest/setup/keadm.html?highlight=10350#enable-kubectl-logs-feature

1. Operação no nó da nuvem

1.1.生成证书

export CLOUDCOREIPS="192.168.1.1"			#192.168.1.1为cloudcore所在宿主机的IP地址
mkdir -p /etc/kubeedge/ca
mkdir -p /etc/kubeedge/certs
$GOPATH/src/github.com/kubeedge/kubeedge/build/tools/certgen.sh stream

1.2.添加防火墙规则

iptables -t nat -A OUTPUT -p tcp --dport 10350 -j DNAT --to $CLOUDCOREIPS:10003

1.3.修改cloudcore.yaml文件

Adicione o seguinte conteúdo

注意：/etc/kubeedge/ca/rootCA.crt、/etc/kubeedge/certs/server.crt、/etc/kubeedge/certs/server.crt不需要本地存在

cloudStream:
  enable: true
  streamPort: 10003
  tlsStreamCAFile: /etc/kubeedge/ca/streamCA.crt
  tlsStreamCertFile: /etc/kubeedge/certs/stream.crt
  tlsStreamPrivateKeyFile: /etc/kubeedge/certs/stream.key
  tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt
  tlsTunnelCertFile: /etc/kubeedge/certs/server.crt
  tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key
  tunnelPort: 10004

Reinicie o cloudcore

systemctl restart cloudcore

Ver portas 10003 e 10004

ss -nutlp |egrep "10003|10004"

2. Operação no nó de borda

2.1.修改配置文件edgecore.yaml

vi /etc/kubeedge/config/edgecore.yaml

Adicione o seguinte conteúdo:

edgeStream:
  enable: true
  handshakeTimeout: 30
  readDeadline: 15
  server: 192.168.1.1:10004
  tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt
  tlsTunnelCertFile: /etc/kubeedge/certs/server.crt
  tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key
  writeDeadline: 15

2.2.重启edgecore

systemctl restart edgecore