参考官方文档：https://docs.kubeedge.io/en/latest/setup/keadm.html?highlight=10350#enable-kubectl-logs-feature

一、在云端节点操作

1.1.生成证书

export CLOUDCOREIPS="192.168.1.1"			#192.168.1.1为cloudcore所在宿主机的IP地址
mkdir -p /etc/kubeedge/ca
mkdir -p /etc/kubeedge/certs
$GOPATH/src/github.com/kubeedge/kubeedge/build/tools/certgen.sh stream

1.2.添加防火墙规则

iptables -t nat -A OUTPUT -p tcp --dport 10350 -j DNAT --to $CLOUDCOREIPS:10003

1.3.修改cloudcore.yaml文件

增加如下内容

注意：/etc/kubeedge/ca/rootCA.crt、/etc/kubeedge/certs/server.crt、/etc/kubeedge/certs/server.crt不需要本地存在

cloudStream:
  enable: true
  streamPort: 10003
  tlsStreamCAFile: /etc/kubeedge/ca/streamCA.crt
  tlsStreamCertFile: /etc/kubeedge/certs/stream.crt
  tlsStreamPrivateKeyFile: /etc/kubeedge/certs/stream.key
  tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt
  tlsTunnelCertFile: /etc/kubeedge/certs/server.crt
  tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key
  tunnelPort: 10004

重启cloudcore

systemctl restart cloudcore

查看10003和10004端口

ss -nutlp |egrep "10003|10004"

二、在边缘节点操作

2.1.修改配置文件edgecore.yaml

vi /etc/kubeedge/config/edgecore.yaml

添加如下内容：

edgeStream:
  enable: true
  handshakeTimeout: 30
  readDeadline: 15
  server: 192.168.1.1:10004
  tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt
  tlsTunnelCertFile: /etc/kubeedge/certs/server.crt
  tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key
  writeDeadline: 15

2.2.重启edgecore

systemctl restart edgecore