本文作者：丁辉

使用Kind安装Kubernetes

官方网站

基础环境准备

通过脚本安装Docker

安装 Kind

二进制文件安装

Github二进制文件下载

下载二进制文件完成后，安装 Kind

install -o root -g root -m 0755 kind-linux-amd64 /usr/local/bin/kind

单节点启动

1. 默认创建集群

   kind create cluster

   指定镜像或名称创建集群

   kind create cluster --name clusterName --image kindest/node:latest

2. 复制 Kind 容器内 Kubectl 使用

   docker cp kind-control-plane:/usr/bin/kubectl /usr/bin/kubectl

3. 验证

   kubectl config get-contexts

创建多节点集群

1. 配置国内镜像加速(要不然创建完集群拉取镜像总是超时)

   mkdir -p /etc/containerd/certs.d/docker.io

   内容如下

   cat > /etc/containerd/certs.d/docker.io/hosts.toml <<EOF
   server = "https://registry-1.docker.io"
   [host."https://docker.m.daocloud.io"]
     capabilities = ["pull", "resolve"]
   [host."https://docker.1ms.run"]
     capabilities = ["pull", "resolve"]
   [host."https://docker-0.unsee.tech"]
     capabilities = ["pull", "resolve"]
   [host."https://registry-1.docker.io"]
     capabilities = ["pull", "resolve"]
   EOF

2. 创建 Yaml 文件

   cat > kind_cluster.yaml <<EOF
   kind: Cluster
   apiVersion: kind.x-k8s.io/v1alpha4
   name: cluster1
   nodes:
   - role: control-plane
     extraMounts:
     - hostPath: /etc/containerd/certs.d/
       containerPath: /etc/containerd/certs.d
       readOnly: true
     extraPortMappings:
     - containerPort: 30000
       hostPort: 30000
       listenAddress: "0.0.0.0"
       protocol: TCP
   - role: worker
     extraMounts:
     - hostPath: /etc/containerd/certs.d/
       containerPath: /etc/containerd/certs.d
       readOnly: true
   - role: worker
     extraMounts:
     - hostPath: /etc/containerd/certs.d/
       containerPath: /etc/containerd/certs.d
       readOnly: true
   - role: worker
     extraMounts:
     - hostPath: /etc/containerd/certs.d/
       containerPath: /etc/containerd/certs.d
       readOnly: true
   
   containerdConfigPatches:
   - |-
     [plugins."io.containerd.grpc.v1.cri".registry]
       config_path = "/etc/containerd/certs.d"
   - |-
     [plugins."io.containerd.grpc.v1.cri"]
       sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.10"
   EOF

   嫌端口太少？来吧循环起来，截止2025年12月2日官方并没有给出特别好的解决办法，只能一个一个写。循环示例如下

   $(for p in $(seq 30000 31000); do echo "  - containerPort: $p"; echo "    hostPort: $p"; echo "    protocol: TCP"; echo "    listenAddress: 0.0.0.0"; done)

3. 创建集群

   kind create cluster --config kind_cluster.yaml

4. 验证

   kubectl get node

卸载集群

• 删除默认集群

  kind delete cluster

• 删除指定集群

  kind delete cluster --name clusterName

• 删除全部集群

  kind delete clusters --all

常用基础命令

• 查看集群

  kind get clusters

• 获取节点

  kind get nodes

• 把本地的 docker 镜像加载到名叫 kind 的 KIND 集群节点里

  kind load docker-image nginx:latest --name kind

问题记录

当使用 Kind 集群部署 Metrics-Server 时报错证书错误

• Kind 解决方案

  1. 让 Kubelet 自动重新申请一份包含 IP SAN 的 serving 证书

     kubeadmConfigPatches:
     - |
       kind: KubeletConfiguration
       serverTLSBootstrap: true

  2. 一次性批准 Pending CSR

     kubectl get csr -ojson | jq -r '.items[] | select(.spec.signerName=="kubernetes.io/kubelet-serving" and (.status==null or .status=={})) | .metadata.name' | xargs kubectl certificate approve

• Metrics-Server 临时解决方案

  Metrics-Server启动报错证书验证失败