> 本文作者：丁辉

# 使用Kind安装Kubernetes

[官方网站](https://kind.sigs.k8s.io/)

## 基础环境准备

[ 通过脚本安装Docker](https://gitee.com/offends/Kubernetes/blob/main/Docker/Docs/%E5%AE%89%E8%A3%85%E6%96%87%E6%A1%A3/%E9%80%9A%E8%BF%87%E8%84%9A%E6%9C%AC%E5%AE%89%E8%A3%85Docker.md)

## 安装 Kind

二进制文件安装

[Github二进制文件下载](https://github.com/kubernetes-sigs/kind/releases)

下载二进制文件完成后，安装 Kind

```bash
install -o root -g root -m 0755 kind-linux-amd64 /usr/local/bin/kind
```

## 单节点启动

1. 默认创建集群

   ```bash
   kind create cluster
   ```

   指定镜像或名称创建集群

   `kind create cluster --name clusterName --image kindest/node:latest`

2. 复制 Kind 容器内 Kubectl 使用

   ```bash
   docker cp kind-control-plane:/usr/bin/kubectl /usr/bin/kubectl
   ```

3. 验证

   ```bash
   kubectl config get-contexts
   ```

## 创建多节点集群

1. 配置国内镜像加速(要不然创建完集群拉取镜像总是超时)

   ```bash
   mkdir -p /etc/containerd/certs.d/docker.io
   ```

   内容如下

   ```toml
   cat > /etc/containerd/certs.d/docker.io/hosts.toml <<EOF
   server = "https://registry-1.docker.io"
   [host."https://docker.m.daocloud.io"]
     capabilities = ["pull", "resolve"]
   [host."https://docker.1ms.run"]
     capabilities = ["pull", "resolve"]
   [host."https://docker-0.unsee.tech"]
     capabilities = ["pull", "resolve"]
   [host."https://registry-1.docker.io"]
     capabilities = ["pull", "resolve"]
   EOF
   ```

2. 创建 Yaml 文件

   ```yaml
   cat > kind_cluster.yaml <<EOF
   kind: Cluster
   apiVersion: kind.x-k8s.io/v1alpha4
   name: cluster1
   nodes:
   - role: control-plane
     extraMounts:
     - hostPath: /etc/containerd/certs.d/
       containerPath: /etc/containerd/certs.d
       readOnly: true
     extraPortMappings:
     - containerPort: 30000
       hostPort: 30000
       listenAddress: "0.0.0.0"
       protocol: TCP
   - role: worker
     extraMounts:
     - hostPath: /etc/containerd/certs.d/
       containerPath: /etc/containerd/certs.d
       readOnly: true
   - role: worker
     extraMounts:
     - hostPath: /etc/containerd/certs.d/
       containerPath: /etc/containerd/certs.d
       readOnly: true
   - role: worker
     extraMounts:
     - hostPath: /etc/containerd/certs.d/
       containerPath: /etc/containerd/certs.d
       readOnly: true
   
   containerdConfigPatches:
   - |-
     [plugins."io.containerd.grpc.v1.cri".registry]
       config_path = "/etc/containerd/certs.d"
   - |-
     [plugins."io.containerd.grpc.v1.cri"]
       sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.10"
   EOF
   ```

   > 嫌端口太少？来吧循环起来，截止2025年12月2日官方并没有给出特别好的解决办法，只能一个一个写。循环示例如下
   >
   > ```bash
   > $(for p in $(seq 30000 31000); do echo "  - containerPort: $p"; echo "    hostPort: $p"; echo "    protocol: TCP"; echo "    listenAddress: 0.0.0.0"; done)
   > ```

3. 创建集群

   ```bash
   kind create cluster --config kind_cluster.yaml
   ```

4. 验证

   ```bash
   kubectl get node
   ```

## 卸载集群

- 删除默认集群

  ```bash
  kind delete cluster
  ```

- 删除指定集群

  ```bash
  kind delete cluster --name clusterName
  ```

- 删除全部集群

  ```bash
  kind delete clusters --all
  ```

## 常用基础命令

- 查看集群

  ```bash
  kind get clusters
  ```

- 获取节点

  ```bash
  kind get nodes
  ```

- 把本地的 docker 镜像加载到名叫 kind 的 KIND 集群节点里

  ```bash
  kind load docker-image nginx:latest --name kind
  ```


# 问题记录

当使用 Kind 集群部署 Metrics-Server 时报错证书错误

- Kind 解决方案

  1. 让 Kubelet 自动重新申请一份包含 IP SAN 的 serving 证书

     ```toml
     kubeadmConfigPatches:
     - |
       kind: KubeletConfiguration
       serverTLSBootstrap: true
     ```

  2. 一次性批准 Pending CSR

     ```bash
     kubectl get csr -ojson | jq -r '.items[] | select(.spec.signerName=="kubernetes.io/kubelet-serving" and (.status==null or .status=={})) | .metadata.name' | xargs kubectl certificate approve
     ```

- Metrics-Server 临时解决方案

  [Metrics-Server启动报错证书验证失败](https://gitee.com/offends/Kubernetes/blob/main/%E9%97%AE%E9%A2%98%E8%AE%B0%E5%BD%95/Metrics-Server%E5%90%AF%E5%8A%A8%E6%8A%A5%E9%94%99%E8%AF%81%E4%B9%A6%E9%AA%8C%E8%AF%81%E5%A4%B1%E8%B4%A5.md)