Offends/Kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8a87b699ba4dc8055305d564eeb452376850ffd5
Kubernetes/部署文档/Kind/使用Kind安装Kubernetes.md
offends 8a87b699ba
All checks were successful
continuous-integration/drone Build is passing
Details
first commit
2025-12-13 18:06:23 +08:00

4.4 KiB
Raw Blame History

本文作者:丁辉

使用Kind安装Kubernetes

官方网站

基础环境准备

通过脚本安装Docker

安装 Kind

二进制文件安装

Github二进制文件下载

下载二进制文件完成后,安装 Kind

install -o root -g root -m 0755 kind-linux-amd64 /usr/local/bin/kind

单节点启动

  1. 默认创建集群

    kind create cluster

    指定镜像或名称创建集群

    kind create cluster --name clusterName --image kindest/node:latest

  2. 复制 Kind 容器内 Kubectl 使用

    docker cp kind-control-plane:/usr/bin/kubectl /usr/bin/kubectl

  3. 验证

    kubectl config get-contexts

创建多节点集群

  1. 配置国内镜像加速(要不然创建完集群拉取镜像总是超时)

    mkdir -p /etc/containerd/certs.d/docker.io

    内容如下

    cat > /etc/containerd/certs.d/docker.io/hosts.toml <<EOF
server = "https://registry-1.docker.io"
[host."https://docker.m.daocloud.io"]
  capabilities = ["pull", "resolve"]
[host."https://docker.1ms.run"]
  capabilities = ["pull", "resolve"]
[host."https://docker-0.unsee.tech"]
  capabilities = ["pull", "resolve"]
[host."https://registry-1.docker.io"]
  capabilities = ["pull", "resolve"]
EOF

  2. 创建 Yaml 文件

    cat > kind_cluster.yaml <<EOF
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: cluster1
nodes:
- role: control-plane
  extraMounts:
  - hostPath: /etc/containerd/certs.d/
    containerPath: /etc/containerd/certs.d
    readOnly: true
  extraPortMappings:
  - containerPort: 30000
    hostPort: 30000
    listenAddress: "0.0.0.0"
    protocol: TCP
- role: worker
  extraMounts:
  - hostPath: /etc/containerd/certs.d/
    containerPath: /etc/containerd/certs.d
    readOnly: true
- role: worker
  extraMounts:
  - hostPath: /etc/containerd/certs.d/
    containerPath: /etc/containerd/certs.d
    readOnly: true
- role: worker
  extraMounts:
  - hostPath: /etc/containerd/certs.d/
    containerPath: /etc/containerd/certs.d
    readOnly: true

containerdConfigPatches:
- |-
  [plugins."io.containerd.grpc.v1.cri".registry]
    config_path = "/etc/containerd/certs.d"
- |-
  [plugins."io.containerd.grpc.v1.cri"]
    sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.10"
EOF

    嫌端口太少来吧循环起来截止2025年12月2日官方并没有给出特别好的解决办法只能一个一个写。循环示例如下

    $(for p in $(seq 30000 31000); do echo "  - containerPort: $p"; echo "    hostPort: $p"; echo "    protocol: TCP"; echo "    listenAddress: 0.0.0.0"; done)

  3. 创建集群

    kind create cluster --config kind_cluster.yaml

  4. 验证

    kubectl get node

卸载集群

  • 删除默认集群

    kind delete cluster

  • 删除指定集群

    kind delete cluster --name clusterName

  • 删除全部集群

    kind delete clusters --all

常用基础命令

  • 查看集群

    kind get clusters

  • 获取节点

    kind get nodes

  • 把本地的 docker 镜像加载到名叫 kind 的 KIND 集群节点里

    kind load docker-image nginx:latest --name kind

问题记录

当使用 Kind 集群部署 Metrics-Server 时报错证书错误

  • Kind 解决方案

    1. 让 Kubelet 自动重新申请一份包含 IP SAN 的 serving 证书

      kubeadmConfigPatches:
- |
  kind: KubeletConfiguration
  serverTLSBootstrap: true

    2. 一次性批准 Pending CSR

      kubectl get csr -ojson | jq -r '.items[] | select(.spec.signerName=="kubernetes.io/kubelet-serving" and (.status==null or .status=={})) | .metadata.name' | xargs kubectl certificate approve

  • Metrics-Server 临时解决方案

    Metrics-Server启动报错证书验证失败