一、 写作背景
系统安装时,K8S 版本是 V1.18.6,安装完毕后,发现版本已经升级到 v1.18.8 了,本着不折腾不舒服的性格,为了以后业务集群可以正常升级不影响业务,对新搭建的服务集群进行升级并做记录
二、 升级流程
具体升级过程如下:
- 升级 kubeadm 软件版本
- 使用 kubeadm upgrade plan 查看升级信息
- 查看并提前拉取所需镜像
- 在主节点执行升级命令,升级 controller-manager proxy scheduler coredns apiserver 等镜像的版本
- 其它节点执行 kubeadm upgrade node 升级其它节点
三、 升级过程
3.1 确认升级版本并升级
每次只能升级一个版本,不能跳过中间版本,比如,不能从 v1.15.x 跳过 v1.16.x 直接升级到 v1.17.x
升级软件
# 查看版本列表,升级到最新,在每个节点都执行升级 kubeadm
yum list --showduplicates kubeadm
# 可以指定升级软件,我这里就直接升级所有软件了。
yum update -y
查看集群升级所需镜像
kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.18.8
k8s.gcr.io/kube-controller-manager:v1.18.8
k8s.gcr.io/kube-scheduler:v1.18.8
k8s.gcr.io/kube-proxy:v1.18.8
k8s.gcr.io/pause:3.2
k8s.gcr.io/etcd:3.4.3-0
k8s.gcr.io/coredns:1.6.7
将 k8s.gcr.io/ 后面的内容保存到文件中,其中 worker 节点需要 kube-proxy 和 pause coredns 三个镜像,Master 节点需要所有镜像
使用命令提前下载镜像,加快部署过程
for i in `cat images`; \
do docker pull registry.cn-beijing.aliyuncs.com/fcu3dx/$i; \
docker tag registry.cn-beijing.aliyuncs.com/fcu3dx/$i k8s.gcr.io/$i; \
docker rmi registry.cn-beijing.aliyuncs.com/fcu3dx/$i; \
done;
3.2 Master 1 节点升级
在 Master1 (这里是 kube-m1) 执行 kubeadm upgrade plan 命令
查看输出:
[root@kube-m1 ~]# kubeadm upgrade plan
[upgrade/config] Making sure the configuration is correct:
[upgrade/config] Reading configuration from the cluster...
[upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[preflight] Running pre-flight checks.
[upgrade] Running cluster health checks
[upgrade] Fetching available versions to upgrade to
[upgrade/versions] Cluster version: v1.18.6
[upgrade/versions] kubeadm version: v1.18.8
W0821 12:47:38.256987 13391 version.go:102] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable.txt": Get https://dl.k8s.io/release/stable.txt: dial tcp 34.107.204.206:443: connect: connection timed out
W0821 12:47:38.257057 13391 version.go:103] falling back to the local client version: v1.18.8
[upgrade/versions] Latest stable version: v1.18.8
[upgrade/versions] Latest stable version: v1.18.8
W0821 12:47:41.392886 13391 version.go:102] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.18.txt": Get https://dl.k8s.io/release/stable-1.18.txt: dial tcp 34.107.204.206:443: connect: connection timed out
W0821 12:47:41.392926 13391 version.go:103] falling back to the local client version: v1.18.8
[upgrade/versions] Latest version in the v1.18 series: v1.18.8
[upgrade/versions] Latest version in the v1.18 series: v1.18.8
External components that should be upgraded manually before you upgrade the control plane with 'kubeadm upgrade apply':
COMPONENT CURRENT AVAILABLE
Etcd 3.3.11 3.4.3-0
Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply':
COMPONENT CURRENT AVAILABLE
Kubelet 9 x v1.18.6 v1.18.8
Upgrade to the latest version in the v1.18 series:
COMPONENT CURRENT AVAILABLE
API Server v1.18.6 v1.18.8
Controller Manager v1.18.6 v1.18.8
Scheduler v1.18.6 v1.18.8
Kube Proxy v1.18.6 v1.18.8
CoreDNS 1.6.7 1.6.7
You can now apply the upgrade by executing the following command:
kubeadm upgrade apply v1.18.8
_____________________________________________________________________
在镜像提前准备好的前提下,进行升级
停止节点调度
kubectl drain kube-m1.gxsk.uat --ignore-daemonsets --delete-local-data
# 执行结果,各 POD 名称都是随机的,不同集群不一样。
[root@kube-m1 ~]# kubectl drain kube-m1.gxsk.uat --ignore-daemonsets --delete-local-data
node/kube-m1.gxsk.uat cordoned
WARNING: ignoring DaemonSet-managed Pods: kube-system/kube-flannel-ds-amd64-qz6w9, kube-system/kube-proxy-vs2d8
evicting pod kube-system/coredns-66bff467f8-5c8lz
evicting pod kube-system/coredns-66bff467f8-7tfjc
pod/coredns-66bff467f8-7tfjc evicted
pod/coredns-66bff467f8-5c8lz evicted
node/kube-m1.gxsk.uat evicted
查看集群状态,可以看到 kube-m1节点已经处于不可调度状态了。
[root@kube-m1 ~]# kubectl get nodes
执行版本升级,上一步操作已经显示需要执行的命令,直接复制执行即可
kubeadm upgrade apply v1.18.8
最后出现类似下面的提示即为成功
[addons] Applied essential addon: CoreDNS
[endpoint] WARNING: port specified in controlPlaneEndpoint overrides bindPort in the controlplane address
[addons] Applied essential addon: kube-proxy
[upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.18.8". Enjoy!
[upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven't already done so.
重启一下 docker 和 kubelet 使用服务生效
systemctl restart docker kubelet
查看集群状态
[root@kube-m1 ~]# kubectl get nodes
开启节点可调度
kubectl uncordon kube-m1.gxsk.uat
# 查看状态
kubectl get nodes
3.3 其它节点升级
为了保障服务正常进行,建议每一个节点都单独升级,等该节点上所有服务都正常了,再进行下一节点升级。
在任意一 Master 节点执行命令,停止节点调度
kubectl drain kube-m2.gxsk.uat --ignore-daemonsets --delete-local-data
到目标 Master 节点执行升级,注意这里就不需要执行 kubeadm upgrade apply v1.18.8 这个命令了,而是执行 kubeadm upgrade node 命令。
kubeadm upgrade node
重启 docker kubelet 服务
systemctl restart docker kubelet
执行 kubectl uncordon kube-m2.gxsk.uat 使节点可调度。
查看集群状态 kubectl get nodes
最后再执行 kubeadm upgrade plan,可以看到,所有版已经升级到最新了。
四、 文章参考
转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论,也可以邮件至 long@longger.xin
