k8s筆記9--升級kubeadm部署的叢集
阿新 • • 發佈:2021-02-19
技術標籤:K8S & Docker升級kubeadm叢集kubeadm upgrade升級k8kubernetes
k8s筆記9--升級kubeadm部署的叢集
1 介紹
近年來 k8s 社群非常活躍,版本迭代很快,因此根據業務需要升級k8s叢集是一個非常重要的技能。本文介紹如何將k8s從1.19.x 升級 到1.20.x 版本。
k8s的升級流程主要分為如下3個部分:
- 升級主控制面節點
核心命令 kubeadm upgrade apply
1)檢查叢集處於可升級狀態;2)強制執行版本傾斜(version skew )策略;
3)確保控制面映象可用且能pull到該機器;
4)若元件配置需要升級,則生成對應的替換檔案;
5)升級控制面板元件(若失敗則回滾);
6)應用新的 kube-dns 和 kube-proxy manifests ,確保建立所有必需的RBAC規則;
7)為API server生成新證書和key檔案, 如果他們在180天內過期則還要備份舊檔案; - 升級其它控制面節點(本文只有1個主節點,因此省略第二步);
核心命令 kubeadm upgrade node
1)從叢集拉取 kubeadm ClusterConfiguration;
2)選擇性地備份 kube-apiserver certificate;3)為控制面板元件升級靜態 Pod manifests;
4)為當前節點升級 kubelet configuration; - 升級工作節點
核心命令 kubeadm upgrade node
1)從叢集拉取 kubeadm ClusterConfiguration;
2) 為當前節點升級 kubelet configuration;
2 叢集升級
2.1 前期準備
- 備份 etcd
備份etcd資料庫 # kubectl -n kube-system exec -it etcd-kmaster -- sh -c "ETCDCTL_API=3 ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt ETCDCTL_CERT=/etc/kubernetes/pki/etcd/server.crt ETCDCTL_KEY=/etc/kubernetes/pki/etcd/server.key etcdctl --endpoints=https://127.0.0.1:2379 snapshot save /var/lib/etcd/snapshot.db"檢視資料檔案狀態 # kubectl -n kube-system exec -it etcd-kmaster -- sh -c "ETCDCTL_API=3 ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt ETCDCTL_CERT=/etc/kubernetes/pki/etcd/server.crt ETCDCTL_KEY=/etc/kubernetes/pki/etcd/server.key etcdctl --endpoints=https://127.0.0.1:2379 snapshot status -w table /var/lib/etcd/snapshot.db" +----------+----------+------------+------------+ | HASH | REVISION | TOTAL KEYS | TOTAL SIZE | +----------+----------+------------+------------+ | 2eb468ae | 531875 | 1661 | 5.9 MB | +----------+----------+------------+------------+ 檢視備份檔案 # ls /var/lib/etcd/ member snapshot.db # mkdir $HOME/backup # cp /var/lib/etcd/snapshot.db ~/backup/ - 備份k8s etcd核心資料檔案
# cp -r /etc/kubernetes/pki/etcd $HOME/backup/ - 確定升級版本
# apt update # apt-cache madison kubeadm 筆者已經安裝了1.19.4,現打算升級到 1.20.0-00
2.2 升級master節點
- 升級kubeadm
# apt-mark unhold kubeadm && apt-get update && apt-get install -y kubeadm=1.20.0-00 && apt-mark hold kubeadm - 檢查kubeadm
# kubeadm version kubeadm version: &version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.0", GitCommit:"af46c47ce925f4c4ad5cc8d1fca46c7b77d13b38", GitTreeState:"clean", BuildDate:"2020-12-08T17:57:36Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"} - 核實升級plan
# kubeadm upgrade plan ...... [upgrade/versions] Latest version in the v1.19 series: v1.19.7 Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply': COMPONENT CURRENT AVAILABLE kubelet 4 x v1.19.4 v1.20.2 Upgrade to the latest stable version: COMPONENT CURRENT AVAILABLE kube-apiserver v1.19.7 v1.20.2 kube-controller-manager v1.19.7 v1.20.2 kube-scheduler v1.19.7 v1.20.2 kube-proxy v1.19.7 v1.20.2 CoreDNS 1.7.0 1.7.0 etcd 3.4.13-0 3.4.13-0 You can now apply the upgrade by executing the following command: kubeadm upgrade apply v1.20.2 Note: Before you can perform this upgrade, you have to update kubeadm to v1.20.2. ...... - 按照提示升級
此處升級為1.20.0,所以沒有使用推薦的v1.20.2 # kubeadm upgrade apply v1.20.0 輸出: ...... [addons] Applied essential addon: CoreDNS [addons] Applied essential addon: kube-proxy [upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.20.0". Enjoy! [upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven't already done so. - drain 控制面板節點
# kubectl drain kmaster --ignore-daemonsets node/kmaster cordoned - 升級 kubelet 和 kubectl
# apt-mark unhold kubelet kubectl && apt-get update && apt-get install -y kubelet=1.20.0-00 kubectl=1.20.0-00 && apt-mark hold kubelet kubectl 升級後重啟kubelet 節點 # systemctl daemon-reload # systemctl restart kubelet - Uncordon 控制面板節點
# kubectl uncordon kmaster - 檢視節點狀態
# kubectl get nodes 發現節點為Ready狀態
2.3 升級worker節點
- 升級kubeadm
# apt-mark unhold kubeadm && apt-get update && apt-get install -y kubeadm=1.20.0-00 && apt-mark hold kubeadm - 檢查kubeadm
# kubeadm version - 更新本地kubelet 配置
# kubeadm upgrade node ...... [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [upgrade] The configuration for this node was successfully updated! ...... - drain knode01
# kubectl drain knode01 --ignore-daemonsets [--delete-emptydir-data 如果儲存了本地資料,則需要delete emptydir] - 升級 kubelet 和 kubectl
# apt-mark unhold kubelet kubectl && apt-get update && apt-get install -y kubelet=1.20.0-00 kubectl=1.20.0-00 && apt-mark hold kubelet kubectl 升級後重啟kubelet 節點 # systemctl daemon-reload # systemctl restart kubelet - Uncordon worker節點
# kubectl uncordon knode01
- 檢視節點狀態
# kubectl get nodes 發現knode01節點為Ready狀態
至此master節點和一個worker節點升級完畢,其它節點可以按照worker節點的方法逐個升級。
3 注意事項
- 如果升級出錯,可以從以下位置的檔案進行恢復,直接執行 kubeadm upgrade apply --force 即可
# ls /etc/kubernetes/tmp/ kubeadm-backup-kubeadm-backup-etcd-2021-01-30-04-29-58/ kubeadm-backup-manifests-2021-01-30-04-29-58/ - 如果叢集有多個master節點,則第2,3 個節點升級使用 kubeadm upgrade node 而非apply。
4 說明
- 軟體環境
升級前 k8s 叢集版本為:v1.19.4,升級後為1.20.0;
測試系統為ubuntu 16.04 server版本; - 參考文件
1 administer-cluster/kubeadm/kubeadm-upgrade/