【云原生】Kubernetes集群升级

news2024/12/29 13:14:27

【云原生】Kubernetes集群升级指南

  • 前言
  • 一、集群升级过程辅助命令
  • 二、升级master节点
    • 2.1、升级kubeadm。
    • 2.2、验证升级计划
    • 2.3、master节点升级
  • 三、升级node节点
  • 总结

前言

本文演示kubernetes集群从v1.24.1升级到v1.25.5。
相关文档。

一、集群升级过程辅助命令

(1)查看节点上运行的pod。

kubectl get pod -o wide |grep <nodename>

(2)查看集群配置文件。

kubectl -n kube-system get cm kubeadm-config -o yaml

(3)查看当前集群节点。

kubectl get node

二、升级master节点

2.1、升级kubeadm。

# 更新包管理器
sudo apt-get update
# 查看可用版本
apt-cache madison kubeadm

# 解除 kubeadm软件包保留状态
sudo apt-mark unhold kubeadm
# 安装
sudo apt-get install -y kubeadm=1.25.5-00
# 设置为保留,即不自动更新
sudo apt-mark hold kubeadm

# 验证版本
kubeadm version

2.2、验证升级计划

(1)检查可升级到哪些版本,并验证你当前的集群是否可升级。

sudo kubeadm upgrade plan
_____________________________________________________________________

Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply':
COMPONENT   CURRENT       TARGET
kubelet     1 x v1.24.1   v1.25.8

Upgrade to the latest stable version:

COMPONENT                 CURRENT   TARGET
kube-apiserver            v1.24.1   v1.25.8
kube-controller-manager   v1.24.1   v1.25.8
kube-scheduler            v1.24.1   v1.25.8
kube-proxy                v1.24.1   v1.25.8
CoreDNS                   v1.8.6    v1.9.3
etcd                      3.5.3-0   3.5.6-0

You can now apply the upgrade by executing the following command:

	kubeadm upgrade apply v1.25.8

Note: Before you can perform this upgrade, you have to update kubeadm to v1.25.8.

_____________________________________________________________________

注意下面的MANUAL字段:

_____________________________________________________________________


The table below shows the current state of component configs as understood by this version of kubeadm.
Configs that have a "yes" mark in the "MANUAL UPGRADE REQUIRED" column require manual config upgrade or
resetting to kubeadm defaults before a successful upgrade can be performed. The version to manually
upgrade to is denoted in the "PREFERRED VERSION" column.

API GROUP                 CURRENT VERSION   PREFERRED VERSION   MANUAL UPGRADE REQUIRED
kubeproxy.config.k8s.io   v1alpha1          v1alpha1            no
kubelet.config.k8s.io     v1beta1           v1beta1             no
_____________________________________________________________________

指示哪些主键需要手动升级,如果是yes就要手动升级。

(2)显示哪些差异将被应用于现有的静态 pod 资源清单。

sudo kubeadm upgrade diff 1.25.5
[upgrade/diff] Reading configuration from the cluster...
[upgrade/diff] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
--- /etc/kubernetes/manifests/kube-scheduler.yaml
+++ new manifest
@@ -16,7 +16,7 @@
     - --bind-address=127.0.0.1
     - --kubeconfig=/etc/kubernetes/scheduler.conf
     - --leader-elect=true
-    image: registry.aliyuncs.com/google_containers/kube-scheduler:v1.24.1
+    image: registry.aliyuncs.com/google_containers/kube-scheduler:1.25.5
     imagePullPolicy: IfNotPresent
     livenessProbe:
       failureThreshold: 8
--- /etc/kubernetes/manifests/kube-apiserver.yaml
+++ new manifest
@@ -40,7 +40,7 @@
     - --service-cluster-ip-range=10.96.0.0/12
     - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
     - --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
-    image: registry.aliyuncs.com/google_containers/kube-apiserver:v1.24.1
+    image: registry.aliyuncs.com/google_containers/kube-apiserver:1.25.5
     imagePullPolicy: IfNotPresent
     livenessProbe:
       failureThreshold: 8
--- /etc/kubernetes/manifests/kube-controller-manager.yaml
+++ new manifest
@@ -28,7 +28,7 @@
     - --service-account-private-key-file=/etc/kubernetes/pki/sa.key
     - --service-cluster-ip-range=10.96.0.0/12
     - --use-service-account-credentials=true
-    image: registry.aliyuncs.com/google_containers/kube-controller-manager:v1.24.1
+    image: registry.aliyuncs.com/google_containers/kube-controller-manager:1.25.5
     imagePullPolicy: IfNotPresent
     livenessProbe:
       failureThreshold: 8

2.3、master节点升级

(1)升级到 1.25.5版本,此命令仅升级master节点(control plane)。

sudo kubeadm upgrade apply v1.25.5
[upgrade/config] Making sure the configuration is correct:
[upgrade/config] Reading configuration from the cluster...
[upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[preflight] Running pre-flight checks.
[upgrade] Running cluster health checks
[upgrade/version] You have chosen to change the cluster version to "v1.25.5"
[upgrade/versions] Cluster version: v1.24.1
[upgrade/versions] kubeadm version: v1.25.5
[upgrade] Are you sure you want to proceed? [y/N]: y
[upgrade/prepull] Pulling images required for setting up a Kubernetes cluster
[upgrade/prepull] This might take a minute or two, depending on the speed of your internet connection
[upgrade/prepull] You can also perform this action in beforehand using 'kubeadm config images pull'
[upgrade/apply] Upgrading your Static Pod-hosted control plane to version "v1.25.5" (timeout: 5m0s)...
[upgrade/etcd] Upgrading to TLS for etcd
[upgrade/staticpods] Preparing for "etcd" upgrade
[upgrade/staticpods] Renewing etcd-server certificate
[upgrade/staticpods] Renewing etcd-peer certificate
[upgrade/staticpods] Renewing etcd-healthcheck-client certificate
[upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/etcd.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2023-03-19-08-29-54/etcd.yaml"
[upgrade/staticpods] Waiting for the kubelet to restart the component
[upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s)
[apiclient] Found 1 Pods for label selector component=etcd
[upgrade/staticpods] Component "etcd" upgraded successfully!
[upgrade/etcd] Waiting for etcd to become available
[upgrade/staticpods] Writing new Static Pod manifests to "/etc/kubernetes/tmp/kubeadm-upgraded-manifests1584419494"
[upgrade/staticpods] Preparing for "kube-apiserver" upgrade
[upgrade/staticpods] Renewing apiserver certificate
[upgrade/staticpods] Renewing apiserver-kubelet-client certificate
[upgrade/staticpods] Renewing front-proxy-client certificate
[upgrade/staticpods] Renewing apiserver-etcd-client certificate
[upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-apiserver.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2023-03-19-08-29-54/kube-apiserver.yaml"
[upgrade/staticpods] Waiting for the kubelet to restart the component
[upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s)
[apiclient] Found 1 Pods for label selector component=kube-apiserver
[upgrade/staticpods] Component "kube-apiserver" upgraded successfully!
[upgrade/staticpods] Preparing for "kube-controller-manager" upgrade
[upgrade/staticpods] Renewing controller-manager.conf certificate
[upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-controller-manager.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2023-03-19-08-29-54/kube-controller-manager.yaml"
[upgrade/staticpods] Waiting for the kubelet to restart the component
[upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s)
[apiclient] Found 1 Pods for label selector component=kube-controller-manager
[upgrade/staticpods] Component "kube-controller-manager" upgraded successfully!
[upgrade/staticpods] Preparing for "kube-scheduler" upgrade
[upgrade/staticpods] Renewing scheduler.conf certificate
[upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-scheduler.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2023-03-19-08-29-54/kube-scheduler.yaml"
[upgrade/staticpods] Waiting for the kubelet to restart the component
[upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s)
[apiclient] Found 1 Pods for label selector component=kube-scheduler
[upgrade/staticpods] Component "kube-scheduler" upgraded successfully!
[upgrade/postupgrade] Removing the old taint &Taint{Key:node-role.kubernetes.io/master,Value:,Effect:NoSchedule,TimeAdded:<nil>,} from all control plane Nodes. After this step only the &Taint{Key:node-role.kubernetes.io/control-plane,Value:,Effect:NoSchedule,TimeAdded:<nil>,} taint will be present on control plane Nodes.
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

[upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.25.5". Enjoy!

[upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven't already done so.

(2) 腾空节点,即将节点上除守护进程之外的其他进程调度到其他节点,同时将开启调度保护。

kubectl drain <nodename> --ignore-daemonsets
$ kubectl drain k8s-master1 --ignore-daemonsets
node/k8s-master1 cordoned
WARNING: ignoring DaemonSet-managed Pods: kube-flannel/kube-flannel-ds-nxz4d, kube-system/kube-proxy-pbnk4
evicting pod kube-system/coredns-c676cc86f-twm96
evicting pod kube-system/coredns-c676cc86f-mdgbn
pod/coredns-c676cc86f-mdgbn evicted
pod/coredns-c676cc86f-twm96 evicted
node/k8s-master1 drained

$ kubectl get pod -A
NAMESPACE      NAME                                  READY   STATUS    RESTARTS   AGE
kube-flannel   kube-flannel-ds-nxz4d                 1/1     Running   0          136m
kube-system    coredns-c676cc86f-7stvs               0/1     Pending   0          60s
kube-system    coredns-c676cc86f-vmkgv               0/1     Pending   0          60s
kube-system    etcd-k8s-master1                      1/1     Running   0          11m
kube-system    kube-apiserver-k8s-master1            1/1     Running   0          10m
kube-system    kube-controller-manager-k8s-master1   1/1     Running   0          10m
kube-system    kube-proxy-pbnk4                      1/1     Running   0          9m44s
kube-system    kube-scheduler-k8s-master1            1/1     Running   0          9m58s

$ kubectl get node
NAME          STATUS                     ROLES           AGE    VERSION
k8s-master1   Ready,SchedulingDisabled   control-plane   162m   v1.24.1

(3)升级kubelet与kubectl组件。

sudo apt-mark unhold kubelet kubectl
sudo apt-get install -y kubelet=1.25.5-00 kubectl=1.25.5-00
sudo apt-mark hold kubelet kubectl

(4)重启 kubelet。

sudo systemctl daemon-reload
sudo systemctl restart kubelet

(5)解除调度保护。

kubectl uncordon <nodename>

三、升级node节点

(1)升级节点kubelet 配置。

sudo kubeadm upgrade node

(2)腾空节点,同时开启调度保护,此命令请在master节点操作

kubectl drain <nodename> --ignore-daemonsets

(3)升级kubelet与kubectl组件。

sudo apt-mark unhold kubelet kubectl
sudo apt-get install -y kubelet=1.25.5-00 kubectl=1.25.5-00
sudo apt-mark hold kubelet kubectl

(4)重启 kubelet。

sudo systemctl daemon-reload
sudo systemctl restart kubelet

(5)解除调度保护,master节点上执行该命令。

kubectl uncordon <nodename>

总结

每个版本的升级都不一样,所以要根据版本进行适当调整,不作为万能指导。
升级过程:

  1. 升级master组件。
  2. 升级worker节点组件,调度保护、排空节点、worker节点组件升级、解除保护。

在这里插入图片描述

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/437354.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

linux系统中MongoDB数据库安装及分片集群搭建

史上最全的mongodb分片集群搭建&#xff0c;从介绍安装到集群搭建授权&#xff0c;你再也找不到比他更加详细的资料了&#xff0c;未经允许禁止转载&#xff01;&#xff01; 一、简介 MongoDB是一个便于开发和扩展设计的文档数据库&#xff0c;属于NoSQL数据库的一种。Mongo…

计算机笔试/面试常见逻辑题/智力题汇总

说明&#xff1a;按种类汇总&#xff0c;难度不分先后&#xff0c;做了分级罗列&#xff0c;方便后续扩充&#xff0c;大家有比较有意思的题目可以在讨论区讨论。 下面有的题题解相对复杂的直接参考了网上的一些解答&#xff0c;而有的题解我认为并不好的也做了补充&#xff0c…

2023年值得关注的3个品牌趋势,帮你弯道超车

2023年&#xff0c;大环境开放&#xff0c;压抑三年的消费蓄势待发&#xff0c;品牌如何唤醒消费者的、热情成了重中之重的大事。 春风和煦&#xff0c;万物生长。又到了各类品牌、各位营销人踌躇满志、斗志昂扬的时候了&#xff0c;浅析一下2023品牌宣传趋势&#xff0c;抓住…

OpenCV 图像处理学习手册:1~5

原文&#xff1a;Learning Image Processing with OpenCV 协议&#xff1a;CC BY-NC-SA 4.0 译者&#xff1a;飞龙 本文来自【ApacheCN 计算机视觉 译文集】&#xff0c;采用译后编辑&#xff08;MTPE&#xff09;流程来尽可能提升效率。 当别人说你没有底线的时候&#xff0c;…

Redis删除键命令: 入门用del,老手用unlink,有何区别?

在Redis中&#xff0c;删除键是一项常见操作。Redis提供了两种删除键的方式&#xff1a;del和unlink。这两种方式看似类似&#xff0c;但实际上它们之间存在着不同之处。在本文中&#xff0c;我们将深入探讨这两种删除键的区别以及它们在实际应用中的使用。 一、del命令 del…

【OpenCV技能树】——二值图像处理

前言&#xff1a; &#x1f60a;&#x1f60a;&#x1f60a;欢迎来到本博客&#x1f60a;&#x1f60a;&#x1f60a; 目前正在进行 OpenCV技能树的学习&#xff0c;OpenCV是学习图像处理理论知识比较好的一个途径&#xff0c;至少比看书本来得实在。本专栏文章主要记录学习Op…

SDUT操作系统课程(CATS)专题二+专题四(参考总结)

专题二+进程调度算法 RR q=1(含做题代码) 总结:到达时间一到对应进程进入,执行队首进程一次,对应的服务时间划一记号(推荐用正字),队首进程未执行到完成的话重新进入队尾,队首进程执行到完成的话出队,下一秒继续执行队首进程,当5个进程全部入队之后只要执行后两步操…

STM32-互补输出带死区和刹车断路笔记

互补输出带死区控制 比如说&#xff0c;高级控制定时器&#xff08;TIM1 和 TIM8&#xff09;可以输出两路互补信号&#xff0c;并管理输出的关断与接通瞬间。这段时间通常称为死区&#xff0c;由于硬件设备的延迟和一些设备转换的用时&#xff0c;这时候进行操作可能会导致比…

如何把Spring Boot的Jar包做成exe?生成自己的程序,超详细教程奉上

近期做了一个前后端合并的spring boot项目&#xff0c;但是要求达成exe文件&#xff0c;提供给不懂电脑的小白安装使用&#xff0c;就去研究了半天&#xff0c;踩了很多坑&#xff0c;写这篇文章&#xff0c;是想看到这篇文章的人&#xff0c;按照我的步骤走&#xff0c;能少踩…

神马转债,海顺转债,柳工转2,能辉转债上市价格预测

神马转债 基本信息 转债名称&#xff1a;神马转债&#xff0c;评级&#xff1a;AAA&#xff0c;发行规模&#xff1a;30.0亿元。 正股名称&#xff1a;神马股份&#xff0c;今日收盘价&#xff1a;7.83元&#xff0c;转股价格&#xff1a;8.38元。 当前转股价值 转债面值 / 转…

【cpolar 内网穿透】Openwrt 软路由实现内网穿透

cpolar 是一种安全的内网穿透云服务&#xff0c;它将内网下的本地服务器通过安全隧道暴露至公网。使得公网用户可以正常访问内网服务。 文章目录 前言一、上传 cpolar 安装包二、配置cpolar环境变量三、安装并配置 cpolar 服务3.1 安装 cpolar3.2 启动 cpolar3.3 进行其他配置 …

RabbitMQ (HelloWord 消息应答 持久化 不公平分发 预取值)

文章目录 HelloWord工作队列工作线程代码启动两个工作线程工作队列&#xff08;生产者代码&#xff09;工作队列&#xff08;结果成功&#xff09; 消息应答自动应答手动消息应答multiple的解释消息自动重新入队手动应答代码消息手动应答&#xff08;生产者&#xff09;消息手动…

网络编程之TCP

hi,大家好,今天为大家带来TCP协议的相关知识 这里写目录标题 认识TCP的相关方法实现TCP版本的回显服务器实现多线程版本的TCP回显服务器实现线程池版本的TCP回显服务器 认识TCP方法 认识TCP的相关方法 实现TCP版本的回显服务器 实现多线程版本的TCP回显服务器 实现线程池版…

尚硅谷大数据技术Hadoop教程-笔记06【Hadoop-生产调优手册】

视频地址&#xff1a;尚硅谷大数据Hadoop教程&#xff08;Hadoop 3.x安装搭建到集群调优&#xff09; 尚硅谷大数据技术Hadoop教程-笔记01【大数据概论】尚硅谷大数据技术Hadoop教程-笔记02【Hadoop-入门】尚硅谷大数据技术Hadoop教程-笔记03【Hadoop-HDFS】尚硅谷大数据技术Ha…

轻松管理和保障容器应用程序:Docker Swarm安全之道

✅创作者&#xff1a;陈书予 &#x1f389;个人主页&#xff1a;陈书予的个人主页 &#x1f341;陈书予的个人社区&#xff0c;欢迎你的加入: 陈书予的社区 文章目录 一、 介绍Docker Swarm 安全1. 什么是Docker Swarm2. 为什么要使用Docker Swarm3. Docker Swarm的安全特性 二…

sql语法:详解DDL

Mysql版本&#xff1a;8.0.26 可视化客户端&#xff1a;sql yog 目录 一、DDL是什么&#xff1f;二、和数据库相关的DDL2.1 创建数据库2.2 删除数据库2.3 查看所有的数据库&#xff0c;当前用户登录后&#xff0c;可以看到哪些数据库2.4 查看某个数据库的详细定义2.5 修改数据库…

你一定能看懂的数据库事务和事务特性实现原理

一。概念 事务 是数据库执行原子操作的基本单位。一个事务中的多个修改&#xff0c;则要么全部成功执行&#xff0c;要么全部不执行。 关于事务的 MYSQL 官网的解释 Transactions are atomic units of work that can be *committed* or *rolled back*. When a transaction ma…

PyTorch 深度学习实战 | DIEN 模拟兴趣演化的序列网络

01、实例&#xff1a;DIEN 模拟兴趣演化的序列网络 深度兴趣演化网络(Deep Interest Evolution Network,DIEN)是阿里巴巴团队在2018年推出的另一力作,比DIN 多了一个Evolution,即演化的概念。 在DIEN 模型结构上比DIN 复杂许多,但大家丝毫不用担心,我们将DIEN 拆解开来详细地说…

Unity+jenkins自动化打包(1)

一 安装Jenkins https://www.jenkins.io/download/ 官网 1&#xff09; 使用 brew 安装 2&#xff09; 安装完成后一般都会遇到问题 我用的是jenkins-lts 稳定版 解决办法 删除掉对应的文件夹 1 rm -rf /usr/local/Homebrew/Library/Taps/homebrew/homebrew-services 2…

内网穿透实现在外远程SQL Server数据库 - Windows环境

目录 前言 1. 本地安装配置SQL Server 2. 将本地sqlserver服务暴露至公网 2.1 本地安装cpolar内网穿透 2.2 创建隧道 3. 公网远程连接sqlserver 3.1 使用命令行远程连接sqlserver, 3.2 使用图形界面远程连接sqlserver 3.3 使用SSMS图形界面远程连接sqlserver 4. 配置…