在CentOS7上k8s1.16升级到1.17.x

我的k8s集群是单master节点+2个worker节点，主要参照以下2篇文章，把CentOS7上的kubernhetes1.16.0升级到1.17.2，

https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/

https://www.codetd.com/article/8427952

一、升级第一个master节点

在第1个主节点，检查当前kubeadm版本，执行

yum list --showduplicates kubeadm --disableexcludes=kubernetes

执行结果

kubeadm.x86_64 1.15.8-0 kubernetes
kubeadm.x86_64 1.15.9-0 kubernetes
kubeadm.x86_64 1.16.0-0 kubernetes
kubeadm.x86_64 1.16.1-0 kubernetes
kubeadm.x86_64 1.16.2-0 kubernetes
kubeadm.x86_64 1.16.3-0 kubernetes
kubeadm.x86_64 1.16.4-0 kubernetes
kubeadm.x86_64 1.16.5-0 kubernetes
kubeadm.x86_64 1.16.6-0 kubernetes
kubeadm.x86_64 1.17.0-0 kubernetes
kubeadm.x86_64 1.17.1-0 kubernetes
kubeadm.x86_64 1.17.2-0 kubernetes

安装kubeadm，把x换成需要的子版本号，执行

yum install -y kubeadm-1.17.x-0 --disableexcludes=kubernetes

我的实例，注意-0一定要有

yum install -y kubeadm-1.17.2-0 --disableexcludes=kubernetes

执行完毕后检查结果

kubeadm version

把当前节点放空，cp-node-name可以通过kubeadm get node 查询到

kubectl drain <cp-node-name> --ignore-daemonsets

我的实例

kubectl drain k8smaster1 --ignore-daemonsets

显示升级计划

sudo kubeadm upgrade plan

结果应该如下

Components that must be upgraded manually after you have upgraded the
control plane with ‘kubeadm upgrade apply’: COMPONENT CURRENT
AVAILABLE Kubelet 3 x v1.16.0 v1.17.2

Upgrade to the latest version in the v1.16 series:

COMPONENT CURRENT AVAILABLE API Server v1.16.0
v1.17.2 Controller Manager v1.16.0 v1.17.2 Scheduler
v1.16.0 v1.17.2 Kube Proxy v1.16.0 v1.17.2 CoreDNS
1.6.2 1.6.5 Etcd 3.3.15 3.4.3-0

You can now apply the upgrade by executing the following command:
kubeadm upgrade apply v1.17.2

kubeadm升级

kubeadm upgrade apply v1.17.2

应该看到如下结果：

[bootstrap-token] configured RBAC rules to allow the csrapprover
controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation
for all node client certificates in the cluster [addons]: Migrating
CoreDNS Corefile [addons] Applied essential addon: CoreDNS [addons]
Applied essential addon: kube-proxy

[upgrade/successful] SUCCESS! Your cluster was upgraded to “v1.17.2”.
Enjoy!

[upgrade/kubelet] Now that your control plane is upgraded, please
proceed with upgrading your kubelets if you haven’t already done so.

解除放空

kubectl uncordon <cp-node-name>

升级kubelet和kubectl

yum install -y kubelet-1.17.2-0 kubectl-1.17.2-0 --disableexcludes=kubernetes

重启kubelet，搞定

sudo systemctl restart kubelet

我实操时有警告，需要执行

systemctl daemon-reload

二. 升级worker节点

安装新版kubeadm

yum install -y kubeadm-1.17.2-0 --disableexcludes=kubernetes

在master节点上放空worker节点

kubectl drain <node-to-drain> --ignore-daemonsets

在worker上执行

kubeadm upgrade node

完成后，升级kubelet和kubectl

yum install -y kubelet-1.17.2-0 kubectl-1.17.2-0 --disableexcludes=kubernetes

重启kubelet，搞定

sudo systemctl restart kubelet

在master节点上解除放空

kubectl uncordon <node-to-drain>

三. 检查结果

在master节点上执行

kubectl get nodes

结果大致如下

NAME STATUS ROLES AGE VERSION
k8smaster1.taihecom Ready master 19h v1.17.2
k8sworker1.taihecom Ready 18h v1.17.2
k8sworker2.taihecom Ready 18h v1.17.2