目录[-]
参考:
- 1、https://www.cnblogs.com/dukuan/p/10071204.html
- 2、https://my.oschina.net/u/2306127/blog/3017558?from=timeline&isappinstalled=0
一、任务
- 1、将kubeadm升级到1.13.4
- 2、kubernetes 从“1.13.3版本”升级到“1.13.4版本”
- 3、暂停要升级的节点的调度,将kubelet升级到1.13.4
注意: 升级之后所有的containers会重启,因为hash值会变; 不可跨大版本升级;注意Kubernetes 1.13.4版本已经支持最新的Docker 18.09.3;
二、升级kuberadm(各个节点)
配置国内yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
查找可更新的kubeadm版本
$ yum list updates | grep 'kubeadm'
kubeadm.x86_64 1.13.4-0 kubernetes
kubeadm中包含kuberctl,所以kubectl不用升级
升级kubeadm版本
$ yum install -y kubeadm-1.13.4-0
三、拉取相关镜像(master节点)
查看该版本的容器镜像版本:
$ kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.13.4
k8s.gcr.io/kube-controller-manager:v1.13.4
k8s.gcr.io/kube-scheduler:v1.13.4
k8s.gcr.io/kube-proxy:v1.13.4
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.2.24
k8s.gcr.io/coredns:1.2.6
设置拉取的镜像
如果不能从官方拉取镜像,可以选择国内镜像仓库下载
阿里云的镜像仓库可以下载相关容器,执行下面命令拉取镜像。
MY_REGISTRY=registry.aliyuncs.com/google_containers
## 拉取镜像
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.13.4
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.13.4
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.13.4
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.13.4
docker pull ${MY_REGISTRY}/k8s-gcr-io-etcd:3.3.10
docker pull ${MY_REGISTRY}/k8s-gcr-io-pause:3.1
docker pull ${MY_REGISTRY}/k8s-gcr-io-coredns:1.3.6
## 添加Tag
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.13.4 k8s.gcr.io/kube-apiserver:v1.13.4
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.13.4 k8s.gcr.io/kube-scheduler:v1.13.4
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.13.4 k8s.gcr.io/kube-controller-manager:v1.13.4
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.13.4 k8s.gcr.io/kube-proxy:v1.13.4
docker tag ${MY_REGISTRY}/k8s-gcr-io-etcd:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag ${MY_REGISTRY}/k8s-gcr-io-pause:3.1 k8s.gcr.io/pause:3.1
docker tag ${MY_REGISTRY}/k8s-gcr-io-coredns:1.2.6 k8s.gcr.io/coredns:1.2.6
四、检测kubernetes新版本
此命令检查您的群集是否可以升级,并获取可以升级到的版本。
kubeadm upgrade plan
显示:
[preflight] Running pre-flight checks.
[upgrade] Making sure the cluster is healthy:
[upgrade/config] Making sure the configuration is correct:
[upgrade/config] Reading configuration from the cluster...
[upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[upgrade] Fetching available versions to upgrade to
[upgrade/versions] Cluster version: v1.13.3
[upgrade/versions] kubeadm version: v1.13.4
I0316 13:06:25.721868 10166 version.go:94] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable.txt": Get https://storage.googleapis.com/kubernetes-release/release/stable.txt: net/http: request canceled (Client.Timeout exceeded while awaiting headers)
I0316 13:06:25.721890 10166 version.go:95] falling back to the local client version: v1.13.4
[upgrade/versions] Latest stable version: v1.13.4
[upgrade/versions] Latest version in the v1.13 series: v1.13.4
Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply':
COMPONENT CURRENT AVAILABLE
Kubelet 5 x v1.13.3 v1.13.4
Upgrade to the latest version in the v1.13 series:
COMPONENT CURRENT AVAILABLE
API Server v1.13.3 v1.13.4
Controller Manager v1.13.3 v1.13.4
Scheduler v1.13.3 v1.13.4
Kube Proxy v1.13.3 v1.13.4
CoreDNS 1.2.6 1.2.6
Etcd 3.2.24 3.2.24
You can now apply the upgrade by executing the following command:
kubeadm upgrade apply v1.13.4
_____________________________________________________________________
可以看到所依赖的各个软件可以升级的版本,当前可以升级到“v1.13.4版本”
五、升级kubernetes版本(master节点)
查看各个节点信息
$ kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k8s-master-01 Ready master 2d v1.13.3 192.168.2.11 <none> CentOS Linux 7 (Core) 3.10.0-957.1.3.el7.x86_64 docker://18.6.1
k8s-master-02 Ready master 2d v1.13.3 192.168.2.12 <none> CentOS Linux 7 (Core) 3.10.0-957.1.3.el7.x86_64 docker://18.6.1
k8s-master-03 Ready master 2d v1.13.3 192.168.2.13 <none> CentOS Linux 7 (Core) 3.10.0-957.1.3.el7.x86_64 docker://18.6.1
k8s-node-01 Ready <none> 2d v1.13.3 192.168.2.21 <none> CentOS Linux 7 (Core) 3.10.0-957.1.3.el7.x86_64 docker://18.6.1
k8s-node-02 Ready <none> 2d v1.13.3 192.168.2.22 <none> CentOS Linux 7 (Core) 3.10.0-957.1.3.el7.x86_64 docker://18.6.1
升级kubernetes
通过kubeadm升级kubernetes版本
kubeadm upgrade apply v1.13.4
显示如下则成功:
[upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.13.4". Enjoy!
[upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven't already done so.
kubeadm upgrade apply 将执行下列步骤:
- 检查集群是否处于可升级状态,包括:
- API Server 是否可达
- 所有节点是否均处于 Ready 状态
- 控制平面处于健康状态
- 强制启用版本偏移策略(version skew policy)。 保证控制平面的镜像可用或可以拉取到机器上。
- 升级控制平面组件,如果任何一个组件失败,则对升级操作进行回退。
- 应用新的 kube-dns 和 kube-proxy 清单文件并严格保证创建了所有必要的 RBAC 规则。
使用 kubectl version 来查看状态和 kubectl cluster-info 查看服务地址
六、升级kubelet(各个节点)
为了避免升级时候有新的任务进入工作节点,这里设置调度不执行任何任务。如果Master默认就是不会执行任何任务调度,则master直接更新kubectl,不用禁用调度。
设置不可调度
准备节点以进行维护,方便升级kubelet,将其标记为不可调度:
# 这里只举例 k8s-master-01 机器,其它类似
$ kubectl drain k8s-master-01 --ignore-daemonsets
升级kubelet
查找可用的升级包
$ yum list updates | grep 'kubelet'
kubelet.x86_64 1.13.4-0 kubernetes
升级kubelet
$ yum install -y kubelet-1.13.4-0
在 master 节点上执行这个命令时,预计会出现下面这个错误,该错误是可以安全忽略的(因为 master 节点上有 static pod 运行):
node "master" already cordoned
error: pods not managed by ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet (use --force to override): etcd-kubeadm, kube-apiserver-kubeadm, kube-controller-manager-kubeadm, kube-scheduler-kubeadm
重启全部kubelet
# 重新加载系统配置
$ systemctl daemon-reload
# 重启kubelet
$ systemctl restart kubelet
# 查看kubelet状态
$ systemctl status kubelet
设置可调度
将节点标记为可调度(schedulable),使其重新上线:
$ kubectl uncordon k8s-master-01
查看版本是否升级成功
在对集群中所有节点的 kubelet 进行升级之后,请执行以下命令,以确认所有节点又重新变为可用状态
$ kubectl get nodes -o wide
显示:
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k8s-master-01 Ready master 2d9h v1.13.4 192.168.2.11 <none> CentOS Linux 7 (Core) 3.10.0-957.1.3.el7.x86_64 docker://18.6.1
k8s-master-02 Ready master 2d9h v1.13.4 192.168.2.12 <none> CentOS Linux 7 (Core) 3.10.0-957.1.3.el7.x86_64 docker://18.6.1
k8s-master-03 Ready master 2d9h v1.13.4 192.168.2.13 <none> CentOS Linux 7 (Core) 3.10.0-957.1.3.el7.x86_64 docker://18.6.1
k8s-node-01 Ready <none> 2d9h v1.13.4 192.168.2.21 <none> CentOS Linux 7 (Core) 3.10.0-957.1.3.el7.x86_64 docker://18.6.1
k8s-node-02 Ready <none> 2d9h v1.13.4 192.168.2.22 <none> CentOS Linux 7 (Core) 3.10.0-957.1.3.el7.x86_64 docker://18.6.1
可以看到已经升级到1.13.4
七、从故障状态恢复
如果 kubeadm upgrade 因某些原因失败并且不能回退(例如:执行过程中意外的关闭了节点实例),您可以再次运行 kubeadm upgrade,因为其具有幂等性,所以最终应该能够保证集群的实际状态就是您声明的所需状态。
您可以在使用 kubeadm upgrade 命令时带上 –force 来忽略某些启动时候的错误 参集群,使其从故障状态恢复。
kubeadm upgrade --force