1.master节点升级
1.1设置master节点不可调度并驱逐pod
kubectl cordon node1
#输出
[root@node1 ~]# kubectl cordon node1
node/node1 already cordoned
kubectl drain node1 --delete-local-data --ignore-daemonsets
#输出
[root@node1 ~]# kubectl drain node1 --delete-local-data --ignore-daemonsets
Flag --delete-local-data has been deprecated, This option is deprecated and will be deleted. Use --delete-emptydir-data.
node/node1 cordoned
WARNING: ignoring DaemonSet-managed Pods: kube-flannel/kube-flannel-ds-fl6pd, kube-system/kube-proxy-w4474, kuboard/kuboard-etcd-fnq58
evicting pod kuboard/kuboard-v3-5fc46b5557-28fcm
evicting pod kuboard/kuboard-agent-2-7cf4587dc6-x7zgs
evicting pod kuboard/kuboard-agent-584f944c68-tmc8j
evicting pod kuboard/kuboard-questdb-545685fbd5-d9w5z
pod/kuboard-v3-5fc46b5557-28fcm evicted
pod/kuboard-agent-2-7cf4587dc6-x7zgs evicted
pod/kuboard-agent-584f944c68-tmc8j evicted
pod/kuboard-questdb-545685fbd5-d9w5z evicted
node/node1 drained
1.2 关闭并卸载docker
#关闭docker服务
systemctl stop docker
#取消docker服务开机自启动
systemctl disable docker
#删除docker软件
yum remove docker-ce -y
1.3 安装containerd及crictl工具
#下载相应版本的crictl工具
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.2/crictl-v1.24.2-linux-amd64.tar.gz
#解压crictl压缩包
tar -zxvf crictl-v1.24.2-linux-amd64.tar.gz -C /usr/local/bin/
#赋予执行权限
chmod 755 /usr/local/bin/crictl
#安装containerd服务
yum install containerd.io -y
#配置runtime
crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock
#生成初始配置文件
containerd config default > /etc/containerd/config.toml
#修改上步生成的配置文件
#修改其中的mirror加速地址
[plugins."io.containerd.grpc.v1.cri".registry.mirrors] 修改为如下
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://it0gnjvg.mirror.aliyuncs.com"]
sandbox_image = "k8s.gcr.io/pause:3.6" # 找到此选项并且修改为: registry.aliyuncs.com/google_containers/pause:3.6
SystemdCgroup = true # Cgroup改为tre
runtime_type = "io.containerd.runtime.v1.linux" # 修改为io.containerd.runtime.v1.linux
#配置ip转发
cat <<EOF | tee /etc/modules-load.d/kubernetes1.24.conf
overlay
br_netfilter
EOF
cat <<EOF | tee /etc/sysctl.d/kubernetes1.24-forsys.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
#生效配置
modprobe br_netfilter
sysctl --system
systemctl enable containerd
systemctl restart containerd
1.4 kubelet配置修改
cat /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--container-runtime=remote --runtime-request-timeout=5m --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
#重启kubelet服务
systemctl restart kubelet
#验证master状态-查看最后一列的CONTAINER-RUNTIME状态
[root@node1 modules-load.d]# kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
node1 Ready,SchedulingDisabled control-plane,master 4h29m v1.23.17 192.168.1.200 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.28
node2 Ready <none> 4h27m v1.23.17 192.168.1.201 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 docker://19.3.9
node3 Ready <none> 4h27m v1.23.17 192.168.1.202 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 docker://19.3.9
#恢复master节点为可调度
kubectl uncordon node1
[root@node1 modules-load.d]# kubectl uncordon node1
node/node1 uncordoned
[root@node1 modules-load.d]#
[root@node1 modules-load.d]#
[root@node1 modules-load.d]# kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
node1 Ready control-plane,master 4h30m v1.23.17 192.168.1.200 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.28
node2 Ready <none> 4h29m v1.23.17 192.168.1.201 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 docker://19.3.9
node3 Ready <none> 4h29m v1.23.17 192.168.1.202 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 docker://19.3.9
2. worker节点升级-node1
设置worker节点不可调度并驱逐pod
kubectl cordon node2
kubectl drain node2 --delete-local-data --ignore-daemonsets
2.2 关闭并卸载docker
#关闭docker服务
systemctl stop docker
#取消docker服务开机自启动
systemctl disable docker
#删除docker软件
yum remove docker-ce -y
2.3安装containerd及crictl工具–参照1.3章节
2.4 kubelet配置修改–参照1.4章节
#验证状态
[root@node1 modules-load.d]# kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
node1 Ready control-plane,master 4h43m v1.23.17 192.168.1.200 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.28
node2 Ready <none> 4h41m v1.23.17 192.168.1.201 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.28
node3 Ready,SchedulingDisabled <none> 4h41m v1.23.17 192.168.1.202 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 docker://19.3.9
3. worker节点升级-node2
3.1设置worker节点不可调度并驱逐pod
kubectl cordon node3
kubectl drain node3 --delete-local-data --ignore-daemonsets
3.2 关闭并卸载docker
#关闭docker服务
systemctl stop docker
#取消docker服务开机自启动
systemctl disable docker
#删除docker软件
yum remove docker-ce -y
3.3安装containerd及crictl工具–参照1.3章节
3.4 kubelet配置修改–参照1.4章节
#查看状态
[root@node1 modules-load.d]# kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
node1 Ready control-plane,master 4h48m v1.23.17 192.168.1.200 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.28
node2 Ready <none> 4h46m v1.23.17 192.168.1.201 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.28
node3 Ready <none> 4h46m v1.23.17 192.168.1.202 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.28
#通过查看最后一列,3台机器均已更新完毕