1、权限控制RBAC
kubectl config use-context k8s
kubectl create clusterrole deployment-clusterrole --verb=create --resource=deployment,statefulset,daemonset
kubectl create serviceaccount cicd-token -n app-team1
kubectl -n app-team1 create rolebinding cicd-clusterrole --clusterrole=deployment-clusterrole --serviceaccount=app-team1:cicd-token
2、设置节点不可用并清空pod
kubectl config use-context ek8s
kubectl drain ek8s-node-1 --ignore-daemonsets --delete-local-data --force
kubectl get nodes
3、升级 kubeadm
切换集群,查看节点版本,排空要升级的节点
kubectl config use-context mk8s
kubectl get nodes
kubectl drain mk8s-master-0 --ignore-daemonsets
登录要升级的控制节点,并使用root权限
ssh mk8s-master-0
sudo -i
升级kubeadm到指定版本,并验证
apt-mark unhold kubeadm 可省略
apt install -y kubeadm=1.20.1-00
apt-mark hold kubeadm 可省略
kubeadm version
升级控制组件到指定版本,注意禁止etcd升级
kubeadm upgrade plan
kubeadm upgrade apply v1.20.1 --etcd-upgrade=false
升级 kubelet 和 kubectl ,注意重载kubelet
apt-mark unhold kubectl kubelet 可省略
apt install -y kubelet=1.20.1-00 kubectl=1.20.1-00
apt-mark hold kubeadm kubectl kubelet 可省略
systemctl daemon-reload
systemctl restart kubelet
exit
exit
kubectl uncordon mk8s-master-0
kubectl get nodes
4.备份还原 etcd
参考网页:为 Kubernetes 运行 etcd 集群—安全通信
注意:检查是否回到 student@node-1
备份
ETCD