k8s集群升级
前言:
生产环境的k8s为了追求稳定,不能直接安装最新版本,随着新版本功能的稳定,很多新功能是老版本不具备的,这时进行一次稳妥的升级便是一个不错的选择。
以升级k8s集群v1.13.3到v1.14.0为例
升级次序:先升级master,后升级node
升级之前的准备:确保已经备份了etcd数据库与master节点的状态
升级master
安装kubernetes的yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
enabled=1
EOF
yum makecache
yum list --showduplicates kubeadm --disableexcludes=kubernetes
# find the latest 1.14 version in the list
# it should look like 1.14.x-0, where x is the latest patch
安装完yum源后,可以用这个命令来查看相关的安装包:
yum list kubeadm --showduplicates -y | sort -r
或者yum list --showduplicates kubeadm --disableexcludes=kubernetes
安装v1.14.0的kubeadm与kubelet安装包
yum install -y kubeadm-1.14.0-0 kubelet-1.14.0-0 kubectl-1.14.0-0
验证下载的包是否为期望的版本
sudo kubeadm version
期望输出
kubeadm version: &version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.0", GitCommit:"641856db18352033a0d96dbc99153fa3b27298e5", GitTreeState:"clean", BuildDate:"2019-03-25T15:51:21Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/amd64"}
验证集群是否可升级
sudo kubeadm upgrade plan
期望输出
[preflight] Running pre-flight checks.
[upgrade] Making sure the cluster is healthy:
[upgrade/config] Making sure the configuration is correct:
[upgrade/config] Reading configuration from the cluster...
[upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[upgrade] Fetching available versions to upgrade to
[upgrade/versions] Cluster version: v1.13.3
[upgrade/versions] kubeadm version: v1.14.0
Awesome, you're up-to-date! Enjoy!
执行升级
sudo kubeadm upgrade apply v1.14.0
交互界面输入y,确认升级
期望输出
[upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.14.0". Enjoy!
升级kubectl
yum install -y kubectl-1.14.0-0
重启kubelet
sudo systemctl daemon-reload && sudo systemctl restart kubelet
查看升级结果
NAME STATUS ROLES AGE VERSION
k8s-agent Ready <none> 66m v1.13.3
k8s-cp Ready master 69m v1.14.0
升级node
安装kubernetes的yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
enabled=1
EOF
yum makecache
安装v1.14.0的kubeadm与kubelet安装包
yum install -y kubeadm-1.14.0-0 kubelet-1.14.0-0
修改kubelet配置
sudo kubeadm upgrade node config --kubelet-version v1.14.0
升级kubectl
yum install -y kubectl-1.14.0-0
重启kubelet
sudo systemctl daemon-reload && sudo systemctl restart kubelet
查看升级结果
NAME STATUS ROLES AGE VERSION
k8s-agent Ready <none> 70m v1.14.0
k8s-cp Ready master 73m v1.14.0
参考
补充第一点:如果k8s使用的是动态调度,那么在升级node节点之前,应该将其标记为不可用,从集群中剔出:
通过将节点标记为不可调度并删除工作负载,为维护节点做好准备。运行:
kubectl drain $NODE --ignore-daemonsets
你应该看到类似这样的输出:
node/ip-172-31-85-18 cordoned
WARNING: ignoring DaemonSet-managed Pods: kube-system/kube-proxy-dj7d7, kube-system/weave-net-z65qx
node/ip-172-31-85-18 drained
补充第二点:本博客最多可升级至1.15版本,1.15-->1.16版本需要加参数如下
kubeadm upgrade apply v1.16.10 --ignore-preflight-errors=CoreDNSUnsupportedPlugins
补充第三点:离线更新时,不但要下载kubeadm,kubectl,kubelet的安装包,还要在线环境下升级成功所下载的docker镜像,并将其离线上传,才能离线升级成功
在离线安装kubeadm,kubectl,kubelet时,可以用yumdownloader下载,yum install *来安装
安装完离线包之后,可以使用这个来命令查看 kubeadm init 时所需要的组件镜像列表:
kubeadm config images list