kubeadm搭建的k8s集群升级
kubeadm搭建的k8s集群升级
- 一. 更新集群
- 1.1 查看集群配置信息
- 1.2 保存信息并修改
- 1.3 然后更新 kubeadm:
- 1.4 执行 upgrade plan 命令查看是否可以升级:
- 1.5 我们可以先使用 dry-run 命令查看升级信息:
- 1.6 查看了上面的升级信息确认无误后就可以执行升级操作了:
- 二. 更新 kubelet
- 2.1 这个时候我们去手动更新下 kubelet:
- 2.2 最后看下升级后的集群:
由于课程中的集群版本是 v1.10.0,这个版本相对有点旧了,最新版本都已经 v1.14.x 了,为了尽量保证课程内容的更新度,所以我们需要将集群版本更新。我们的集群是使用的 kubeadm 搭建的,我们知道使用 kubeadm 搭建的集群来更新是非常方便的,但是由于我们这里版本跨度太大,不能直接从 1.10.x 更新到 1.14.x,kubeadm 的更新是不支持跨多个主版本的,所以我们现在是 1.10,只能更新到 1.11 版本了,然后再重 1.11 更新到 1.12… 不过版本更新的方式方法基本上都是一样的,所以后面要更新的话也挺简单了,下面我们就先将集群更新到 v1.11.0 版本。
一. 更新集群
1.1 查看集群配置信息
[root@master master]# kubeadm config view
api:
advertiseAddress: 192.168.2.27
bindPort: 6443
controlPlaneEndpoint: ""
auditPolicy:
logDir: /var/log/kubernetes/audit
logMaxAge: 2
path: ""
authorizationModes:
- Node
- RBAC
certificatesDir: /etc/kubernetes/pki
cloudProvider: ""
criSocket: /var/run/dockershim.sock
etcd:
caFile: ""
certFile: ""
dataDir: /var/lib/etcd
endpoints: null
image: ""
keyFile: ""
imageRepository: k8s.gcr.io
kubeProxy:
config:
bindAddress: 0.0.0.0
clientConnection:
acceptContentTypes: ""
burst: 10
contentType: application/vnd.kubernetes.protobuf
kubeconfig: /var/lib/kube-proxy/kubeconfig.conf
qps: 5
clusterCIDR: 10.244.0.0/16
configSyncPeriod: 15m0s
conntrack:
max: null
maxPerCore: 32768
min: 131072
tcpCloseWaitTimeout: 1h0m0s
tcpEstablishedTimeout: 24h0m0s
enableProfiling: false
healthzBindAddress: 0.0.0.0:10256
hostnameOverride: ""
iptables:
masqueradeAll: false
masqueradeBit: 14
minSyncPeriod: 0s
syncPeriod: 30s
ipvs:
minSyncPeriod: 0s
scheduler: ""
syncPeriod: 30s
metricsBindAddress: 127.0.0.1:10249
mode: ""
nodePortAddresses: null
oomScoreAdj: -999
portRange: ""
resourceContainer: /kube-proxy
udpIdleTimeout: 250ms
kubeletConfiguration: {}
kubernetesVersion: v1.10.0
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
nodeName: master
privilegedPods: false
token: ""
tokenGroups:
- system:bootstrappers:kubeadm:default-node-token
tokenTTL: 24h0m0s
tokenUsages:
- signing
- authentication
unifiedControlPlaneImage: ""
每次升级这里信息都不一样
1.2 保存信息并修改
[root@master master]# vi kubeadm-config.yaml
# 复制上面的信息
将上面的imageRepository值更改为:gcr.azk8s.cn/google_containers,然后保存内容到文件 kubeadm-config.yaml 中(当然如果你的集群可以获取到 grc.io 的镜像可以不用更改)。
1.3 然后更新 kubeadm:
$ yum makecache fast && yum install -y kubeadm-1.11.0-0 kubectl-1.11.0-0
$ kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.0", GitCommit:"91e7b4fd31fcd3d5f436da26c980becec37ceefe", GitTreeState:"clean", BuildDate:"2018-06-27T20:14:41Z", GoVersion:"go1.10.2", Compiler:"gc", Platform:"linux/amd64"}
因为 kubeadm upgrade plan 命令执行过程中会去 dl.k8s.io 获取版本信息,这个地址是需要科学方法才能访问的,所以我们可以先将 kubeadm 更新到目标版本,然后就可以查看到目标版本升级的一些信息了。
1.4 执行 upgrade plan 命令查看是否可以升级:
$ kubeadm upgrade plan
[preflight] Running pre-flight checks.
[upgrade] Making sure the cluster is healthy:
[upgrade/config] Making sure the configuration is correct:
[upgrade/config] Reading configuration from the cluster...
[upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
I0518 18:50:12.844665 9676 feature_gate.go:230] feature gates: &{map[]}
[upgrade] Fetching available versions to upgrade to
[upgrade/versions] Cluster version: v1.10.0
[upgrade/versions] kubeadm version: v1.11.0
[upgrade/versions] WARNING: Couldn't fetch latest stable version from the internet: unable to get URL "https://dl.k8s.io/release/stable.txt": Get https://dl.k8s.io/release/stable.txt: dial tcp 35.201.71.162:443: i/o timeout
[upgrade/versions] WARNING: Falling back to current kubeadm version as latest stable version
[upgrade/versions] WARNING: Couldn't fetch latest version in the v1.10 series from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.10.txt": Get https://dl.k8s.io/release/stable-1.10.txt: dial tcp 35.201.71.162:443: i/o timeout
Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply':
COMPONENT CURRENT AVAILABLE
Kubelet 3 x v1.10.0 v1.11.0
Upgrade to the latest stable version:
COMPONENT CURRENT AVAILABLE
API Server v1.10.0 v1.11.0
Controller Manager v1.10.0 v1.11.0
Scheduler v1.10.0 v1.11.0
Kube Proxy v1.10.0 v1.11.0
CoreDNS 1.1.3
Kube DNS 1.14.8
Etcd 3.1.12 3.2.18
You can now apply the upgrade by executing the following command:
kubeadm upgrade apply v1.11.0
_____________________________________________________________________
1.5 我们可以先使用 dry-run 命令查看升级信息:
[root@master master]# kubeadm upgrade apply v1.11.0 --config kubeadm-config.yaml --dry-run
...
[dryrun] Finished dryrunning successfully!
注意要通过
--config指定上面保存的配置文件,该配置文件信息包含了上一个版本的集群信息以及修改搞得镜像地址。
1.6 查看了上面的升级信息确认无误后就可以执行升级操作了:
[root@master master]# kubeadm upgrade apply v1.11.0 --config kubeadm-config.yaml
隔一段时间看到如下信息就证明集群升级成功了:
[upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.11.0". Enjoy!
[upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven't already done so.
由于上面我们已经更新过 kubectl 了,现在我们用 kubectl 来查看下版本信息:
[root@master master]# kubectl version
Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.0", GitCommit:"91e7b4fd31fcd3d5f436da26c980becec37ceefe", GitTreeState:"clean", BuildDate:"2018-06-27T20:17:28Z", GoVersion:"go1.10.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.0", GitCommit:"91e7b4fd31fcd3d5f436da26c980becec37ceefe", GitTreeState:"clean", BuildDate:"2018-06-27T20:08:34Z", GoVersion:"go1.10.2", Compiler:"gc", Platform:"linux/amd64"}
可以看到现在 Server 端和 Client 端都已经是 v1.11.0 版本了,然后查看下 Pod 信息:
[root@master master]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7f6746b7f-6vzw4 1/1 Running 0 3m
coredns-7f6746b7f-h8q72 1/1 Running 0 3m
etcd-master 1/1 Running 0 5m
kube-apiserver-master 1/1 Running 0 4m
kube-controller-manager-master 1/1 Running 0 4m
kube-flannel-ds-amd64-9kmxx 1/1 Running 2 1d
kube-flannel-ds-amd64-bzbf5 1/1 Running 8 1d
kube-flannel-ds-amd64-kk6x9 1/1 Running 1 1d
kube-proxy-dggc5 1/1 Running 0 2m
kube-proxy-g9d9q 1/1 Running 0 3m
kube-proxy-q5kfk 1/1 Running 0 2m
kube-scheduler-master 1/1 Running 0 4m
kubernetes-dashboard-7d5dcdb6d9-v8qft 1/1 Running 2 1d
traefik-ingress-controller-57c4f787d9-gdjk6 1/1 Running 0 2h
二. 更新 kubelet
可以看到我们之前的 kube-dns 服务已经被 coredns 取代了,这是因为在 v1.11.0 版本后就默认使用 coredns 了,我们也可以访问下集群中的服务看是否有影响,然后查看下集群的 Node 信息:
[root@master master]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 1d v1.10.0
node1 Ready 1d v1.10.0
node2 Ready 1d v1.10.0
可以看到版本并没有更新,这是因为节点上的 kubelet 还没有更新的,我们可以通过 kubelet 查看下版本:
[root@master master]# kubelet --version
Kubernetes v1.10.0
2.1 这个时候我们去手动更新下 kubelet:
[root@master master]# yum install -y kubelet-1.11.0-0
...
# 安装完成后查看下版本
[root@master master]# kubelet --version
Kubernetes v1.11.0
# 然后重启 kubelet 服务
[root@master master]# systemctl daemon-reload && systemctl restart kubelet
# 查看节点发现错误
[root@master master]# kubectl get nodes
No resources found.
The connection to the server 192.168.2.27:6443 was refused - did you specify the right host or port?
注意事项:(上面的错误是因为下面第二个问题导致的)
- 如果节点上
swap没有关掉重启 kubelet 服务会报错,所以最好是关掉 swap,执行命令:swapoff -a即可。 1.11.0版本的kubelet默认使用的pod-infra-container-image镜像名称为:k8s.gcr.io/pause:3.1,所以最好先提前查看下集群节点上是否有这个镜像,因为我们之前1.10.0版本的集群默认的名字为k8s.gcr.io/pause-amd64:3.1,所以如果节点上还是之前的pause镜像的话,需要先重新打下镜像 tag:
[root@master master]# docker tag k8s.gcr.io/pause-amd64:3.1 k8s.gcr.io/pause:3.1
没有的话可以提前下载到节点上也可以通过配置参数进行指定,在文件/var/lib/kubelet/kubeadm-flags.env中添加如下参数信息:
[root@master master]# vim /var/lib/kubelet/kubeadm-flags.env
# 修改为
KUBELET_KUBEADM_ARGS=--cgroup-driver=cgroupfs --cni-bin-dir=/opt/cni/bin --cni-conf-dir=/etc/cni/net.d --network-plugin=cni --pod-infra-container-image=cnych/pause-amd64:3.1
可以看到我们更新了 kubelet 的节点版本信息已经更新了,同样的方式去把另外两个node节点 kubelet 更新即可。
另外需要注意的是最好在节点上的 kubelet 更新之前将节点设置为不可调度,更新完成后再设置回来,可以避免不必要的错误。
2.2 最后看下升级后的集群:
[root@master master]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 2d v1.11.0
node1 Ready 2d v1.11.0
node2 Ready 2d v1.11.0
到这里我们的集群就升级成功了,我们可以用同样的方法将集群升级到 v1.12.x、v1.13.x、v1.14.x 版本,而且升级过程中是不会影响到现有业务的。
v1.13.x升级v1.14.x 如果报错,参考
https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-14/