K8s集群的升级

方法一：

1.  安装cri-docker（升级的版本是1.24一下的不需要此插件）

[root@node22 ~]# yum install -y  cri-dockerd-0.2.5-3.el7.x86_64.rpm

安装从官网下载的cri插件rpm包

[root@node33 ~]# yum install cri-dockerd-0.2.5-3.el7.x86_64.rpm

[root@node44 ~]# yum install cri-dockerd-0.2.5-3.el7.x86_64.rpm

2. 配置cri-docker

先将镜像上传到私有仓库再进行此步

[root@node22 ~]# vim /usr/lib/systemd/system/cri-docker.service

[Service]

Type=notify

ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --pod-infra-container-image=reg.westos.org/k8s/pause:3.7

[root@node22 ~]# systemctl daemon-reload

[root@node22 ~]# systemctl  enable --now cri-docker

Created symlink from

/etc/systemd/system/multi-user.target.wants/cri-docker.service to

/usr/lib/systemd/system/cri-docker.service.

[root@node33 ~]# vim /usr/lib/systemd/system/cri-docker.service

[root@node33 ~]# systemctl daemon-reload

[root@node33 ~]# systemctl  enable --now cri-docker

Created symlink from

/etc/systemd/system/multi-user.target.wants/cri-docker.service to

/usr/lib/systemd/system/cri-docker.service.

[root@node44 ~]# vim /usr/lib/systemd/system/cri-docker.service

[root@node44 ~]# systemctl daemon-reload

[root@node44 ~]# systemctl  enable --now cri-docker

Created symlink from

/etc/systemd/system/multi-user.target.wants/cri-docker.service to

/usr/lib/systemd/system/cri-docker.service.

3. 安装kubeadm

yum install -y kubeadm-1.24.4-0

[root@node22 ~]# systemctl daemon-reload

[root@node22 ~]# systemctl restart kubelet

systemctl enable --now kubelet

4.执行升级

kubeadm upgrade plan

[root@node22 ~]# kubeadm upgrade apply v1.24.4 --etcd-upgrade=false升级并且不升级etcd

5.腾空节点

[root@node22 ~]# kubectl drain node22 --ignore-daemonsets

node/node22 cordoned

WARNING: ignoring DaemonSet-managed Pods: kube-flannel/kube-flannel-ds-g5vsg, kube-system/kube-proxy-qnzxf, metallb-system/speaker-jkh2b

evicting pod kube-system/coredns-7b56f6bc55-g458w

evicting pod kube-system/coredns-7b56f6bc55-2pwnh

pod/coredns-7b56f6bc55-g458w evicted

pod/coredns-7b56f6bc55-2pwnh evicted

yum install -y kubectl-1.24.4-0 kubelet-1.24.4-0

6.[root@node22 ~]# vim /var/lib/kubelet/kubeadm-flags.env

KUBELET_KUBEADM_ARGS="--container-runtime=remote --container-runtime-endpoint=unix:///var/run/cri-dockerd.sock --pod-infra-container-image=reg.westos.org/k8s/pause:3.7"

[root@node22 ~]# systemctl daemon-reload

[root@node22 ~]# systemctl restart kubelet

7.解除节点保护

[root@node22 ~]# kubectl uncordon node22

node/node22 uncordoned

方法二：

方法二：

1.删除之前版本数据

[root@node22 ~]# kubeadm reset

[root@node22 ~]# iptables -F -t nat

[root@node22 ~]# iptables -F

[root@node22 ~]# ipvsadm -C

[root@node22 ~]# ipvsadm -ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

[root@node22 ~]# kubeadm reset

--cri-socket=unix:///var/run/cri-dockerd.sock

[root@node22 ~]# ipvsadm -C

[root@node22 ~]# iptables -F

[root@node22 ~]# iptables -F

[root@node22 ~]# iptables -F -t nat

2.初始化集群

kubeadm init --pod-network-cidr=10.244.0.0/16

--image-repository=reg.westos.org/k8s --cri-socket=unix:///var/run/cri-dockerd.sock

[root@node22 ~]# kubectl get node

NAME     STATUS   ROLES           AGE   VERSION

node22   Ready    control-plane   57s   v1.24.4

3.部署网络插件

[root@node22 ~]# vim kube-flannel.yml

[root@node22 ~]# kubectl apply -f kube-flannel.yml

namespace/kube-flannel created

clusterrole.rbac.authorization.k8s.io/flannel created

clusterrolebinding.rbac.authorization.k8s.io/flannel created

serviceaccount/flannel created

configmap/kube-flannel-cfg created

daemonset.apps/kube-flannel-ds created

[root@node22 ~]# kubectl get pod -A

NAMESPACE      NAME                             READY   STATUS    RESTARTS   AGE

kube-flannel   kube-flannel-ds-4hh8t            1/1     Running   0          56s

kube-system    coredns-7555f94cb5-f2pff         1/1     Running   0          3m54s

kube-system    coredns-7555f94cb5-ht7sf         1/1     Running   0          3m54s

kube-system    etcd-node22                      1/1     Running   0          4m8s

kube-system    kube-apiserver-node22            1/1     Running   0          4m8s

kube-system    kube-controller-manager-node22   1/1     Running   0          4m9s

kube-system    kube-proxy-jnmhh                 1/1     Running   0          3m54s

kube-system    kube-scheduler-node22            1/1     Running   0          4m8s

1.清除其他主机之前的配置

[root@node33 ~]# kubeadm reset

[root@node44 ~]# kubeadm reset

[root@node33 ~]# iptables -F

[root@node33 ~]# iptables -F -t nat

[root@node33 ~]# ipvsadm -C

[root@node44 ~]# iptables -F

[root@node44 ~]# iptables -F -t nat

[root@node44 ~]# ipvsadm -C

2.升级kubelet

[root@node33 ~]# yum install -y kubeadm-1.24.4-0 kubelet-1.24.4-0 kubectl-1.24.4-0

[root@node44 ~]# yum install -y kubeadm-1.24.4-0 kubelet-1.24.4-0 kubectl-1.24.4-0

3.

[root@node33 ~]# kubeadm join 192.168.0.22:6443 --token 3dpt4s.fzeqt2zeqton80rv --discovery-token-ca-cert-hash sha256:6067f1a4ddac1428a4789dc020fbecd102e9d5cb3b568062e11b4e9dc11259d2  --cri-socket=unix:///var/run/cri-dockerd.sock

[root@node44 ~]# kubeadm join 192.168.0.22:6443 --token 3dpt4s.fzeqt2zeqton80rv --discovery-token-ca-cert-hash sha256:6067f1a4ddac1428a4789dc020fbecd102e9d5cb3b568062e11b4e9dc11259d2  --cri-socket=unix:///var/run/cri-dockerd.sock

[root@node22 ~]# kubectl get node

NAME     STATUS   ROLES           AGE   VERSION

node22   Ready    control-plane   41m   v1.24.4

node33   Ready              18s   v1.24.4

node44   Ready              20s   v1.24.4

[root@node22 ~]# kubectl get pod -A

NAMESPACE      NAME                             READY   STATUS    RESTARTS   AGE

kube-flannel   kube-flannel-ds-4hh8t            1/1     Running   0          39m

kube-flannel   kube-flannel-ds-p5wxp            1/1     Running   0          115s

kube-flannel   kube-flannel-ds-qkvpt            1/1     Running   0          113s

kube-system    coredns-7555f94cb5-f2pff         1/1     Running   0          42m

kube-system    coredns-7555f94cb5-ht7sf         1/1     Running   0          42m

kube-system    etcd-node22                      1/1     Running   0          43m

kube-system    kube-apiserver-node22            1/1     Running   0          43m

kube-system    kube-controller-manager-node22   1/1     Running   0          43m

kube-system    kube-proxy-2dfrx                 1/1     Running   0          113s

kube-system    kube-proxy-6vxxp                 1/1     Running   0          115s

kube-system    kube-proxy-jnmhh                 1/1     Running   0          42m

kube-system    kube-scheduler-node22            1/1     Running   0          43m

 

 

k8s从1.24升级到1.25：

1.升级

[root@node22 ~]# yum install -y kubeadm-1.25.0

[root@node33 ~]# yum install -y kubeadm-1.25.0

[root@node44 ~]# yum install -y kubeadm-1.25.0

2.拉取镜像

[root@node22 ~]# kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers --cri-socket=unix:///var/run/cri-dockerd.sock

[root@node22 ~]# docker images | grep google | awk '{print $1":"$2}' | awk -F/ '{system("docker tag "$0" reg.westos.org/k8s/"$3"")}'

[root@node22 ~]# docker push reg.westos.org/k8s/kube-apiserver:v1.25.0

[root@node22 ~]# docker push reg.westos.org/k8s/kube-scheduler:v1.25.0

[root@node22 ~]# docker push reg.westos.org/k8s/kube-controller-manager:v1.25.0

[root@node22 ~]# docker push reg.westos.org/k8s/kube-proxy:v1.25.0

[root@node22 ~]# docker push reg.westos.org/k8s/pause:3.8

[root@node22 ~]# docker push reg.westos.org/k8s/etcd:3.5.4-0

[root@node22 ~]# docker push reg.westos.org/k8s/coredns:v1.9.3

3.执行升级

[root@node22 ~]# kubeadm upgrade apply v1.25.0

[root@node22 ~]# kubeadm version

kubeadm version: &version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.0", GitCommit:"a866cbe2e5bbaa01cfd5e969aa3e033f3282a8a2", GitTreeState:"clean", BuildDate:"2022-08-23T17:43:25Z", GoVersion:"go1.19", Compiler:"gc", Platform:"linux/amd64"}

[root@node33 ~]# kubeadm upgrade node

[root@node44 ~]# kubeadm upgrade node

4.腾空节点

[root@node22 ~]# kubectl drain node22 --ignore-daemonsets

node/node22 cordoned

WARNING: ignoring DaemonSet-managed Pods: kube-flannel/kube-flannel-ds-4hh8t, kube-system/kube-proxy-nqx9m

evicting pod kube-system/coredns-7555f94cb5-f2pff

pod/coredns-7555f94cb5-f2pff evicted

node/node22 drained

[root@node22 ~]# kubectl get node

NAME     STATUS                     ROLES           AGE   VERSION

node22   Ready,SchedulingDisabled   control-plane   91m   v1.24.4

node33   Ready                                50m   v1.24.4

node44   Ready                                50m   v1.24.4

[root@node22 ~]# kubectl drain node33 --ignore-daemonsets

[root@node22 ~]# kubectl drain node44 --ignore-daemonsets

5.升级

[root@node22 ~]# yum install -y kubelet-1.25.0-0 kubectl-1.25.0-0

[root@node33 ~]# yum install -y kubelet-1.25.0-0 kubectl-1.25.0-0

[root@node44 ~]# yum install -y kubelet-1.25.0-0 kubectl-1.25.0-0

[root@node22 ~]# systemctl daemon-reload

[root@node22 ~]# systemctl restart kubelet.service

[root@node33 ~]# systemctl daemon-reload

[root@node33 ~]# systemctl restart kubelet.service

[root@node44 ~]# systemctl daemon-reload

[root@node44 ~]# systemctl restart kubelet.service

6.解除节点保护

[root@node22 ~]# kubectl uncordon node22

node/node22 uncordoned

[root@node22 ~]# kubectl get node

NAME     STATUS     ROLES           AGE     VERSION

node22   Ready      control-plane   3h18m   v1.25.0

node33   Ready             157m    v1.24.4

node44   Ready             157m    v1.24.4

[root@node22 ~]# kubectl uncordon node33

[root@node22 ~]# kubectl uncordon node44