基本思路就是先切换docker到containerd,然后再升级kubernetes版本就行了,主要就是修改kubelet的参数什么的.
kubectl edit nodes master01
修改
kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
改为
kubeadm.alpha.kubernetes.io/cri-socket: /var/run/containerd/containerd.sock
kubectl drain master01 --ignore-daemonsets
#卸载Docker
systemctl stop kubelet
#暂停docker
systemctl disable docker --now
systemctl disable docker.socket --now
#卸载docker
yum remove docker-ce docker-ce-cli -y
# containerd 1.5.13
yum install -y yum-utils device-mapper-persistent-data lvm2 #安装依赖
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo #添加yum源
yum install containerd -y #安装containerd
containerd config default > /etc/containerd/config.toml #生成配置文件
sed -i 's/k8s.gcr.io\/pause/registry.aliyuncs.com\/google_containers\/pause/g' /etc/containerd/config.toml #替换 containerd 默认的 sand_box 镜像,国内访问不了
修改配置文件:/etc/containerd/config.toml
root为容器存储路径,修改成磁盘空间充足的路径
root = “/data/containerd”
修改containerd镜像加速,
编辑:/etc/containerd/config.toml
在[plugins.“io.containerd.grpc.v1.cri”.registry.mirrors] 行下面加上:
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["q874x9dq.mirror.aliyuncs.com", "https://registry-1.docker.io"]
变为:
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["q874x9dq.mirror.aliyuncs.com", "https://registry-1.docker.io"]
小记未完全测试Shell命令:
sed -i "/.registry.mirrors/a\ [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"docker.io\"]\n endpoint = [\"q874x9dq.mirror.aliyuncs.com\", \"https://registry-1.docker.io\"]\n" /etc/containerd/config.toml
systemctl restart containerd && systemctl enable containerd #启动服务
安装nerdctl
wget https://github.com/containerd/nerdctl/releases/download/v0.20.0/nerdctl-0.20.0-linux-amd64.tar.gz #在https://github.com/containerd/nerdctl/releases自己找
tar Cxzvvf /usr/local/bin nerdctl-0.20.0-linux-amd64.tar.gz
比如Harbor的域名为: core.harbor.domain
如果使用Harbor中的镜像
将Harbor的ca证书放到 /etc/containerd/core.harbor.domain
修改 /etc/containerd/config.toml
vim /etc/containerd/config.toml
#配置endpoint连接地址
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."core.harbor.domain"]
endpoint = ["https://core.harbor.domain"]
#配置ca文件路径和用户名密码
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."core.harbor.domain".tls]
ca_file = "/etc/containerd/core.harbor.domain/ca.crt"
[plugins."io.containerd.grpc.v1.cri".registry.configs."core.harbor.domain".auth]
username = "admin"
password = "Harbor12345"
或者使用如下命令也成
sed -i "/.registry.mirrors]/a\ [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"core.harbor.domain\"]\n endpoint = [\"https://core.harbor.domain\"]\n" /etc/containerd/config.toml
sed -i "/.registry.configs]/a\ [plugins.\"io.containerd.grpc.v1.cri\".registry.configs.\"core.harbor.domain\".tls]\n ca_file = \"/etc/containerd/core.harbor.domain/ca.crt\"\n [plugins.\"io.containerd.grpc.v1.cri\".registry.configs.\"core.harbor.domain\".auth]\n username = \"admin\"\n password = \"Sonli@123\"\n" /etc/containerd/config.toml
修改config后使用如下命令:
#重新加载配置
systemctl daemon-reload
#重启containerd
systemctl restart containerd
crictl pull core.harbor.domain/witparking/spush-in-p2-provider-dev:202210111504_5
KUBELET_EXTRA_ARGS="--container-runtime=remote --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
参数含义:
–container-runtime :指定使用的容器运行时的,可选值为 docker 或者 remote,默认是 docker,除 docker 之外的容器运行时都应该指定为 remote。
–container-runtime-endpoint:是用来指定远程的运行时服务的 endpiont 地址的,在 Linux 系统中一般都是使用 unix 套接字的形式,unix:///run/containerd/containerd.sock。
–image-service-endpoint:指定远程 CRI 的镜像服务地址,如果没有指定则默认使用 --container-runtime-endpoint 的值了,因为 CRI 都会实现容器和镜像服务的。
systemctl daemon-reload
systemctl restart containerd
systemctl restart kubelet
至此已经成功将CRI替换为containerd , 现在进行kubernetes升级即可
yum install -y kubeadm-1.24.6-0 --disableexcludes=kubernetes
kubeadm upgrade apply v1.24.6
yum install -y kubelet-1.24.6-0 kubectl-1.24.6-0 --disableexcludes=kubernetes
删除 --network-plugin=cni
修改后应该是,Node节点没执行 升级命令可能需要完全copy过去
我这边修改完之后应该是这样的: 多数应该差不多
KUBELET_KUBEADM_ARGS=“–container-runtime=remote --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7”
systemctl daemon-reload
systemctl restart kubelet
kubectl uncordon master01
有点什么小问题,就重启下服务器吧