k8s1.24升级为1.28 （二进制）

https://blog.csdn.net/lzb348110175/article/details/133807069
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.28.md  
下载  kubernetes-server-linux-amd64.tar.gz

···

```bash
1.24  
[root@k8s-node1 server]# cat /usr/lib/systemd/system/kubelet.service-bak
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/kubernetes/kubernetes
After=docker.service
Requires=docker.service

[Service]
WorkingDirectory=/data/kubernetes/kubelet
ExecStart=/data/kubernetes/kubernetes/server/bin/kubelet \
  --bootstrap-kubeconfig=/data/SSL/k8s/kubelet-bootstrap.kubeconfig \
  --cert-dir=/data/SSL/k8s \
  --kubeconfig=/data/kubernetes/cfg/kubelet.kubeconfig \
  --config=/data/SSL/k8s/kubelet.json \
  --cni-bin-dir=/opt/cni/bin \
  --cni-conf-dir=/etc/cni/net.d \
  --container-runtime=remote \
  --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
  --network-plugin=cni \
  --rotate-certificates \
  --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.2 \
  --root-dir=/etc/cni/net.d \
  --alsologtostderr=true \
  --logtostderr=false \
  --log-dir=/var/log/kubernetes \
  --v=2
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target



1.28
[root@k8s-node1 server]# cat /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/kubernetes/kubernetes
After=docker.service
Requires=docker.service

[Service]
WorkingDirectory=/data/kubernetes/kubelet
ExecStart=/data/kubernetes/kubernetes/server/bin/kubelet \
  --bootstrap-kubeconfig=/data/SSL/k8s/kubelet-bootstrap.kubeconfig \
  --cert-dir=/data/SSL/k8s \
  --kubeconfig=/data/kubernetes/cfg/kubelet.kubeconfig \
  --config=/data/SSL/k8s/kubelet.json \
  --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
  --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.2 \
  --root-dir=/etc/cni/net.d \
   --node-labels=node.kubernetes.io/node= \
  --v=2
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

1.24
[root@k8s-node1 server]# cat /usr/lib/systemd/system/kube-proxy.service-bak
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/kubernetes/kubernetes
After=network.target

[Service]
WorkingDirectory=/data/kubernetes/kube-proxy
ExecStart=/data/kubernetes/kubernetes/server/bin/kube-proxy \
  --config=/data/SSL/k8s/kube-proxy.yaml \
  --alsologtostderr=true \
  --logtostderr=false \
  --log-dir=/data/kubernetes/logs \
  --v=2
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

1.28
首先 要安装  yum install conntrack

[root@k8s-node1 server]# cat /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/kubernetes/kubernetes
After=network.target

[Service]
WorkingDirectory=/data/kubernetes/kube-proxy
ExecStart=/data/kubernetes/kubernetes/server/bin/kube-proxy \
  --config=/data/SSL/k8s/kube-proxy.yaml \
  --v=2
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

[root@k8s-master1 system]# cat kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/data/kubernetes/cfg/kube-apiserver.conf
ExecStart=/data/kubernetes/kubernetes/server/bin/kube-apiserver $KUBE_APISERVER_OPTS

Restart=on-failure

[Install]
WantedBy=multi-user.target
[root@k8s-master1 system]# cat kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/data/kubernetes/cfg/kube-scheduler.conf
ExecStart=/data/kubernetes/kubernetes/server/bin/kube-scheduler $KUBE_SCHEDULER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
[root@k8s-master1 system]# cat kube-
kube-apiserver.service           kube-controller-manager.service  kube-proxy.service               kube-scheduler.service
[root@k8s-master1 system]# cat kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/data/kubernetes/cfg/kube-controller-manager.conf
ExecStart=/data/kubernetes/kubernetes/server/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target

[root@k8s-master1 cfg]# vim kube-apiserver.conf


KUBE_APISERVER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/data/kubernetes/logs \
--etcd-servers=https://192.168.10.6:2379,https://192.168.10.7:2379,https://192.168.10.8:2379 \
--bind-address=192.168.10.6 \
--secure-port=6443 \
--advertise-address=192.168.10.6 \
--allow-privileged=true \
--service-cluster-ip-range=10.0.0.0/24 \
--enable-admission-plugins=NodeRestriction \
--authorization-mode=RBAC,Node \
--enable-bootstrap-token-auth=true \
--token-auth-file=/data/kubernetes/cfg/token.csv \
--service-node-port-range=30000-32767 \
--kubelet-client-certificate=/data/SSL/k8s/server.pem \
--kubelet-client-key=/data/SSL/k8s/server-key.pem \
--tls-cert-file=/data/SSL/k8s/server.pem  \
--tls-private-key-file=/data/SSL/k8s/server-key.pem \
--client-ca-file=/data/SSL/k8s/ca.pem \
--service-account-key-file=/data/SSL/k8s/ca-key.pem \
--service-account-issuer=api \
--service-account-signing-key-file=/data/SSL/k8s/ca-key.pem \
--etcd-cafile=/data/SSL/etcd/ca.pem \
--etcd-certfile=/data/SSL/etcd/server.pem \
--etcd-keyfile=/data/SSL/etcd/server-key.pem \
--requestheader-client-ca-file=/data/SSL/k8s/ca.pem \
--proxy-client-cert-file=/data/SSL/k8s/server.pem \
--proxy-client-key-file=/data/SSL/k8s/server-key.pem \
--requestheader-allowed-names=kubernetes \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--enable-aggregator-routing=true \
--audit-log-maxage=30 \
--audit-log-maxbackup=3 \
--audit-log-maxsize=100 \
--audit-log-path=/data/kubernetes/logs/k8s-audit.log"


1.28

KUBE_APISERVER_OPTS="--v=2 \
--etcd-servers=https://192.168.10.6:2379,https://192.168.10.7:2379,https://192.168.10.8:2379 \
--bind-address=192.168.10.6 \
--secure-port=6443 \
--advertise-address=192.168.10.6 \
--allow-privileged=true \
--service-cluster-ip-range=10.0.0.0/24 \
--enable-admission-plugins=NodeRestriction \
--authorization-mode=RBAC,Node \
--enable-bootstrap-token-auth=true \
--token-auth-file=/data/kubernetes/cfg/token.csv \
--service-node-port-range=30000-32767 \
--kubelet-client-certificate=/data/SSL/k8s/server.pem \
--kubelet-client-key=/data/SSL/k8s/server-key.pem \
--tls-cert-file=/data/SSL/k8s/server.pem  \
--tls-private-key-file=/data/SSL/k8s/server-key.pem \
--client-ca-file=/data/SSL/k8s/ca.pem \
--service-account-key-file=/data/SSL/k8s/ca-key.pem \
--service-account-issuer=api \
--service-account-signing-key-file=/data/SSL/k8s/ca-key.pem \
--etcd-cafile=/data/SSL/etcd/ca.pem \
--etcd-certfile=/data/SSL/etcd/server.pem \
--etcd-keyfile=/data/SSL/etcd/server-key.pem \
--requestheader-client-ca-file=/data/SSL/k8s/ca.pem \
--proxy-client-cert-file=/data/SSL/k8s/server.pem \
--proxy-client-key-file=/data/SSL/k8s/server-key.pem \
--requestheader-allowed-names=kubernetes \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--enable-aggregator-routing=true \
--audit-log-maxage=30 \
--audit-log-maxbackup=3 \
--audit-log-maxsize=100 \
--audit-log-path=/data/kubernetes/logs/k8s-audit.log"

cat > /opt/kubernetes/cfg/kube-controller-manager.conf << EOF
KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \\
--v=2 \\
--log-dir=/opt/kubernetes/logs \\
--leader-elect=true \\
--kubeconfig=/opt/kubernetes/cfg/kube-controller-manager.kubeconfig \\
--bind-address=127.0.0.1 \\
--allocate-node-cidrs=true \\
--cluster-cidr=10.244.0.0/16 \\
--service-cluster-ip-range=10.0.0.0/24 \\
--cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \\
--cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem  \\
--root-ca-file=/opt/kubernetes/ssl/ca.pem \\
--service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \\
--cluster-signing-duration=87600h0


1.28
KUBE_CONTROLLER_MANAGER_OPTS="--v=2 \
--leader-elect=true \
--kubeconfig=/data/kubernetes/cfg/kube-controller-manager.kubeconfig \
--bind-address=127.0.0.1 \
--allocate-node-cidrs=true \
--cluster-cidr=10.244.0.0/16 \
--service-cluster-ip-range=10.0.0.0/24 \
--cluster-signing-cert-file=/data/SSL/k8s/ca.pem \
--cluster-signing-key-file=/data/SSL/k8s/ca-key.pem  \
--root-ca-file=/data/SSL/k8s/ca.pem \
--service-account-private-key-file=/data/SSL/k8s/ca-key.pem \
--use-service-account-credentials=true \
--node-monitor-grace-period=40s \
--node-monitor-period=5s \
--controllers=*,bootstrapsigner,tokencleaner  \
--allocate-node-cidrs=true \
--node-cidr-mask-size-ipv4=24 \
--node-cidr-mask-size-ipv6=120"

KUBE_SCHEDULER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/data/kubernetes/logs \
--leader-elect \
--kubeconfig=/data/kubernetes/cfg/kube-scheduler.kubeconfig \
--bind-address=127.0.0.1"

1.28
[Service]
ExecStart=/usr/local/bin/kube-scheduler \\
      --v=2 \\
      --bind-address=0.0.0.0 \\
      --leader-elect=true \\
      --kubeconfig=/etc/kubernetes/scheduler.kubeconfig