CentOS7使用kubeadm平滑升级 - Tue, Apr 7, 2020
CentOS7使用kubeadm平滑升级
1. 概述
由于使用kubeadm安装的k8s,所以导致k8s在最近一段时间将会过期,所以需要对k8s进行一次升级让证书续期。
2. 升级
官方说明文档 https://v1-15.docs.kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-15/
2.1 kubeadm升级
yum list --showduplicates kubeadm --disableexcludes=kubernetes
安装指定版本的kubeadm
yum install -y kubeadm-1.16.8-0 --disableexcludes=kubernetes
当安装过高版本时需要降级
yum downgrade -y kubeadm-1.16.8-0 --disableexcludes=kubernetes
查看kubeadm版本
kubeadm version
2.2 upgrade plan
kubeadm upgrade plan
日志肯能像这样
[upgrade/config] Making sure the configuration is correct:
[upgrade/config] Reading configuration from the cluster...
[upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[upgrade/config] FATAL: this version of kubeadm only supports deploying clusters with the control plane version >= 1.17.0. Current version: v1.16.3
To see the stack trace of this error execute with --v=5 or higher
如果日志是这样,说明升级版本太高需要多次升级。此时需要降级kubeadm 正常日志
[upgrade/config] Making sure the configuration is correct:
[upgrade/config] Reading configuration from the cluster...
[upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[preflight] Running pre-flight checks.
[upgrade] Making sure the cluster is healthy:
[upgrade] Fetching available versions to upgrade to
[upgrade/versions] Cluster version: v1.16.3
[upgrade/versions] kubeadm version: v1.16.8
I0407 22:02:58.340666 19236 version.go:251] remote version is much newer: v1.18.0; falling back to: stable-1.16
[upgrade/versions] Latest stable version: v1.16.8
[upgrade/versions] Latest version in the v1.16 series: v1.16.8
Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply':
COMPONENT CURRENT AVAILABLE
Kubelet 4 x v1.16.3 v1.16.8
Upgrade to the latest version in the v1.16 series:
COMPONENT CURRENT AVAILABLE
API Server v1.16.3 v1.16.8
Controller Manager v1.16.3 v1.16.8
Scheduler v1.16.3 v1.16.8
Kube Proxy v1.16.3 v1.16.8
CoreDNS 1.6.2 1.6.2
Etcd 3.3.15 3.3.15-0
You can now apply the upgrade by executing the following command:
kubeadm upgrade apply v1.16.8
_____________________________________________________________________
2.3 镜像获取
查看升级需要的镜像
kubeadm config images list
日志
I0407 22:10:35.203429 25073 version.go:251] remote version is much newer: v1.18.0; falling back to: stable-1.16
k8s.gcr.io/kube-apiserver:v1.16.8
k8s.gcr.io/kube-controller-manager:v1.16.8
k8s.gcr.io/kube-scheduler:v1.16.8
k8s.gcr.io/kube-proxy:v1.16.8
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.15-0
k8s.gcr.io/coredns:1.6.2
由于k8s.gcr.io在国内无法访问,所以需要翻墙或者使用国内镜像
2.3.1 kubeadm 大于 1.15
使用--image-repository参数跳转到aliyun镜像代理
kubeadm config images pull --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers
2.3.2 kubeadm 小于 1.15
由于1.14版本及其以下没有--image-repository参数,所以需要先pull镜像然后再tag的方式进行实现。
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.16.8
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.16.8
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.16.8
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.16.8
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.15-0
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.16.8 k8s.gcr.io/kube-apiserver:v1.16.8
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.16.8 k8s.gcr.io/kube-controller-manager:v1.16.8
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.16.8 k8s.gcr.io/kube-scheduler:v1.16.8
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.16.8 k8s.gcr.io/kube-proxy:v1.16.8
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.15-0 k8s.gcr.io/etcd:3.3.15-0
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.2 k8s.gcr.io/coredns:1.6.2
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.16.8
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.16.8
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.16.8
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.16.8
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.15-0
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.2
2.4 kubeadm upgrade node
更新node信息
kubeadm upgrade node config --kubelet-version v1.16.8
yum install -y kubelet-1.16.8-0 kubectl-1.16.8-0 --disableexcludes=kubernetes
systemctl daemon-reload
systemctl restart kubelet
systemctl status kubelet
2.5 更新node节点
node操作
yum install -y kubeadm-1.16.8-0 --disableexcludes=kubernetes
master操作
kubectl drain $NODE --ignore-daemonsets
node操作
kubeadm upgrade node config --kubelet-version v1.16.8
yum install -y kubelet-1.16.8-0 kubectl-1.16.8-0 --disableexcludes=kubernetes
systemctl daemon-reload
systemctl restart kubelet
systemctl status kubelet
master操作
kubectl uncordon $NODE