Centos7升级K8S集群
适用于使用kubeadm部署的k8s环境。
Kubernetes 版本以 x.y.z 表示,其中 x 是主要版本, y 是次要版本,z 是补丁版本。
升级时不可以跳过次版本。 例如,你只能从 1.y 升级到 1.y+1,而不能从 1.y 升级到 1.y+2。
版本偏差说明:
https://kubernetes.io/zh-cn/releases/version-skew-policy/
注意:
生产环境升级之前注意备份数据。为了方便恢复,如果是虚拟机环境可以借助kube快照进行恢复。
本次操作升级的为一个单节点的K8S环境,主要步骤如下:
1. 升级kubeadm
# 当前版本
[root@k8s ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s Ready control-plane,master 3d18h v1.22.0
# 查看可用的kubeadm版本。
[root@k8s ~]# yum list --showduplicates kubeadm --disableexcludes=kubernetes
# 升级kubeadm到1.23.17-0版本。
[root@k8s ~]# yum install -y kubeadm-1.23.17-0 --disableexcludes=kubernetes
# kubeadm upgrade plan验证升级计划,COMPONENT CURRENT TARGET :告诉我们组件可以从当前版本升级到的版本。
[root@k8s ~]# kubeadm upgrade plan
[upgrade/config] Making sure the configuration is correct:
[upgrade/config] Reading configuration from the cluster...
[upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[preflight] Running pre-flight checks.
[upgrade] Running cluster health checks
[upgrade] Fetching available versions to upgrade to
[upgrade/versions] Cluster version: v1.22.0
[upgrade/versions] kubeadm version: v1.23.17
I0615 16:48:13.655864 54942 version.go:256] remote version is much newer: v1.30.2; falling back to: stable-1.23
[upgrade/versions] Target version: v1.23.17
[upgrade/versions] Latest version in the v1.22 series: v1.22.17
Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply':
COMPONENT CURRENT TARGET
kubelet 1 x v1.22.0 v1.22.17
Upgrade to the latest version in the v1.22 series:
COMPONENT CURRENT TARGET
kube-apiserver v1.22.0 v1.22.17
kube-controller-manager v1.22.0 v1.22.17
kube-scheduler v1.22.0 v1.22.17
kube-proxy v1.22.0 v1.22.17
CoreDNS v1.8.4 v1.8.6
etcd 3.5.0-0 3.5.6-0
You can now apply the upgrade by executing the following command:
kubeadm upgrade apply v1.22.17
_____________________________________________________________________
Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply':
COMPONENT CURRENT TARGET
kubelet 1 x v1.22.0 v1.23.17
Upgrade to the latest stable version:
COMPONENT CURRENT TARGET
kube-apiserver v1.22.0 v1.23.17
kube-controller-manager v1.22.0 v1.23.17
kube-scheduler v1.22.0 v1.23.17
kube-proxy v1.22.0 v1.23.17
CoreDNS v1.8.4 v1.8.6
etcd 3.5.0-0 3.5.6-0
You can now apply the upgrade by executing the following command:
kubeadm upgrade apply v1.23.17
_____________________________________________________________________
The table below shows the current state of component configs as understood by this version of kubeadm.
Configs that have a "yes" mark in the "MANUAL UPGRADE REQUIRED" column require manual config upgrade or
resetting to kubeadm defaults before a successful upgrade can be performed. The version to manually
upgrade to is denoted in the "PREFERRED VERSION" column.
API GROUP CURRENT VERSION PREFERRED VERSION MANUAL UPGRADE REQUIRED
kubeproxy.config.k8s.io v1alpha1 v1alpha1 no
kubelet.config.k8s.io v1beta1 v1beta1 no
_____________________________________________________________________
2. 升级各个组件
接下来升级各个组件,包括kube-apiserver,kube-controller-manager等等
kubeadm upgrade apply v1.23.17
升级各个组件到1.23.17版本,如果etcd这个组件不想升级,可以加上选项:kubeadm upgrade apply v1.23.17 --etcd-upgrade=false。
# 通过将节点标记为不可调度并腾空节点为节点作升级准备:
[root@k8s ~]# kubectl drain k8s --ignore-daemonsets --delete-emptydir-data
# 升级各个组件
[root@k8s ~]# kubeadm upgrade apply v1.23.17 --etcd-upgrade=false
# 如果是worker节点,执行`kubeadm upgrade node`升级
# 解除节点保护
[root@k8s ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s Ready,SchedulingDisabled control-plane,master 3d18h v1.22.0
[root@k8s ~]# kubectl uncordon k8s
node/k8s uncordoned
[root@k8s ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s Ready control-plane,master 3d18h v1.22.0
# 此时查询到的版本还是老版本
3. 升级kubelet和kubectl
升级 kubelet 和 kubectl到1.21.9版本:
[root@k8s ~]# yum install -y kubelet-1.23.17 kubectl-1.23.17 --disableexcludes=kubernetes
# 重启kubelet
[root@k8s ~]# systemctl daemon-reload ;systemctl restart kubelet
# 查看版本信息
[root@k8s ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s Ready control-plane,master 3d19h v1.23.17
本文只记录了单节点环境的升级,如果是升级工作节点步骤与上面过程类似,只是worker节点不需要验证升级计划、无需升级管理组件,在上面的步骤中,将节点设置为不可调度后,执行kubeadm upgrade node
升级worker节点即可。
升级worker节点步骤:
- 升级kubeadm版本;
- 腾空节点;
- 管理节点执行
kubeadm upgrade node
升级worker节点; - uncordon节点;
- workder节点升级kubelet和kubectl并重启;
- 管理节点验证升级情况;