一 升级场景
1.1 小版本更新
小版本更新侧重于稳定性更新。
1.2 大版本更新
大版本更新侧重于功能更新,需要先在测试环境升级,更新后需要测试现有业务兼容性。测试通过后升级线上版本。
二 升级方案
2.1 蓝绿部署
- 新部署一套新版本环境,
- 现有服务在新环境运行,两套环境同时提供服务,
- 运行一段时间后,删除旧环境。
缺点:成本高
2.2 滚动升级
- 先在负载均衡器中踢出需要升级的master节点。
- 升级master节点。
- 把升级后的master节点加入负载均衡器。
- 轮流按上面流程更新其它master节点。
- 更新完master节点后,开始更新node节点。
缺点:升级过程中,升级的节点不可提供服务,大版本更新时可能会出现兼容性问题。
三 升级准备
3.1 升级版本信息
现有运行版本k8s-v1.21.0
升级的版本k8s-v1.21.6
3.2 下载升级包
点击查看代码
root@k8s-deploy:~# k8s_version=v1.21.6
root@k8s-deploy:~# wget https://dl.k8s.io/${k8s_version}/kubernetes.tar.gz
root@k8s-deploy:~# wget https://dl.k8s.io/${k8s_version}/kubernetes-client-linux-amd64.tar.gz
root@k8s-deploy:~# wget https://dl.k8s.io/${k8s_version}/kubernetes-server-linux-amd64.tar.gz
root@k8s-deploy:~# wget https://dl.k8s.io/${k8s_version}/kubernetes-node-linux-amd64.tar.gz
root@k8s-deploy:/opt/kubernetes_v1.21.6# tar xf kubernetes.tar.gz
root@k8s-deploy:/opt/kubernetes_v1.21.6# tar xf kubernetes-server-linux-amd64.tar.gz
root@k8s-deploy:/opt/kubernetes_v1.21.6# tar xf kubernetes-client-linux-amd64.tar.gz
root@k8s-deploy:/opt/kubernetes_v1.21.6# tar xf kubernetes-node-linux-amd64.tar.gz
root@k8s-deploy:/opt/kubernetes_v1.21.6# ls -l kubernetes/server/bin/
total 1075200
-rwxr-xr-x 1 root root 50794496 Oct 28 02:02 apiextensions-apiserver
-rwxr-xr-x 1 root root 48570368 Oct 28 02:02 kube-aggregator
-rwxr-xr-x 1 root root 122175488 Oct 28 02:02 kube-apiserver
-rw-r--r-- 1 root root 8 Oct 28 02:00 kube-apiserver.docker_tag
-rw------- 1 root root 126966784 Oct 28 02:00 kube-apiserver.tar
-rwxr-xr-x 1 root root 116371456 Oct 28 02:02 kube-controller-manager
-rw-r--r-- 1 root root 8 Oct 28 02:00 kube-controller-manager.docker_tag
-rw------- 1 root root 121162752 Oct 28 02:00 kube-controller-manager.tar
-rwxr-xr-x 1 root root 43364352 Oct 28 02:02 kube-proxy
-rw-r--r-- 1 root root 8 Oct 28 02:00 kube-proxy.docker_tag
-rw------- 1 root root 105366528 Oct 28 02:00 kube-proxy.tar
-rwxr-xr-x 1 root root 47321088 Oct 28 02:02 kube-scheduler
-rw-r--r-- 1 root root 8 Oct 28 02:00 kube-scheduler.docker_tag
-rw------- 1 root root 52112384 Oct 28 02:00 kube-scheduler.tar
-rwxr-xr-x 1 root root 44851200 Oct 28 02:02 kubeadm
-rwxr-xr-x 1 root root 46645248 Oct 28 02:02 kubectl
-rwxr-xr-x 1 root root 55305384 Oct 28 02:02 kubectl-convert
-rwxr-xr-x 1 root root 118365552 Oct 28 02:02 kubelet
-rwxr-xr-x 1 root root 1593344 Oct 28 02:02 mounter
3.3 升级内容
3.3.1 master节点
root@k8s-master-01:~# ls -l /usr/local/bin/kube*
-rwxr-xr-x 1 root root 122064896 Nov 10 19:35 /usr/local/bin/kube-apiserver
-rwxr-xr-x 1 root root 116281344 Nov 10 19:35 /usr/local/bin/kube-controller-manager
-rwxr-xr-x 1 root root 43130880 Nov 10 19:36 /usr/local/bin/kube-proxy
-rwxr-xr-x 1 root root 47104000 Nov 10 19:35 /usr/local/bin/kube-scheduler
-rwxr-xr-x 1 root root 46436352 Nov 10 19:35 /usr/local/bin/kubectl
-rwxr-xr-x 1 root root 118062928 Nov 10 19:36 /usr/local/bin/kubelet
3.3.2 node节点
root@k8s-node-01:~# ls -l /usr/local/bin/kube*
-rwxr-xr-x 1 root root 43130880 Nov 10 20:40 /usr/local/bin/kube-proxy
-rwxr-xr-x 1 root root 46436352 Nov 10 20:40 /usr/local/bin/kubectl
-rwxr-xr-x 1 root root 118062928 Nov 10 20:40 /usr/local/bin/kubelet
四 升级master节点
4.1 踢出升级节点
4.1.1 修改负载均衡器
点击查看代码
root@ha-01:~# cat /usr/local/haproxy/haproxy.cfg
global
maxconn 100000
chroot /usr/local/haproxy
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
user haproxy
group haproxy
daemon
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local2 info
defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:123456
listen k8s-6443
bind 192.168.174.20:6443
mode tcp
log global
#server k8s-master-01 192.168.174.100:6443 check inter 3s fall 2 rise 5
server k8s-master-02 192.168.174.101:6443 check inter 3s fall 2 rise 5
server k8s-master-03 192.168.174.102:6443 check inter 3s fall 2 rise 5
4.1.2 重启haproxy
root@ha-01:~# systemctl restart haproxy
4.2 停止服务
root@k8s-master-01:~# systemctl stop kube-apiserver.service kube-controller-manager.service kube-proxy.service kube-scheduler.service kubelet
4.3 复制二进制文件
root@k8s-deploy:/opt/kubernetes_v1.21.6# scp kubernetes/server/bin/kube-proxy kubernetes/server/bin/kube-apiserver kubernetes/server/bin/kube-controller-manager kubernetes/server/bin/kube-scheduler kubernetes/server/bin/kubelet kubernetes/server/bin/kubectl 192.168.174.100:/usr/local/bin/
kube-proxy 100% 41MB 2.5MB/s 00:16
kube-apiserver 100% 117MB 2.1MB/s 00:56
kube-controller-manager 100% 111MB 7.1MB/s 00:15
kube-scheduler 100% 45MB 8.3MB/s 00:05
kubelet 100% 113MB 11.5MB/s 00:09
kubectl 100% 44MB 11.7MB/s 00:03
4.4 启动服务
root@k8s-master-01:~# systemctl start kube-apiserver.service kube-controller-manager.service kube-proxy.service kube-scheduler.service kubelet
4.5 验证版本信息
root@k8s-master-01:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.174.100 Ready,SchedulingDisabled master 9h v1.21.6
192.168.174.101 Ready,SchedulingDisabled master 9h v1.21.0
192.168.174.102 Ready,SchedulingDisabled master 157m v1.21.0
192.168.174.106 Ready node 9h v1.21.0
192.168.174.107 Ready node 9h v1.21.0
192.168.174.108 Ready node 145m v1.21.0
4.6 升级其它master节点
依次执行以上步骤
4.7 验证升级后版本信息
root@k8s-master-01:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.174.100 Ready,SchedulingDisabled master 9h v1.21.6
192.168.174.101 Ready,SchedulingDisabled master 9h v1.21.6
192.168.174.102 Ready,SchedulingDisabled master 164m v1.21.6
192.168.174.106 Ready node 9h v1.21.0
192.168.174.107 Ready node 9h v1.21.0
192.168.174.108 Ready node 152m v1.21.0
五 升级node 节点
注意:升级node节点docker版本需要对该节点做pod驱逐。
5.1 停止服务
root@k8s-node-01:~# systemctl stop kube-proxy.service kubelet.service
5.2 复制二进制文件
root@k8s-deploy:/opt/kubernetes_v1.21.6# scp kubernetes/server/bin/kube-proxy kubernetes/server/bin/kubelet kubernetes/server/bin/kubectl 192.168.174.106:/usr/local/bin/
kube-proxy 100% 41MB 108.2MB/s 00:00
kubelet 100% 113MB 91.7MB/s 00:01
kubectl 100% 44MB 70.5MB/s 00:00
5.3 启动服务
root@k8s-node-01:~# systemctl start kube-proxy.service kubelet.service
5.4 验证升级版本
root@k8s-node-01:~# kubectl get node
NAME STATUS ROLES AGE VERSION
192.168.174.100 Ready,SchedulingDisabled master 9h v1.21.6
192.168.174.101 Ready,SchedulingDisabled master 9h v1.21.6
192.168.174.102 Ready,SchedulingDisabled master 172m v1.21.6
192.168.174.106 Ready node 9h v1.21.6
192.168.174.107 Ready node 9h v1.21.0
192.168.174.108 Ready node 160m v1.21.0
5.5 升级其它node节点
依次执行以上操作
5.6 查看升级后版本信息
root@k8s-node-01:~# kubectl get node
NAME STATUS ROLES AGE VERSION
192.168.174.100 Ready,SchedulingDisabled master 9h v1.21.6
192.168.174.101 Ready,SchedulingDisabled master 9h v1.21.6
192.168.174.102 Ready,SchedulingDisabled master 174m v1.21.6
192.168.174.106 Ready node 9h v1.21.6
192.168.174.107 Ready node 9h v1.21.6
192.168.174.108 Ready node 162m v1.21.6