Kubernetes 二进制升级

Kubernetes集群升级非常简单,小版本基本上是只需要更新二进制文件即可。如果大版本升级需要注意kubelet参数的变化,以及其他组件升级之后的变化。 由于Kubernetes版本更新过快许多依赖并没有解决完善,并不建议生产环境使用较新版本

这里二进制安装参考下面文章,文件路径都给予下面的文章,如果有不相同的地方可以自行修改即可。 有问题请在下方提问!

Kubernetes 1.14 二进制集群安装

848741

本次升级的环境版本为1.14升级到1.15版本

在每个大版本中,k8s组件的配置文件以及相关参数可能会发生变化,修改好对应的参数问题一般影响不大。

官方文档下载地址:https://github.com/kubernetes/kubernetes/releases

API版本变更适配

对于不同版本的Kubernetes,许多资源对象的API的版本可能会变更。可以通过下面的命令获取当前的API信息

[root@k8s-01 ~]# kubectl explain deployment.apiVersion
KIND:     Deployment
VERSION:  extensions/v1beta1

FIELD:    apiVersion 

DESCRIPTION:
     APIVersion defines the versioned schema of this representation of an
     object. Servers should convert recognized schemas to the latest internal
     value, and may reject unrecognized values. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#resources

升级kubectl

备份kubectl,在所有的master节点操作

cd /opt/k8s/bin
[root@k8s-01 bin]# mv kubectl{,.bak_2020-04-13}

接下来我们下载最新的二进制包

mkdir -p /opt/new-client
wget -P /opt/new-client http://down.i4t.com/k8s1.15/kubernetes-client-linux-amd64.tar.gz
cd /opt/new-client
tar xf kubernetes-client-linux-amd64.tar.gz 

分发kubectl到所有节点

cd /opt/new-client
source /opt/k8s/bin/environment.sh
for node_ip in ${NODE_IPS[@]}
  do
    echo ">>> ${node_ip}"
    scp kubernetes/client/bin/kubectl root@${node_ip}:/opt/k8s/bin/
    ssh root@${node_ip} "chmod +x /opt/k8s/bin/*"
  done

升级前

[root@k8s-01 bin]# kubectl version
Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.2", GitCommit:"66049e3b21efe110454d67df4fa62b08ea79a19b", GitTreeState:"clean", BuildDate:"2019-05-16T16:23:09Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.2", GitCommit:"66049e3b21efe110454d67df4fa62b08ea79a19b", GitTreeState:"clean", BuildDate:"2019-05-16T16:14:56Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}

升级后

因为apiserver还没有升级,所以在Server Version中显示为1.14版本

[root@k8s-01 new]# kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.11", GitCommit:"d94a81c724ea8e1ccc9002d89b7fe81d58f89ede", GitTreeState:"clean", BuildDate:"2020-03-12T21:08:59Z", GoVersion:"go1.12.17", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.2", GitCommit:"66049e3b21efe110454d67df4fa62b08ea79a19b", GitTreeState:"clean", BuildDate:"2019-05-16T16:14:56Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}

升级master组件

kubectl命令行工具已经升级完毕,接下来我们升级master (这里使用测试环境进行演示,线上环境可以一台一台的升级替换)

#在所有master节点执行 (升级线上环境可以不停止keeplived)
systemctl stop keepalived   # 先停掉本机keepalived,切走高可用VIP地址
systemctl stop kube-apiserver
systemctl stop kube-scheduler
systemctl stop kube-controller-manager

备份旧版本

for i in k8s-01 k8s-02 k8s-03  #这里只需要master节点,因为现在升级是master节点
do
  ssh root@$i mv /opt/k8s/bin/kube-apiserver{,.bak_2020-04-13}
  ssh root@$i mv /opt/k8s/bin/kube-controller-manager{,.bak_2020-04-13}
  ssh root@$i mv /opt/k8s/bin/kube-scheduler{,.bak_2020-04-13}
  ssh root@$i mv /opt/k8s/bin/kubeadm{,.bak_2020-04-13}
done

升级拷贝新版本

mkdir /opt/new-server-k8s
wget -P /opt/new-server-k8s/ down.i4t.com/k8s1.15/kubernetes-server-linux-amd64.tar.gz
cd /opt/new-server-k8s
tar xf kubernetes-server-linux-amd64.tar.gz


#复制新版本客户端
cd /opt/new-server-k8s
source /opt/k8s/bin/environment.sh
for node_ip in ${MASTER_IPS[@]}
  do
    echo ">>> ${node_ip}"
    scp kubernetes/server/bin/kube-apiserver root@${node_ip}:/opt/k8s/bin/
    scp kubernetes/server/bin/{kube-controller-manager,kube-scheduler,kubeadm} root@${node_ip}:/opt/k8s/bin/
    ssh root@${node_ip} "chmod +x /opt/k8s/bin/*"
  done

接下来在所有master启动keepalived和apiserver

#所有master节点启动
systemctl start keepalived
systemctl start kube-apiserver

启动时可以通过下面的命令查看服务是否有不兼容的问题

journalctl -fu kube-apiserver

可以查看到etcd中的数据说明kube-apiserver没有问题

#这里目前只有apiserver数据恢复,所以只要能出结果说明apiserver正常
[root@k8s-01 new-server-k8s]# kubectl  get cs
NAME                 STATUS      MESSAGE                                                                                     ERROR
scheduler            Unhealthy   Get http://127.0.0.1:10251/healthz: dial tcp 127.0.0.1:10251: connect: connection refused   
controller-manager   Unhealthy   Get http://127.0.0.1:10252/healthz: dial tcp 127.0.0.1:10252: connect: connection refused   
etcd-1               Healthy     {"health":"true"}                                                                           
etcd-2               Healthy     {"health":"true"}                                                                           
etcd-0               Healthy     {"health":"true"} 

并且查看客户端和服务端的版本都是v1.15.11,说明版本相同没有问题

[root@k8s-01 new-server-k8s]# kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.11", GitCommit:"d94a81c724ea8e1ccc9002d89b7fe81d58f89ede", GitTreeState:"clean", BuildDate:"2020-03-12T21:08:59Z", GoVersion:"go1.12.17", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.11", GitCommit:"d94a81c724ea8e1ccc9002d89b7fe81d58f89ede", GitTreeState:"clean", BuildDate:"2020-03-12T21:00:06Z", GoVersion:"go1.12.17", Compiler:"gc", Platform:"linux/amd64"}

接下来启动其他组件

systemctl start kube-controller-manager && systemctl start kube-scheduler

#所有master节点执行

查看启动状态,此时kubernetes集群已经恢复

[root@k8s-01 ~]# kubectl get cs
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok                  
scheduler            Healthy   ok                  
etcd-1               Healthy   {"health":"true"}   
etcd-2               Healthy   {"health":"true"}   
etcd-0               Healthy   {"health":"true"} 

升级node组件

现在需要停止服务,并且备份二进制文件

#在所有node节点执行
systemctl stop kubelet
systemctl stop kube-proxy

所有node节点备份二进制文件

for i in k8s-01 k8s-02 k8s-03 k8s-04 k8s-05
do
  ssh root@$i mv /opt/k8s/bin/kubelet{,.bak_2020-04-13}
  ssh root@$i mv /opt/k8s/bin/kube-proxy{,.bak_2020-04-13}
done

现在拷贝新的二进制文件

cd /opt/new-server-k8s
source /opt/k8s/bin/environment.sh
for node_ip in ${NODE_IPS[@]}
  do
    echo ">>> ${node_ip}"
    scp kubernetes/server/bin/{kubelet,kube-proxy} root@${node_ip}:/opt/k8s/bin/
    ssh root@${node_ip} "chmod +x /opt/k8s/bin/*"
  done

在kubernetes 1.15版起kubelet需要删除下面的参数,因为新版本中这个参数已经过时。我们只需要在kubelet启动脚步中删除即可

参考https://github.com/microsoft/SDN/issues/379

#需要在kubelet启动文件删除相关参数
allow-privileged=true


#这里需要在每台node节点执行!
sed -i '/allow-privileged/d'  /etc/systemd/system/kubelet.service
systemctl daemon-reload && systemctl start kubelet


执行完命令后可以查看一下kubelet日志,检查是否有报错
journalctl -fu kubelet

kubelet成功启动后通过kubectl get node所有节点的版本已经变为1.15.11

这里的过程可能比较慢,耐心等待一会就好了。 如果长时间处于NotReady就需要查看一下kubelet日志

[root@k8s-01 ~]# kubectl get node
NAME     STATUS   ROLES    AGE     VERSION
k8s-01   Ready       3d10h   v1.15.11
k8s-02   Ready       3d10h   v1.15.11
k8s-03   Ready       3d10h   v1.15.11
k8s-04   Ready       3d10h   v1.15.11
k8s-05   Ready       3d10h   v1.15.11

目前还没有结束,我们还需要启动kube-proxy

for i in k8s-01 k8s-02 k8s-03 k8s-04 k8s-05
do
  ssh root@$i systemctl start kube-proxy
done

这里很多的命令都可以通过之前安装k8s的脚本进行获取,比如查看一下kube-proxy状态

source /opt/k8s/bin/environment.sh
for node_ip in ${NODE_IPS[@]}
  do
    echo ">>> ${node_ip}"
    ssh root@${node_ip} "systemctl status kube-proxy|grep Active"
  done

接下来我们可以验证一下集群的状态

[root@k8s-01 ~]# kubectl cluster-info 
Kubernetes master is running at https://192.168.31.105:8443
CoreDNS is running at https://192.168.31.105:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
[root@k8s-01 ~]# kubectl get node
NAME     STATUS   ROLES    AGE     VERSION
k8s-01   Ready       3d11h   v1.15.11
k8s-02   Ready       3d11h   v1.15.11
k8s-03   Ready       3d11h   v1.15.11
k8s-04   Ready       3d11h   v1.15.11
k8s-05   Ready       3d11h   v1.15.11
[root@k8s-01 ~]# kubectl get cs
NAME                 STATUS    MESSAGE             ERROR
etcd-0               Healthy   {"health":"true"}   
etcd-2               Healthy   {"health":"true"}   
etcd-1               Healthy   {"health":"true"}   
scheduler            Healthy   ok                  
controller-manager   Healthy   ok 

由于之前我这里安装了coredns,所以我在检查一下coredns是否正常

#创建测试yaml

cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: busybox
  namespace: default
spec:
  containers:
  - name: busybox
    image: busybox:1.28.3
    command:
      - sleep
      - "3600"
    imagePullPolicy: IfNotPresent
  restartPolicy: Always
EOF

#使用nslookup查看是否能返回地址
[root@k8s-01 ~]# kubectl get pod
NAME      READY   STATUS    RESTARTS   AGE
busybox   1/1     Running   0          26s
[root@k8s-01 ~]# kubectl exec -ti busybox -- nslookup kubernetes
Server:    10.254.0.2
Address 1: 10.254.0.2 kube-dns.kube-system.svc.cluster.local

Name:      kubernetes
Address 1: 10.254.0.1 kubernetes.default.svc.cluster.local
「点点赞赏,手留余香」

    还没有人赞赏,快来当第一个赞赏的人吧!
abcdocker运维博客
0 条回复 A 作者 M 管理员
    所有的伟大,都源于一个勇敢的开始!
欢迎您,新朋友,感谢参与互动!欢迎您 {{author}},您在本站有{{commentsCount}}条评论
k8s分 享 面试宝典
加入我们
  • 站长QQ:381493251一键联系
  • abcdocker 微信公众号
    abcdocker QQ群