纯干货: kubernetes 多Master 二进制方式v1.20.11升级到v1.21.7

原创

DevOps运维民工 2022-02-09 11:25:54 ©著作权

文章标签 git linux 版本升级 文章分类 代码人生

©著作权归作者所有：来自51CTO博客作者DevOps运维民工的原创作品，请联系作者获取转载授权，否则将追究法律责任

关注公众号，将获取更多kubernetes干货

升级介绍

针对kubernetes小版本升级，只要更新相关二进制文件就可以了，由于kubernetes版本更新比较快，很多依赖还没解决晚上，所以不建议生产环境使用比较新的版本，升级目标小版本号不建议大于2。

kubernetes版本升级需要考虑到集群当中正在运行的容器收到影响，所以应该对各Node逐个进行驱离和驱逐Node上面的Pod。先更新Master服务，在逐个更新Node上的kubelet和kube-proxy服务。

升级规划

角色	组件	目前版本	升级版本
Master	kube-apiserver	v1.20.11	v1.21.7
	kube-controller-manager	v1.20.11	v1.21.7
	kube-scheduler	v1.20.11	v1.21.7
	kubelet	v1.20.11	v1.21.7
	kube-prox	v1.20.11	v1.21.7
Node	kubelet	v1.20.11	v1.21.7
Node	kube-proxy	v1.20.11	v1.21.7

说明:

calico和etcd一般不需要更新。

升级准备

下载地址

wget https://dl.k8s.io/v1.21.7/kubernetes-server-linux-amd64.tar.gz

目前集群版本信息

# kubectl get node
NAME                  STATUS   ROLES    AGE   VERSION
test-k8s-master-227   Ready    master   18d   v1.20.11
test-k8s-master-230   Ready    master   17d   v1.20.11
test-k8s-master-231   Ready    master   17d   v1.20.11
test-k8s-node-228     Ready    <none>   18d   v1.20.11
test-k8s-node-229     Ready    <none>   18d   v1.20.11
test-k8s-node-233     Ready    <none>   16d   v1.20.11
# kubectl version
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.11", GitCommit:"27522a29febbcc4badac257763044d0d90c11abd", GitTreeState:"clean", BuildDate:"2021-09-15T19:21:44Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.11", GitCommit:"27522a29febbcc4badac257763044d0d90c11abd", GitTreeState:"clean", BuildDate:"2021-09-15T19:16:25Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"}

开始升级

Master升级(在所有Master节点操作)

备份

mkdir /data/backup/kubernetes -p
cp /data/local/kubernetes/bin/{kube-apiserver,kube-controller-manager,kube-scheduler} /data/backup/kubernetes/

停止master（先停止其中一台master,先升级一台，跑个测试服务，观察下是否正常，在升级其他master）

systemctl stop keepalived   #可以先停掉keepalived，切走高可用VIP地址
systemctl stop kube-apiserver
systemctl stop kube-scheduler
systemctl stop kube-controller-manager

升级master

tar xf kubernetes-server-linux-amd64.tar.gz
/bin/cp kubernetes/server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler} /data/local/kubernetes/bin/

启动keepalive和apiserver，其他组件

$systemctl start kube-apiserver
$systemctl start kube-controller-manager && systemctl start kube-scheduler
$kubectl  get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok                  
scheduler            Healthy   ok                  
etcd-1               Healthy   {"health":"true"}   
etcd-2               Healthy   {"health":"true"}   
etcd-0               Healthy   {"health":"true"}   
$systemctl start keepalived
$kubectl version 
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.11", GitCommit:"27522a29febbcc4badac257763044d0d90c11abd", GitTreeState:"clean", BuildDate:"2021-09-15T19:21:44Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.7", GitCommit:"1f86634ff08f37e54e8bfcd86bc90b61c98f84d4", GitTreeState:"clean", BuildDate:"2021-11-17T14:35:38Z", GoVersion:"go1.16.10", Compiler:"gc", Platform:"linux/amd64"}

可以看到服务端组件已经升级成功。

升级另外两台Master

将新版本的报传到230和231

scp kubernetes-server-linux-amd64.tar.gz  192.168.253.230:/data/tools/
scp kubernetes-server-linux-amd64.tar.gz  192.168.253.231:/data/tools/

停止230master （231一样的操作)

systemctl stop keepalived   #可以先停掉keepalived，切走高可用VIP地址
systemctl stop kube-apiserver
systemctl stop kube-scheduler
systemctl stop kube-controller-manager

升级

$cd /data/tools
 $tar xf kubernetes-server-linux-amd64.tar.gz
 $/bin/cp kubernetes/server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler} /data/local/kubernetes/bin/
 $systemctl start kube-apiserver
 $systemctl start kube-controller-manager && systemctl start kube-scheduler
 $kubectl  version
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.11", GitCommit:"27522a29febbcc4badac257763044d0d90c11abd", GitTreeState:"clean", BuildDate:"2021-09-15T19:21:44Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.7", GitCommit:"1f86634ff08f37e54e8bfcd86bc90b61c98f84d4", GitTreeState:"clean", BuildDate:"2021-11-17T14:35:38Z", GoVersion:"go1.16.10", Compiler:"gc", Platform:"linux/amd64"}

Node组件升级

备份(所有node节点，包括master)

mkdir -p /data/backup/kubernetes/
cp /data/local/kubernetes/bin/{kube-proxy,kubelet} /data/backup/kubernetes/
cp /usr/bin/kubectl /data/backup/kubernetes/

隔离Node，让node变成不可调度的状态

kubectl cordon test-k8s-master-227
kubectl  get node 
NAME                  STATUS                     ROLES    AGE   VERSION
test-k8s-master-227   Ready,SchedulingDisabled   master   18d   v1.20.11
test-k8s-master-230   Ready                      master   17d   v1.20.11
test-k8s-master-231   Ready                      master   17d   v1.20.11
test-k8s-node-228     Ready                      <none>   18d   v1.20.11
test-k8s-node-229     Ready                      <none>   18d   v1.20.11
test-k8s-node-233     Ready                      <none>   17d   v1.20.11

停止(一台一台升级)

systemctl stop kubelet
systemctl stop kube-proxy

升级

cd /data/tools/
tar xf kubernetes-server-linux-amd64.tar.gz
/bin/cp kubernetes/server/bin/{kubelet,kube-proxy} /data/local/kubernetes/bin/
/bin/cp kubernetes/server/bin/kubectl /usr/bin/  #升级node 可以不用拷贝kubectl

启动

systemctl daemon-reload && systemctl start kubelet
systemctl start kube-proxy
systemctl status kube-proxy
● kube-proxy.service - Kubernetes Proxy
   Loaded: loaded (/usr/lib/systemd/system/kube-proxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2021-12-06 14:12:07 CST; 7s ago
 Main PID: 85281 (kube-proxy)

启动成功，版本也改过来了

kubectl  get node
NAME                  STATUS                     ROLES    AGE   VERSION
test-k8s-master-227   Ready,SchedulingDisabled   master   18d   v1.21.7
test-k8s-master-230   Ready                      master   17d   v1.20.11
test-k8s-master-231   Ready                      master   17d   v1.20.11
test-k8s-node-228     Ready                      <none>   18d   v1.20.11
test-k8s-node-229     Ready                      <none>   18d   v1.20.11
test-k8s-node-233     Ready                      <none>   17d   v1.20.11

解除隔离

kubectl uncordon test-k8s-master-227

其他节点一样的操作

将包分发到所有节点，其他步骤参考上面走一遍

scp -P 22 kubernetes-server-linux-amd64.tar.gz  192.168.253.228:/data/tools/
scp -P 22 kubernetes-server-linux-amd64.tar.gz  192.168.253.229:/data/tools/
scp -P 22 kubernetes-server-linux-amd64.tar.gz  192.168.253.230:/data/tools/
scp -P 22 kubernetes-server-linux-amd64.tar.gz  192.168.253.231:/data/tools/
scp -P 22 kubernetes-server-linux-amd64.tar.gz 192.168.253.233:/data/tools/

一番猛如虎的操作，所有node均已升级完成

kubectl  get node
NAME                  STATUS   ROLES    AGE   VERSION
test-k8s-master-227   Ready    master   18d   v1.21.7
test-k8s-master-230   Ready    master   17d   v1.21.7
test-k8s-master-231   Ready    master   17d   v1.21.7
test-k8s-node-228     Ready    <none>   18d   v1.21.7
test-k8s-node-229     Ready    <none>   18d   v1.21.7
test-k8s-node-233     Ready    <none>   17d   v1.21.7

测试

$vim test.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: busybox
  namespace: default
spec:
  containers:
  - name: busybox
    image: busybox:1.28.3
    command:
      - sleep
      - "3600"
    imagePullPolicy: IfNotPresent
  restartPolicy: Always
  $kubectl apply -f  test.yaml
  $kubectl  get po -o wide
NAME      READY   STATUS    RESTARTS   AGE    IP              NODE                NOMINATED NODE   READINESS GATES
busybox   1/1     Running   0          107s   10.244.4.3      test-k8s-node-233   <none>           <none>
nginx     1/1     Running   0          28m    10.244.39.132   test-k8s-node-229   <none>           <none>