k8s集群升级

Mlul3922023-10-30 17:07

目录

[1. 部署cri-docker (所有集群节点)](#1. 部署cri-docker (所有集群节点))

[2. 升级master节点](#2. 升级master节点)

[3. 升级worker节点](#3. 升级worker节点)

[4. 部署containerd](#4. 部署containerd)

1. 部署cri-docker (所有集群节点)

k8s从1.24版本开始移除了dockershim,所以需要安装cri-docker插件才能使用docker

软件下载:GitHub - Mirantis/cri-dockerd: dockerd as a compliant Container Runtime Interface for Kubernetes
安装

复制代码 
rpm -ivh  cri-dockerd-0.3.5.20231016182601.cd730ff8-0.el7.x86_64.rpm


配置cri-docker

复制代码 
vim /usr/lib/systemd/system/cri-docker.service

[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --pod-infra-container-image=reg.westos.org/k8s/pause:3.7

systemctl daemon-reload
systemctl  enable --now cri-docker
ll /var/run/cri-dockerd.sock

2. 升级master节点

首先上传镜像到harbor仓库,便于升级

复制代码 
docker load -i k8s-v1.24.17.tar
docker images | grep k8s
docker push reg.westos.org/k8s/kube-apiserver:v1.24.17
docker push  reg.westos.org/k8s/kube-proxy:v1.24.17
docker push reg.westos.org/k8s/kube-scheduler:v1.24.17
docker push reg.westos.org/k8s/kube-controller-manager:v1.24.17
docker push reg.westos.org/k8s/pause:3.7


升级kubeadm 执行升级

复制代码 
yum install -y kubeadm-1.24.17-0
kubeadm upgrade plan


修改节点套接字

复制代码 
kubectl edit nodes k8s1

kubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/cri-dockerd.sock

kubeadm upgrade apply v1.24.17



腾空节点

复制代码 
kubectl drain k8s1 --ignore-daemonsets


升级kubelet

复制代码 
yum install -y kubelet-1.24.17-0 kubectl-1.24.17-0


配置kubelet使用cri-docker

复制代码 
vim /var/lib/kubelet/kubeadm-flags.env
KUBELET_KUBEADM_ARGS="--pod-infra-container-image=reg.westos.org/k8s/pause:3.7 --container-runtime=remote --container-runtime-endpoint=unix:///var/run/cri-dockerd.sock"


重启kubelet

复制代码 
systemctl daemon-reload 
systemctl  restart kubelet


解除节点保护

复制代码 
kubectl uncordon k8s1

完成升级

3. 升级worker节点

升级kubeadm 执行升级

复制代码 
yum install -y kubeadm-1.24.17-0
kubeadm upgrade node

腾空节点 #需要在master节点执行

复制代码 
kubectl drain k8s2 --ignore-daemonsets
kubectl drain k8s3 --ignore-daemonsets


升级kubelet

复制代码 
yum install -y kubelet-1.24.17-0 kubectl-1.24.17-0


配置kubelet使用cri-docker

复制代码 
vim /var/lib/kubelet/kubeadm-flags.env
KUBELET_KUBEADM_ARGS="--pod-infra-container-image=reg.westos.org/k8s/pause:3.7 --container-runtime=remote --container-runtime-endpoint=unix:///var/run/cri-dockerd.sock"


修改节点套接字 #需要在master节点执行

复制代码 
kubectl edit nodes k8s2
...
kubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/cri-dockerd.sock


重启kubelet

diff 复制代码 
systemctl daemon-reload 
systemctl  restart kubelet


解除节点保护 #需要在master节点执行

diff 复制代码 
kubectl uncordon k8s2


其它节点依此类推

完成升级

4. 部署containerd

k8s从1.24版本开始移除了dockershim,所以我们不在使用docker,选用containerd。
k8s1、k8s2、k8s3在配置前需要重置节点

复制代码 
kubeadm reset
kubeadm reset  --cri-socket unix:///var/run/cri-dockerd.sock
kubeadm reset  --cri-socket unix:///var/run/cri-dockerd.sock

k8s1:

k8s2,3


所有节点清除iptables规则

复制代码 
iptables -F
iptables -F -t nat


禁用所有节点docker和cri-docker服务

diff 复制代码 
systemctl  disable --now docker
systemctl  disable --now docker.socket
systemctl  disable --now cri-docker


之前部署过docker,containerd默认已经安装

修改配置

diff 复制代码 
containerd config default | tee /etc/containerd/config.toml
cd /etc/containerd/
vim config.toml
...
sandbox_image = "reg.westos.org/k8s/pause:3.7"
...
SystemdCgroup = true


修改配置文件

diff 复制代码 
vim /etc/containerd/config.toml
...
[plugins."io.containerd.grpc.v1.cri".registry]
      config_path = "/etc/containerd/certs.d"
mkdir -p /etc/containerd/certs.d/docker.io

vim /etc/containerd/certs.d/docker.io/hosts.toml

server = "https://registry-1.docker.io"

[host."https://reg.westos.org"]
  capabilities = ["pull", "resolve", "push"]
  skip_verify = true

拷贝证书

diff 复制代码 
mkdir -p /etc/containerd/certs.d/reg.westos.org
cp /etc/docker/certs.d/reg.westos.org/ca.crt /etc/containerd/certs.d/reg.westos.org/
systemctl  restart containerd
scp -r certs.d/ config.toml k8s2:/etc/containerd/
scp -r certs.d/ config.toml k8s3:/etc/containerd/


k8s2,3
systemctl disable --now docker cri-docker docker.socket
systemctl  enable --now containerd
crictl config runtime-endpoint unix:///run/containerd/containerd.sock


启动containerd

复制代码 
systemctl  enable --now containerd
systemctl  restart containerd
crictl config runtime-endpoint unix:///run/containerd/containerd.sock
crictl img
crictl pull reg.westos.org/k8s/pause:3.6

集群初始化

diff 复制代码 
kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository reg.westos.org/k8s --kubernetes-version v1.24.17
kubectl apply -f kube-flannel.yml

相关推荐
RainbowSea18 小时前
12. LangChain4j + 向量数据库操作详细说明
java·langchain·ai编程
RainbowSea18 小时前
11. LangChain4j + Tools(Function Calling)的使用详细说明
java·langchain·ai编程
考虑考虑1 天前
Jpa使用union all
java·spring boot·后端
用户3721574261351 天前
Java 实现 Excel 与 TXT 文本高效互转
java
浮游本尊1 天前
Java学习第22天 - 云原生与容器化
java
渣哥1 天前
原来 Java 里线程安全集合有这么多种
java
间彧1 天前
Spring Boot集成Spring Security完整指南
java
间彧1 天前
Spring Secutiy基本原理及工作流程
java
Java水解1 天前
JAVA经典面试题附答案(持续更新版)
java·后端·面试
洛小豆1 天前
在Java中,Integer.parseInt和Integer.valueOf有什么区别
java·后端·面试
热门推荐
01UV 工具安装与国内镜像源配置指南02GitHub 镜像站点03Claude Code 平替:OpenAI发布 Codex CLI ,GPT-5 国内直接使用0446个Nano-banana 精选提示词,持续更新中05UV安装并设置国内源06保姆级教程:手把手教你用Dify实现完美多轮对话(附Chatflow和提示词)07解决 WSL Ubuntu 中 /etc/resolv.conf 自动重置问题08A股预测还能更准?开源大模型Kronos带你跑通预测+回测全流程09Spec-Kit 使用指南10KGG转MP3工具|非KGM文件|解密音频