K8s学习笔记(六) K8s升级与节点管理

能不能别报错2025-09-25 13:52

1 下载k8s二进制包

链接:[kubernetes/CHANGELOG/CHANGELOG-1.23.md at master · kubernetes/kubernetes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md)

下载四个二进制文件

客户机二进制文件kubernetes-client-linux-amd64.tar.gz

源代码kubernetes.tar.gz

服务器二进制文件kubernetes-server-linux-amd64.tar.gz

节点二进制文件kubernetes-node-linux-amd64.tar.gz

下载完成后上传至master1服务器/usr/local/src/目录下面

逐个进行解压

bash 复制代码 
root@master1:/usr/local/src# tar xf kubernetes-node-linux-amd64.tar.gz
root@master1:/usr/local/src# tar xf kubernetes-server-linux-amd64.tar.gz
root@master1:/usr/local/src# tar xf kubernetes.tar.gz
root@master1:/usr/local/src# tar xf kubernetes-client-linux-amd64.tar.gz

解压完成会出现一个kubernetes文件夹

进入bin目录

bash 复制代码 
root@master1:/usr/local/src/kubernetes/server/bin# cd /usr/local/src/kubernetes/server/bin
root@master1:/usr/local/src/kubernetes/server/bin# ls
apiextensions-apiserver  kube-apiserver             kube-apiserver.tar       kube-controller-manager.docker_tag  kube-log-runner  kube-proxy.docker_tag  kube-scheduler             kube-scheduler.tar  kubectl          kubelet
kube-aggregator          kube-apiserver.docker_tag  kube-controller-manager  kube-controller-manager.tar         kube-proxy       kube-proxy.tar         kube-scheduler.docker_tag  kubeadm             kubectl-convert  mounter

2 升级

2.1 master节点升级

master节点逐个进行升级 master1 master2 master3 ,将需要升级的master1节点关闭进行离线升级,剩余两个master节点继续运行不影响服务。

将/usr/local/src/kubernetes/server/bin目录下的kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy kubectl 二进制文件升级包替换/usr/local/bin/目录下目前版本的二进制文件

bash 复制代码 
root@master1:/usr/local/src/kubernetes/server/bin# cp kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy kubectl /etc/kubeasz/bin/
# 查看当前node节点是那些
root@master1:/usr/local/src/kubernetes/server/bin# kubectl get node
NAME              STATUS                     ROLES    AGE     VERSION
192.168.121.101   Ready,SchedulingDisabled   master   2d23h   v1.23.1
192.168.121.102   Ready,SchedulingDisabled   master   2d23h   v1.23.1
192.168.121.111   Ready                      node     2d23h   v1.23.1
192.168.121.112   Ready                      node     2d23h   v1.23.1
# 编辑node1节点上的/etc/kube-lb/conf/kube-lb.conf文件注释掉需要更新的master1的ip信息

root@node1:~# vim /etc/kube-lb/conf/kube-lb.conf
user root;
worker_processes 1;

error_log  /etc/kube-lb/logs/error.log warn;

events {
    worker_connections  3000;
}

stream {
    upstream backend {
        #server 192.168.121.101:6443    max_fails=2 fail_timeout=3s;
        server 192.168.121.102:6443    max_fails=2 fail_timeout=3s;
    }

    server {
        listen 127.0.0.1:6443;
        proxy_connect_timeout 1s;
        proxy_pass backend;
    }
}
# 重启服务更新状态
root@node1:~# systemctl restart kube-lb.service 

# 编辑node2节点上的/etc/kube-lb/conf/kube-lb.conf文件注释掉需要更新的master1的ip信息

root@node2:~# vim /etc/kube-lb/conf/kube-lb.conf
user root;
worker_processes 1;

error_log  /etc/kube-lb/logs/error.log warn;

events {
    worker_connections  3000;
}

stream {
    upstream backend {
        #server 192.168.121.101:6443    max_fails=2 fail_timeout=3s;
        server 192.168.121.102:6443    max_fails=2 fail_timeout=3s;
    }

    server {
        listen 127.0.0.1:6443;
        proxy_connect_timeout 1s;
        proxy_pass backend;
    }
}
# 重启服务更新状态
root@node2:~# systemctl restart kube-lb.service 

# 停止master1节点的相关服务
root@master1:/usr/local/src/kubernetes/server/bin# systemctl stop kube
kube-apiserver.service           kube-controller-manager.service  kube-lb.service                  kube-proxy.service               kube-scheduler.service           kubelet.service   

root@master1:/usr/local/src/kubernetes/server/bin# systemctl stop kube-apiserver.service kube-controller-manager.service kube-proxy.service kube-scheduler.service kubelet.service
# 替换二进制文件
root@master1:/usr/local/src/kubernetes/server/bin# \cp kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy kubectl /usr/local/bin/
# 查看版本信息
root@master1:/usr/local/src/kubernetes/server/bin# kube-apiserver --version
Kubernetes v1.23.5
root@master1:/usr/local/src/kubernetes/server/bin# kube-controller-manager --version
Kubernetes v1.23.5
root@master1:/usr/local/src/kubernetes/server/bin# kube-scheduler --version
Kubernetes v1.23.5
# 启动服务
root@master1:/usr/local/src/kubernetes/server/bin# systemctl start kube-apiserver.service kube-controller-manager.service kube-proxy.service kube-scheduler.service kubelet.service
# 查看node节点版本信息
root@master1:/usr/local/src/kubernetes/server/bin# kubectl get node
NAME              STATUS                     ROLES    AGE     VERSION
192.168.121.101   Ready,SchedulingDisabled   master   2d23h   v1.23.5    # 可以看到版本已经升级完成
192.168.121.102   Ready,SchedulingDisabled   master   2d23h   v1.23.1
192.168.121.111   Ready                      node     2d23h   v1.23.1
192.168.121.112   Ready                      node     2d23h   v1.23.1

# 升级master2
# 修改node1节点的负载均衡ip
root@node1:~# vim /etc/kube-lb/conf/kube-lb.conf
# 恢复master1,注释master2
user root;
worker_processes 1;

error_log  /etc/kube-lb/logs/error.log warn;

events {
    worker_connections  3000;
}

stream {
    upstream backend {
        server 192.168.121.101:6443    max_fails=2 fail_timeout=3s;
        #server 192.168.121.102:6443    max_fails=2 fail_timeout=3s;
    }

    server {
        listen 127.0.0.1:6443;
        proxy_connect_timeout 1s;
        proxy_pass backend;
    }
# 重启服务
root@node2:~# systemctl restart kube-lb.service

# 修改node2节点的负载均衡ip
root@node2:~# vim /etc/kube-lb/conf/kube-lb.conf
# 恢复master1,注释master2
user root;
worker_processes 1;

error_log  /etc/kube-lb/logs/error.log warn;

events {
    worker_connections  3000;
}

stream {
    upstream backend {
        server 192.168.121.101:6443    max_fails=2 fail_timeout=3s;
        #server 192.168.121.102:6443    max_fails=2 fail_timeout=3s;
    }

    server {
        listen 127.0.0.1:6443;
        proxy_connect_timeout 1s;
        proxy_pass backend;
    }
# 重启服务
root@node2:~# systemctl restart kube-lb.service

# 停止master2服务
root@master2:~# systemctl stop kube-apiserver.service kube-controller-manager.service kube-proxy.service kube-scheduler.service kubelet.service

# 在master1将二进制包传给master2
root@master1:/usr/local/src/kubernetes/server/bin# scp kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy kubectl master2:/usr/local/bin/

# master2启动服务
root@master2:~# systemctl start kube-apiserver.service kube-controller-manager.service kube-proxy.service kube-scheduler.service kubelet.service

# 验证更新
root@master1:/usr/local/src/kubernetes/server/bin# kubectl get node
NAME              STATUS                     ROLES    AGE     VERSION
192.168.121.101   Ready,SchedulingDisabled   master   2d23h   v1.23.5
192.168.121.102   Ready,SchedulingDisabled   master   2d23h   v1.23.5       # master2已经更新为1.23.5
192.168.121.111   Ready                      node     2d23h   v1.23.1
192.168.121.112   Ready                      node     2d23h   v1.23.1

2.2 node节点升级

bash 复制代码 
# 驱逐node1上的服务到node2上面
root@master1:/usr/local/src/kubernetes/server/bin# kubectl drain 192.168.121.111 --force --delete-emptydir-data --ignore-daemonsets 
node/192.168.121.111 cordoned
WARNING: deleting Pods not managed by ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet: default/net-test2, default/net-test4; ignoring DaemonSet-managed Pods: kube-system/calico-node-4rnzt
evicting pod velero-system/velero-6755cb8697-b87p9
evicting pod default/net-test2
evicting pod default/net-test4
evicting pod kube-system/coredns-7db6b45f67-xpzmr
evicting pod kubernetes-dashboard/dashboard-metrics-scraper-69d947947b-94c4p
pod/dashboard-metrics-scraper-69d947947b-94c4p evicted
pod/velero-6755cb8697-b87p9 evicted
pod/coredns-7db6b45f67-xpzmr evicted
pod/net-test4 evicted
pod/net-test2 evicted
node/192.168.121.111 drained

# 查看全部pod位置,已经驱逐到了ndoe2上面去了
root@master1:/usr/local/src/kubernetes/server/bin# kubectl get -A pod -o wide
NAMESPACE              NAME                                              READY   STATUS    RESTARTS       AGE     IP                NODE              NOMINATED NODE   READINESS GATES
default                net-test3                                         1/1     Running   3 (18h ago)    2d21h   10.200.104.10     192.168.121.112   <none>           <none>
kube-system            calico-kube-controllers-754966f84c-nb8mt          1/1     Running   8 (18h ago)    3d      192.168.121.112   192.168.121.112   <none>           <none>
kube-system            calico-node-29mld                                 1/1     Running   4 (18h ago)    3d      192.168.121.102   192.168.121.102   <none>           <none>
kube-system            calico-node-4rnzt                                 1/1     Running   6 (18h ago)    3d      192.168.121.111   192.168.121.111   <none>           <none>
kube-system            calico-node-p4ddl                                 1/1     Running   4 (18h ago)    3d      192.168.121.112   192.168.121.112   <none>           <none>
kube-system            calico-node-rn7fk                                 1/1     Running   10 (18h ago)   3d      192.168.121.101   192.168.121.101   <none>           <none>
kube-system            coredns-7db6b45f67-ht47r                          1/1     Running   2 (18h ago)    45h     10.200.104.12     192.168.121.112   <none>           <none>
kube-system            coredns-7db6b45f67-nsrth                          1/1     Running   0              83s     10.200.104.17     192.168.121.112   <none>           <none>
kubernetes-dashboard   dashboard-metrics-scraper-69d947947b-g74lh        1/1     Running   0              83s     10.200.104.18     192.168.121.112   <none>           <none>
kubernetes-dashboard   kubernetes-dashboard-744bdb9f9b-f2zns             1/1     Running   4 (18h ago)    43h     10.200.104.14     192.168.121.112   <none>           <none>
myapp                  linux66-tomcat-app1-deployment-667c9cf879-hz98v   1/1     Running   0              117m    10.200.104.16     192.168.121.112   <none>           <none>
velero-system          velero-6755cb8697-8cv8b                           0/1     Pending   0              83s     <none>            <none>            <none>           <none>

root@master1:/usr/local/src/kubernetes/server/bin# kubectl get node
NAME              STATUS                     ROLES    AGE   VERSION
192.168.121.101   Ready,SchedulingDisabled   master   3d    v1.23.5
192.168.121.102   Ready,SchedulingDisabled   master   3d    v1.23.5
192.168.121.111   Ready,SchedulingDisabled   node     3d    v1.23.1       # node1已经打上了污点禁止调度
192.168.121.112   Ready                      node     3d    v1.23.1

# node1节点停止服务
root@node1:~# systemctl stop kubelet.service kube-proxy.service 

# master1将node节点需要的二进制文件传送过去
root@master1:/usr/local/src/kubernetes/server/bin# scp kube-proxy kubelet node1:/usr/local/bin/
The authenticity of host 'node1 (192.168.121.111)' can't be established.
ECDSA key fingerprint is SHA256:e6246AoozwtEjYmPqU/mS4fWncpxKvoXtPgl9ZswNwQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'node1' (ECDSA) to the list of known hosts.
kube-proxy                                                                                                                                                                                                                                          100%   42MB  43.4MB/s   00:00    3
kubelet    

# node1节点启动服务
root@node1:/usr/local/bin# systemctl start kubelet.service kube-proxy.service 

# master1上查看node状态和版本信息
root@master1:/usr/local/src/kubernetes/server/bin# kubectl get node
NAME              STATUS                     ROLES    AGE   VERSION
192.168.121.101   Ready,SchedulingDisabled   master   3d    v1.23.5
192.168.121.102   Ready,SchedulingDisabled   master   3d    v1.23.5
192.168.121.111   Ready,SchedulingDisabled   node     3d    v1.23.5        # 可以看到node1节点已经升级成功为1.23.5
192.168.121.112   Ready                      node     3d    v1.23.1

# 升级node2
# 停止node2服务
root@node2:~# systemctl stop kubelet.service kube-proxy.service
# 将二进制文件传送到node2进行替换升级
root@master1:/usr/local/src/kubernetes/server/bin# scp kube-proxy kubelet node2:/usr/local/bin/
The authenticity of host 'node2 (192.168.121.112)' can't be established.
ECDSA key fingerprint is SHA256:e6246AoozwtEjYmPqU/mS4fWncpxKvoXtPgl9ZswNwQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'node2' (ECDSA) to the list of known hosts.
kube-proxy                                                                                                                                                                                                                                          100%   42MB  47.3MB/s   00:00    
kubelet    

# 取消node1的污点,让其允许调度
root@master1:/usr/local/src/kubernetes/server/bin# kubectl get node
NAME              STATUS                     ROLES    AGE   VERSION
192.168.121.101   Ready,SchedulingDisabled   master   3d    v1.23.5
192.168.121.102   Ready,SchedulingDisabled   master   3d    v1.23.5
192.168.121.111   Ready,SchedulingDisabled   node     3d    v1.23.5
192.168.121.112   Ready                      node     3d    v1.23.5
root@master1:/usr/local/src/kubernetes/server/bin# kubectl uncordon 192.168.121.111
node/192.168.121.111 uncordoned
root@master1:/usr/local/src/kubernetes/server/bin# kubectl get node
NAME              STATUS                     ROLES    AGE    VERSION
192.168.121.101   Ready,SchedulingDisabled   master   3d1h   v1.23.5
192.168.121.102   Ready,SchedulingDisabled   master   3d1h   v1.23.5
192.168.121.111   Ready                      node     3d     v1.23.5
192.168.121.112   Ready                      node     3d     v1.23.5

3 管理节点

3.1 添加节点

bash 复制代码 
root@master1:/etc/kubeasz# ./ezctl --help
Usage: ezctl COMMAND [args]
-------------------------------------------------------------------------------------
Cluster setups:
    list		             to list all of the managed clusters
    checkout    <cluster>            to switch default kubeconfig of the cluster
    new         <cluster>            to start a new k8s deploy with name 'cluster'
    setup       <cluster>  <step>    to setup a cluster, also supporting a step-by-step way
    start       <cluster>            to start all of the k8s services stopped by 'ezctl stop'
    stop        <cluster>            to stop all of the k8s services temporarily
    upgrade     <cluster>            to upgrade the k8s cluster
    destroy     <cluster>            to destroy the k8s cluster
    backup      <cluster>            to backup the cluster state (etcd snapshot)
    restore     <cluster>            to restore the cluster state from backups
    start-aio		             to quickly setup an all-in-one cluster with 'default' settings

Cluster ops:
    add-etcd    <cluster>  <ip>      to add a etcd-node to the etcd cluster
    add-master  <cluster>  <ip>      to add a master node to the k8s cluster
    add-node    <cluster>  <ip>      to add a work node to the k8s cluster
    del-etcd    <cluster>  <ip>      to delete a etcd-node from the etcd cluster
    del-master  <cluster>  <ip>      to delete a master node from the k8s cluster
    del-node    <cluster>  <ip>      to delete a work node from the k8s cluster

Extra operation:
    kcfg-adm    <cluster>  <args>    to manage client kubeconfig of the k8s cluster

Use "ezctl help <command>" for more information about a given command.

# 添加node节点
root@master1:/etc/kubeasz# ./ezctl add-node k8s-01 192.168.121.113 

# 查看node节点
root@master1:/etc/kubeasz# kubectl get node
NAME              STATUS                     ROLES    AGE    VERSION
192.168.121.101   Ready,SchedulingDisabled   master   3d1h   v1.23.5
192.168.121.102   Ready,SchedulingDisabled   master   3d1h   v1.23.5
192.168.121.111   Ready                      node     3d1h   v1.23.5
192.168.121.112   Ready                      node     3d1h   v1.23.5
192.168.121.113   Ready                      node     5m7s   v1.23.5

3.2 添加master节点

bash 复制代码 
root@master1:/etc/kubeasz# ./ezctl add-master k8s-01 192.168.121.103
# 查看node状态
root@master1:/etc/kubeasz# kubectl get node
NAME              STATUS                     ROLES    AGE    VERSION
192.168.121.101   Ready,SchedulingDisabled   master   3d2h   v1.23.5
192.168.121.102   Ready,SchedulingDisabled   master   3d2h   v1.23.5
192.168.121.103   Ready,SchedulingDisabled   master   36m    v1.23.5       # 可以看到master已经添加成功
192.168.121.111   Ready                      node     3d2h   v1.23.5
192.168.121.112   Ready                      node     3d2h   v1.23.5
192.168.121.113   Ready                      node     58m    v1.23.5
相关推荐
方见华Richard9 分钟前
整数阶时间重参数化:基于自适应豪斯多夫维数的偏微分方程正则化新框架
人工智能·笔记·交互·原型模式·空间计算
好奇龙猫25 分钟前
【人工智能学习-AI入试相关题目练习-第十六次】
人工智能·学习
舟舟亢亢30 分钟前
JVM复习笔记——下
java·jvm·笔记
量子-Alex39 分钟前
【大模型课程笔记】斯坦福大学CS336 课程环境配置与讲座生成完整指南
人工智能·笔记
土拨鼠烧电路1 小时前
笔记04:价值链深度游:追踪一包纸巾的“数字一生”
笔记
BlackWolfSky1 小时前
鸿蒙中级课程笔记12—应用质量建议与测试指南
笔记·华为·harmonyos
啊我不会诶1 小时前
Codeforces Round 1071 (Div. 3) vp补题
开发语言·学习·算法
一体化运维管理平台2 小时前
容器监控难题破解:美信监控易全面支持K8s、Docker
云原生·容器·kubernetes
星火开发设计2 小时前
命名空间 namespace:解决命名冲突的利器
c语言·开发语言·c++·学习·算法·知识
卖芒果的潇洒农民2 小时前
20260201 GPT VPC中的CIDR Block 概念
笔记·gpt
热门推荐
01GitHub 镜像站点02Clawdbot 中文汉化版 接入微信、飞书03OpenClaw部署与配置教程:在Mac mini上接入国产大模型与飞书04OpenCode 入门教程:介绍 · 安装 · 配置第三方 API (如 Claude)052026美赛A题智能手机电池续航时间预测的连续时间数学模型06Linux下V2Ray安装配置指南07Claude Code Skills 实用使用手册08Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services09UV安装并设置国内源10在Trae中使用Pencil MCP