即便你的集群能够平稳运行,Kubernetes升级依旧是一项艰难的任务。由于每3个月Kubernetes会发布一个新版本,所以升级是十分必要的。如果一年内你不升级你的Kubernetes集群,你就会落后许多。Rancher致力于解决开发运维人员的痛点,于是创建了新的开源项目System Upgrade Controller可以帮助开发人员平滑升级。

System Upgrade Controller引入了一个新的Kubernetes自定义资源定义(CRD),称为Plan。现在Plan是处理升级进程的主要组件。以下是从git repo获取的架构图:

使用System Upgrade Controller自动升级K3s

升级K3s Kubernetes集群有两个主要要求:

  • CRD安装

  • 创建Plan

首先,让我们检查当前正在运行的K3s集群版本。

运行以下命令,即可快速安装:

#For master install:

curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.16.3-k3s.2 sh

#For joining nodes:

K3S_TOKEN is created at /var/lib/rancher/k3s/server/node-token on the server.

For adding nodes, K3S_URL and K3S_TOKEN needs to be passed:

curl -sfL https://get.k3s.io | K3S_URL=https://myserver:6443 K3S_TOKEN=XXX sh -

KUBECONFIG file is create at /etc/rancher/k3s/k3s.yaml location


kubectl get nodes

NAME               STATUS   ROLES    AGE   VERSION

kube-node-c155     Ready    <none>   25h   v1.16.3-k3s.2

kube-node-2404     Ready    <none>   25h   v1.16.3-k3s.2

kube-master-303d   Ready    master   25h   v1.16.3-k3s.2

现在,我们部署CRD:

kind: Namespace

metadata:

  name: system-upgrade

---

apiVersion: v1

kind: ServiceAccount

metadata:

  name: system-upgrade

  namespace: system-upgrade

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

  name:  system-upgrade

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: cluster-admin

subjects:

- kind: ServiceAccount

  name: system-upgrade

  namespace: system-upgrade

---

apiVersion: v1

kind: ConfigMap

metadata:

  name: default-controller-env

  namespace: system-upgrade

data:

  SYSTEM_UPGRADE_CONTROLLER_DEBUG: "false"

  SYSTEM_UPGRADE_CONTROLLER_THREADS: "2"

  SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: "900"

  SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: "99"

  SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: "Always"

  SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: "rancher/kubectl:v1.18.3"

  SYSTEM_UPGRADE_JOB_PRIVILEGED: "true"

  SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: "900"

  SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: "15m"

---

apiVersion: apps/v1

kind: Deployment

metadata:

  name: system-upgrade-controller

  namespace: system-upgrade

spec:

  selector:

    matchLabels:

      upgrade.cattle.io/controller: system-upgrade-controller

  template:

    metadata:

      labels:

        upgrade.cattle.io/controller: system-upgrade-controller # necessary to avoid drain

    spec:

      affinity:

        nodeAffinity:

          requiredDuringSchedulingIgnoredDuringExecution:

            nodeSelectorTerms:

              - matchExpressions:

                  - {key: "node-role.kubernetes.io/master", operator: In, values: ["true"]}

      serviceAccountName: system-upgrade

      tolerations:

        - key: "CriticalAddonsOnly"

          operator: "Exists"

        - key: "node-role.kubernetes.io/master"

          operator: "Exists"

          effect: "NoSchedule"

      containers:

        - name: system-upgrade-controller

          image: rancher/system-upgrade-controller:v0.5.0

          imagePullPolicy: IfNotPresent

          envFrom:

            - configMapRef:

                name: default-controller-env

          env:

            - name: SYSTEM_UPGRADE_CONTROLLER_NAME

              valueFrom:

                fieldRef:

                  fieldPath: metadata.labels['upgrade.cattle.io/controller']

            - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE

              valueFrom:

                fieldRef:

                  fieldPath: metadata.namespace

          volumeMounts:

            - name: etc-ssl

              mountPath: /etc/ssl

            - name: tmp

              mountPath: /tmp

      volumes:

        - name: etc-ssl

          hostPath:

            path: /etc/ssl

            type: Directory

        - name: tmp

          emptyDir: {}

将上面的yaml分解,它将创建以下组件:

  • system-upgrade命名空间

  • system-upgrade服务账户

  • system-upgrade ClusterRoleBinding

  • 用于设置容器中环境变量的config map

  • 实际部署

现在,我们来部署yaml:

#Get the Lateest release tag

curl -s "https://api.github.com/repos/rancher/system-upgrade-controller/releases/latest" | awk -F '"' '/tag_name/{print $4}'

v0.6.2

# Apply the controller manifest

kubectl apply -f https://raw.githubusercontent.com/rancher/system-upgrade-controller/v0.6.2/manifests/system-upgrade-controller.yaml

namespace/system-upgrade created

serviceaccount/system-upgrade created

clusterrolebinding.rbac.authorization.k8s.io/system-upgrade created

configmap/default-controller-env created

deployment.apps/system-upgrade-controller created

# Verify everything is running

kubectl get all -n system-upgrade

NAME                                             READY   STATUS    RESTARTS   AGE

pod/system-upgrade-controller-7fff98589f-blcxs   1/1     Running   0          5m26s

NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE

deployment.apps/system-upgrade-controller   1/1     1            1           5m28s

NAME                                                   DESIRED   CURRENT   READY   AGE

replicaset.apps/system-upgrade-controller-7fff98589f   1         1         1       5m28s

创建一个K3s升级Plan

现在,是时候创建一个升级Plan。我们将使用在Git repo示例文件夹中提到的示例Plan。

---

apiVersion: upgrade.cattle.io/v1

kind: Plan

metadata:

  name: k3s-server

  namespace: system-upgrade

  labels:

    k3s-upgrade: server

spec:

  concurrency: 1

  version: v1.17.4+k3s1

  nodeSelector:

    matchExpressions:

      - {key: k3s-upgrade, operator: Exists}

      - {key: k3s-upgrade, operator: NotIn, values: ["disabled", "false"]}

      - {key: k3s.io/hostname, operator: Exists}

      - {key: k3os.io/mode, operator: DoesNotExist}

      - {key: node-role.kubernetes.io/master, operator: In, values: ["true"]}

  serviceAccountName: system-upgrade

  cordon: true

#  drain:

#    force: true

  upgrade:

    image: rancher/k3s-upgrade

---

apiVersion: upgrade.cattle.io/v1

kind: Plan

metadata:

  name: k3s-agent

  namespace: system-upgrade

  labels:

    k3s-upgrade: agent

spec:

  concurrency: 2

  version: v1.17.4+k3s1

  nodeSelector:

    matchExpressions:

      - {key: k3s-upgrade, operator: Exists}

      - {key: k3s-upgrade, operator: NotIn, values: ["disabled", "false"]}

      - {key: k3s.io/hostname, operator: Exists}

      - {key: k3os.io/mode, operator: DoesNotExist}

      - {key: node-role.kubernetes.io/master, operator: NotIn, values: ["true"]}

  serviceAccountName: system-upgrade

  prepare:

    # Since v0.5.0-m1 SUC will use the resolved version of the plan for the tag on the prepare container.

    # image: rancher/k3s-upgrade:v1.17.4-k3s1

    image: rancher/k3s-upgrade

    args: ["prepare", "k3s-server"]

  drain:

    force: true

  upgrade:

    image: rancher/k3s-upgrade

拆解以上yaml,它将创建:

与表达式匹配的Plan,以了解需要升级的内容。所以在上述例子中,我们有2个plan:k3s-serverk3s-agent。node-role.kubernetes.io/master为true和k3s-upgrade的节点将被server Plan占用。带false的将由client Plan占用。所以标签必须要设置正确。接下来,我们来apply Plan。

#Set the Node Labels

kubectl label node kube-master-303d node-role.kubernetes.io/master=true

# Apply the plan manifest

kubectl apply -f https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/examples/k3s-upgrade.yaml

plan.upgrade.cattle.io/k3s-server created

plan.upgrade.cattle.io/k3s-agent created

# We see that the jobs have started

kubectl get jobs -n system-upgrade

NAME                                                              COMPLETIONS   DURATION   AGE

apply-k3s-server-on-kube-master-303d-with-9efdeac5f6ede78-125aa   0/1           40s        40s

apply-k3s-agent-on-kube-node-2404-with-9efdeac5f6ede78917-07df3   0/1           39s        39s

apply-k3s-agent-on-kube-node-c155-with-9efdeac5f6ede78917-9a585   0/1           39s        39s

# Upgrade in-progress, completed on the `node-role.kubernetes.io/master=true` node

kubectl get nodes

NAME               STATUS                     ROLES    AGE   VERSION

kube-node-2404     Ready,SchedulingDisabled   <none>   26h   v1.16.3-k3s.2

kube-node-c155     Ready,SchedulingDisabled   <none>   26h   v1.16.3-k3s.2

kube-master-303d   Ready                      master   26h   v1.17.4+k3s1

# In a few minutes all nodes get upgraded to latest version as per the plan

kubectl get nodes

NAME               STATUS   ROLES    AGE   VERSION

kube-node-2404     Ready    <none>   26h   v1.17.4+k3s1

kube-node-c155     Ready    <none>   26h   v1.17.4+k3s1

kube-master-303d   Ready    master   26h   v1.17.4+k3s1

我们的K3s Kubernetes升级完成!极为轻松而且十分顺利。Project可以更新底层操作系统并重启节点。欢迎尝试哟!

Github地址:

https://github.com/rancher/system-upgrade-controller

1款开源工具,实现自动化升级K3S集群!的更多相关文章

  1. 仅需5步,轻松升级K3s集群!

    Rancher 2.4是Rancher目前最新的版本,在这一版本中你可以通过Rancher UI对K3s集群进行升级管理. K3s是一个轻量级Kubernetes发行版,借助它你可以几分钟之内设置你的 ...

  2. 仅需60秒,使用k3sup快速部署高可用K3s集群

    作者简介 Dmitriy Akulov,连续创业者,16岁时搭建了开源CDN公共服务jsDelivr的v1版本.目前是边缘托管平台appfleet创始人. 原文链接: https://ma.ttias ...

  3. 多云搭建 K3S 集群

    作者:SRE运维博客 博客地址: https://www.cnsre.cn/ 文章地址:https://www.cnsre.cn/posts/211119132529/ 相关话题:https://ww ...

  4. 使用kubeadm平滑地升级kubenetes集群(v1.10.2到v1.10.3)

    写在前面 kubernetes是目前最炙手火热的容器管理.调度.编排平台,不仅拥有全面的生态系统,而且还开源.开放自治,谁贡献的多,谁的话语权就大,云提供商都有专门的工程师来从事kubernetes开 ...

  5. [自动化]基于kolla-ceph的自动化部署ceph集群

    kolla-ceph来源: 项目中的部分代码来自于kolla和kolla-ansible kolla-ceph的介绍: 1.镜像的构建很方便, 基于容器的方式部署,创建.删除方便 2.kolla-ce ...

  6. [自动化]基于kolla的自动化部署ceph集群

    kolla-ceph来源: 项目中的部分代码来自于kolla和kolla-ansible kolla-ceph的介绍: 1.镜像的构建很方便, 基于容器的方式部署,创建.删除方便 2.kolla-ce ...

  7. 不同云服务器下,ubuntu下开k3s集群

    首先先感谢老哥的文章:h构建多云环境下的K3S集群,但是我尝试在centos 8.2上面前面一直执行报错 并且安装glibc 2.17时还会报错make版本太低,所以直接放弃centos,投入ubun ...

  8. Ansible自动化部署K8S集群

    Ansible自动化部署K8S集群 1.1 Ansible介绍 Ansible是一种IT自动化工具.它可以配置系统,部署软件以及协调更高级的IT任务,例如持续部署,滚动更新.Ansible适用于管理企 ...

  9. 如何安装一个高可用K3s集群?

    作者介绍 Janakiram MSV是Janakiram & Associates的首席分析师,也是国际信息技术学院的兼职教师.他也是Google Qualified Developer.亚马 ...

随机推荐

  1. 新鲜出炉!2020年最新java面试题大全,面试突击必备!

    前言 发现网上很多Java面试题都没有答案,所以花了很长时间搜集整理出来了一套Java面试题,希望对大家有帮助哈~ 打算这几天每天更新15~20题.(这样有助于你们阅读和理解!)我们先从简单的开始 1 ...

  2. Python3 Socket

    Socket socket介绍 socket意为套接字,是应用层与传输层TCP/IP,UDP之间通信的中间软件抽象层,它是一组接口.使用时只需遵循socket的格式与规定去编程,让socket组织数据 ...

  3. Sound Forge批量转换音频格式,实现高效编辑音频

    Sound Forge的批量处理功能可以实现批量格式转换.批量添加效果等功能,让用户可以在处理其他音频编辑任务的同时,自动完成格式转换.效果添加等重复性任务.接下来,一起来看看如何借助批处理转换器实现 ...

  4. CDR魔镜插件是什么,有哪些功能?

    CDR魔镜插件是一款功能强大的CorelDRAW插件,很多CDR用户很早直接就有接触,因其强大的功能性和快速运行的特点被广大用户所喜爱,没有繁琐的选项,无论新人小白,还是制图高手都能够很快的适应,实现 ...

  5. 两款超好用的Mac读写ntfs软件推荐给大家

    活中我们免不了会使用一些硬盘设备来存储文件或者是数据,然而绝大多数的移动硬盘都是ntfs格式.Mac读写ntfs软件有很多,究竟哪一款适合我们? 首先,我们一起了解一下什么是ntfs格式.ntfs,是 ...

  6. Vim注释行的方法

    目录 一.Visual block 加注释 去注释 二.正则表达式 加注释 去注释 一.Visual block 加注释 1.首先按键盘上的ESC进入命令行模式 2.再按Ctrl+V进入VISUAL ...

  7. Gradle全局代理配置

    配置文件路径:C:\Users\myName\.gradle\gradle.properties 代理配置内容: systemProp.http.proxyHost=127.0.0.1 systemP ...

  8. JDBC【1】-- 入门之增删改查

    目录 1.jdbc是什么 2.使用IDEA开发 2.1 创建数据库,数据表 2.2 使用IDEA创建项目 1.jdbc是什么 JDBC(Java DataBase Connectivity,java数 ...

  9. 在Spring data中使用r2dbc

    目录 简介 依赖关系 数据库连接配置 数据库初始化 DAO操作 Service操作和Transaction controller 测试 简介 上篇文章我们讲到了怎么在Spring webFlux中使用 ...

  10. unittest框架中读取有特殊符号的配置文件内容的方法-configparser的RawConfigParser类应用

    在搭建Unittest框架中,出现了一个问题,配置文件.ini中,出现了特殊字符如何处理? 通过 1.configparser的第三方库对应的ConfigParser类,无法完成对特殊字符的读取: # ...