即便你的集群能够平稳运行,Kubernetes升级依旧是一项艰难的任务。由于每3个月Kubernetes会发布一个新版本,所以升级是十分必要的。如果一年内你不升级你的Kubernetes集群,你就会落后许多。Rancher致力于解决开发运维人员的痛点,于是创建了新的开源项目System Upgrade Controller可以帮助开发人员平滑升级。

System Upgrade Controller引入了一个新的Kubernetes自定义资源定义(CRD),称为Plan。现在Plan是处理升级进程的主要组件。以下是从git repo获取的架构图:

使用System Upgrade Controller自动升级K3s

升级K3s Kubernetes集群有两个主要要求:

  • CRD安装

  • 创建Plan

首先,让我们检查当前正在运行的K3s集群版本。

运行以下命令,即可快速安装:

#For master install:

curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.16.3-k3s.2 sh

#For joining nodes:

K3S_TOKEN is created at /var/lib/rancher/k3s/server/node-token on the server.

For adding nodes, K3S_URL and K3S_TOKEN needs to be passed:

curl -sfL https://get.k3s.io | K3S_URL=https://myserver:6443 K3S_TOKEN=XXX sh -

KUBECONFIG file is create at /etc/rancher/k3s/k3s.yaml location


kubectl get nodes

NAME               STATUS   ROLES    AGE   VERSION

kube-node-c155     Ready    <none>   25h   v1.16.3-k3s.2

kube-node-2404     Ready    <none>   25h   v1.16.3-k3s.2

kube-master-303d   Ready    master   25h   v1.16.3-k3s.2

现在,我们部署CRD:

kind: Namespace

metadata:

  name: system-upgrade

---

apiVersion: v1

kind: ServiceAccount

metadata:

  name: system-upgrade

  namespace: system-upgrade

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

  name:  system-upgrade

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: cluster-admin

subjects:

- kind: ServiceAccount

  name: system-upgrade

  namespace: system-upgrade

---

apiVersion: v1

kind: ConfigMap

metadata:

  name: default-controller-env

  namespace: system-upgrade

data:

  SYSTEM_UPGRADE_CONTROLLER_DEBUG: "false"

  SYSTEM_UPGRADE_CONTROLLER_THREADS: "2"

  SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: "900"

  SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: "99"

  SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: "Always"

  SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: "rancher/kubectl:v1.18.3"

  SYSTEM_UPGRADE_JOB_PRIVILEGED: "true"

  SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: "900"

  SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: "15m"

---

apiVersion: apps/v1

kind: Deployment

metadata:

  name: system-upgrade-controller

  namespace: system-upgrade

spec:

  selector:

    matchLabels:

      upgrade.cattle.io/controller: system-upgrade-controller

  template:

    metadata:

      labels:

        upgrade.cattle.io/controller: system-upgrade-controller # necessary to avoid drain

    spec:

      affinity:

        nodeAffinity:

          requiredDuringSchedulingIgnoredDuringExecution:

            nodeSelectorTerms:

              - matchExpressions:

                  - {key: "node-role.kubernetes.io/master", operator: In, values: ["true"]}

      serviceAccountName: system-upgrade

      tolerations:

        - key: "CriticalAddonsOnly"

          operator: "Exists"

        - key: "node-role.kubernetes.io/master"

          operator: "Exists"

          effect: "NoSchedule"

      containers:

        - name: system-upgrade-controller

          image: rancher/system-upgrade-controller:v0.5.0

          imagePullPolicy: IfNotPresent

          envFrom:

            - configMapRef:

                name: default-controller-env

          env:

            - name: SYSTEM_UPGRADE_CONTROLLER_NAME

              valueFrom:

                fieldRef:

                  fieldPath: metadata.labels['upgrade.cattle.io/controller']

            - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE

              valueFrom:

                fieldRef:

                  fieldPath: metadata.namespace

          volumeMounts:

            - name: etc-ssl

              mountPath: /etc/ssl

            - name: tmp

              mountPath: /tmp

      volumes:

        - name: etc-ssl

          hostPath:

            path: /etc/ssl

            type: Directory

        - name: tmp

          emptyDir: {}

将上面的yaml分解,它将创建以下组件:

  • system-upgrade命名空间

  • system-upgrade服务账户

  • system-upgrade ClusterRoleBinding

  • 用于设置容器中环境变量的config map

  • 实际部署

现在,我们来部署yaml:

#Get the Lateest release tag

curl -s "https://api.github.com/repos/rancher/system-upgrade-controller/releases/latest" | awk -F '"' '/tag_name/{print $4}'

v0.6.2

# Apply the controller manifest

kubectl apply -f https://raw.githubusercontent.com/rancher/system-upgrade-controller/v0.6.2/manifests/system-upgrade-controller.yaml

namespace/system-upgrade created

serviceaccount/system-upgrade created

clusterrolebinding.rbac.authorization.k8s.io/system-upgrade created

configmap/default-controller-env created

deployment.apps/system-upgrade-controller created

# Verify everything is running

kubectl get all -n system-upgrade

NAME                                             READY   STATUS    RESTARTS   AGE

pod/system-upgrade-controller-7fff98589f-blcxs   1/1     Running   0          5m26s

NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE

deployment.apps/system-upgrade-controller   1/1     1            1           5m28s

NAME                                                   DESIRED   CURRENT   READY   AGE

replicaset.apps/system-upgrade-controller-7fff98589f   1         1         1       5m28s

创建一个K3s升级Plan

现在,是时候创建一个升级Plan。我们将使用在Git repo示例文件夹中提到的示例Plan。

---

apiVersion: upgrade.cattle.io/v1

kind: Plan

metadata:

  name: k3s-server

  namespace: system-upgrade

  labels:

    k3s-upgrade: server

spec:

  concurrency: 1

  version: v1.17.4+k3s1

  nodeSelector:

    matchExpressions:

      - {key: k3s-upgrade, operator: Exists}

      - {key: k3s-upgrade, operator: NotIn, values: ["disabled", "false"]}

      - {key: k3s.io/hostname, operator: Exists}

      - {key: k3os.io/mode, operator: DoesNotExist}

      - {key: node-role.kubernetes.io/master, operator: In, values: ["true"]}

  serviceAccountName: system-upgrade

  cordon: true

#  drain:

#    force: true

  upgrade:

    image: rancher/k3s-upgrade

---

apiVersion: upgrade.cattle.io/v1

kind: Plan

metadata:

  name: k3s-agent

  namespace: system-upgrade

  labels:

    k3s-upgrade: agent

spec:

  concurrency: 2

  version: v1.17.4+k3s1

  nodeSelector:

    matchExpressions:

      - {key: k3s-upgrade, operator: Exists}

      - {key: k3s-upgrade, operator: NotIn, values: ["disabled", "false"]}

      - {key: k3s.io/hostname, operator: Exists}

      - {key: k3os.io/mode, operator: DoesNotExist}

      - {key: node-role.kubernetes.io/master, operator: NotIn, values: ["true"]}

  serviceAccountName: system-upgrade

  prepare:

    # Since v0.5.0-m1 SUC will use the resolved version of the plan for the tag on the prepare container.

    # image: rancher/k3s-upgrade:v1.17.4-k3s1

    image: rancher/k3s-upgrade

    args: ["prepare", "k3s-server"]

  drain:

    force: true

  upgrade:

    image: rancher/k3s-upgrade

拆解以上yaml,它将创建:

与表达式匹配的Plan,以了解需要升级的内容。所以在上述例子中,我们有2个plan:k3s-serverk3s-agent。node-role.kubernetes.io/master为true和k3s-upgrade的节点将被server Plan占用。带false的将由client Plan占用。所以标签必须要设置正确。接下来,我们来apply Plan。

#Set the Node Labels

kubectl label node kube-master-303d node-role.kubernetes.io/master=true

# Apply the plan manifest

kubectl apply -f https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/examples/k3s-upgrade.yaml

plan.upgrade.cattle.io/k3s-server created

plan.upgrade.cattle.io/k3s-agent created

# We see that the jobs have started

kubectl get jobs -n system-upgrade

NAME                                                              COMPLETIONS   DURATION   AGE

apply-k3s-server-on-kube-master-303d-with-9efdeac5f6ede78-125aa   0/1           40s        40s

apply-k3s-agent-on-kube-node-2404-with-9efdeac5f6ede78917-07df3   0/1           39s        39s

apply-k3s-agent-on-kube-node-c155-with-9efdeac5f6ede78917-9a585   0/1           39s        39s

# Upgrade in-progress, completed on the `node-role.kubernetes.io/master=true` node

kubectl get nodes

NAME               STATUS                     ROLES    AGE   VERSION

kube-node-2404     Ready,SchedulingDisabled   <none>   26h   v1.16.3-k3s.2

kube-node-c155     Ready,SchedulingDisabled   <none>   26h   v1.16.3-k3s.2

kube-master-303d   Ready                      master   26h   v1.17.4+k3s1

# In a few minutes all nodes get upgraded to latest version as per the plan

kubectl get nodes

NAME               STATUS   ROLES    AGE   VERSION

kube-node-2404     Ready    <none>   26h   v1.17.4+k3s1

kube-node-c155     Ready    <none>   26h   v1.17.4+k3s1

kube-master-303d   Ready    master   26h   v1.17.4+k3s1

我们的K3s Kubernetes升级完成!极为轻松而且十分顺利。Project可以更新底层操作系统并重启节点。欢迎尝试哟!

Github地址:

https://github.com/rancher/system-upgrade-controller

1款开源工具,实现自动化升级K3S集群!的更多相关文章

  1. 仅需5步,轻松升级K3s集群!

    Rancher 2.4是Rancher目前最新的版本,在这一版本中你可以通过Rancher UI对K3s集群进行升级管理. K3s是一个轻量级Kubernetes发行版,借助它你可以几分钟之内设置你的 ...

  2. 仅需60秒,使用k3sup快速部署高可用K3s集群

    作者简介 Dmitriy Akulov,连续创业者,16岁时搭建了开源CDN公共服务jsDelivr的v1版本.目前是边缘托管平台appfleet创始人. 原文链接: https://ma.ttias ...

  3. 多云搭建 K3S 集群

    作者:SRE运维博客 博客地址: https://www.cnsre.cn/ 文章地址:https://www.cnsre.cn/posts/211119132529/ 相关话题:https://ww ...

  4. 使用kubeadm平滑地升级kubenetes集群(v1.10.2到v1.10.3)

    写在前面 kubernetes是目前最炙手火热的容器管理.调度.编排平台,不仅拥有全面的生态系统,而且还开源.开放自治,谁贡献的多,谁的话语权就大,云提供商都有专门的工程师来从事kubernetes开 ...

  5. [自动化]基于kolla-ceph的自动化部署ceph集群

    kolla-ceph来源: 项目中的部分代码来自于kolla和kolla-ansible kolla-ceph的介绍: 1.镜像的构建很方便, 基于容器的方式部署,创建.删除方便 2.kolla-ce ...

  6. [自动化]基于kolla的自动化部署ceph集群

    kolla-ceph来源: 项目中的部分代码来自于kolla和kolla-ansible kolla-ceph的介绍: 1.镜像的构建很方便, 基于容器的方式部署,创建.删除方便 2.kolla-ce ...

  7. 不同云服务器下,ubuntu下开k3s集群

    首先先感谢老哥的文章:h构建多云环境下的K3S集群,但是我尝试在centos 8.2上面前面一直执行报错 并且安装glibc 2.17时还会报错make版本太低,所以直接放弃centos,投入ubun ...

  8. Ansible自动化部署K8S集群

    Ansible自动化部署K8S集群 1.1 Ansible介绍 Ansible是一种IT自动化工具.它可以配置系统,部署软件以及协调更高级的IT任务,例如持续部署,滚动更新.Ansible适用于管理企 ...

  9. 如何安装一个高可用K3s集群?

    作者介绍 Janakiram MSV是Janakiram & Associates的首席分析师,也是国际信息技术学院的兼职教师.他也是Google Qualified Developer.亚马 ...

随机推荐

  1. mysql密码问题

    这位老哥的: 版权声明:本文为CSDN博主「csdn-华仔」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明.原文链接:https://blog.csdn.net/ ...

  2. 重新认识C++的"cin >>"、"cout <<" 简简单单 - 快快乐乐

    重新认识C++的"cin >>"."cout <<" 简简单单 - 快快乐乐 JERRY_Z. ~ 2020 / 11 / 24 转载请 ...

  3. 厉害!这份阿里面试官 甩出的Spring源码笔记,GitHub上已经爆火

    前言 时至今日,Spring 在 Java 生态系统与就业市场上,面试出镜率之高,投产规模之广,无出其右.随着技术的发展,Spring 从往日的 IoC 框架,已发展成 Cloud Native 基础 ...

  4. Guitar Pro小课堂之如何演奏刮弦

    每当我们听到吉他现场演出的时候,看到吉他手在激烈的刮弦时,都觉得很酷,非常有感染力.刮弦在我们弹吉他或编曲时,会经常用到,虽然时间很短,但会为你加分不少. 那么我们应该如何演奏刮弦呢,我们先用E5和弦 ...

  5. Word1-提取图片文字

    1.OneNote # 将图片以图片格式粘贴在OneNote中-右键选择"复制图片中的文本"-粘贴"只保留文本"即可 这种方式识别率较高!!! 2.手机QQ图片 ...

  6. 接上一篇:(三) Spring环境搭建

    3.1.获取 Spring framework jar 包 (一) spring官网下载 (二)spring的核心包 (三) 配置 XML 1. 新建立一个 xml.名字任意,如 applicatio ...

  7. Linux 学习笔记03丨Linux文件系统、文件基本属性、目录处理及文件查看

    Chapter 2. 文件系统 2.1 Linux 系统目录结构 命令窗口下输入命令: $ ls /,能够看到根目录下的全部目录及文件 树状目录结构为: 最顶级的目录: / :根目录 / 是根目录,~ ...

  8. 2. 三数之和(数组、hashset)

    思路及算法: 该题与第一题的"两数之和"相似,三数之和为0,不就是两数之和为第三个数的相反数吗?因为不能重复,所以,首先进行了一遍排序:其次,在枚举的时候判断了本次的第三个数的值是 ...

  9. windows中flask的环境搭建

    之前在ctf中遇到了python模板注入的题,于是就打算学习一下flask框架,它是基于Python的Web轻量级应用框架,与其他框架相比,Flask可以自主选择应用组件,可扩展性强. 安装也简单 第 ...

  10. Django+Nginx+uWSGI生产环境部署

    生产环境中的数据流 参考文档: wsgi详解:https://blog.csdn.net/li_101357/article/details/52748323 wsgi协议介绍(萌新版):https: ...