kubernetes1.13升级到1.14

发表于 3年以前 | 总阅读数：352 次

升级准备

本次升级主要参考官方Upgrading kubeadm clusters from v1.13 to v1.14

升级之前注意事项(翻译自官方文档)：

1.13.0以上，使用kubeadm部署的kubernetes集群
Swap分区需要disabled
集群的控制平面个数和etcd pods需要是确定的。
认真阅读release notes。
备份。主要是备份一些重要的组件，比如database等。虽然升级不会调整业务负载，仅仅调整kubernetes，但是备份总是没错的。
所有的容器都会被重启，因为hash值会变化。
只能够进行小版本的升级，并且升级过程不能够跳级，比如从1.y到1.y+1,而不能够从1.y到1.y+2

按照要求查看kubernetes 1.14 更改说明重点阅读Urgent Upgrade Notes，结合自己业务，并没有发现特别重大的变动，可以放心升级。

kubernetes集群是按照kubernetes 1.13 全新安装指南搭建，如下:

[hall@192-168-10-21 ~]$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
192-168-10-14 Ready master 36h v1.13.0
192-168-10-18 Ready <none> 103d v1.13.0
192-168-10-21 Ready master 104d v1.13.0

业务数据备份，就不用介绍了。实际上安全起见最好先在测试集群上进行升级，通过后再考虑正式集群的升级。

升级过程主要变化的是kubernetes系统服务，重点是kubelet，所以将kubelet配置备份一下更为稳妥，方法如下：

1 查看kubelet服务配置:

[root@192-168-10-94 ~]# systemctl status kubelet
● kubelet.service - kubelet: The Kubernetes Node Agent
Loaded: loaded (/etc/systemd/system/kubelet.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/kubelet.service.d
└─10-kubeadm.conf
Active: active (running) since 二 2019-03-19 18:38:46 CST; 1 weeks 1 days ago
Docs: https://kubernetes.io/docs/
Main PID: 6033 (kubelet)
Tasks: 17
Memory: 59.1M
CGroup: /system.slice/kubelet.service
└─6033 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --cgroup-driver=cgroupfs --network-plugin=cni --pod-infra-container-image=re...

2 查看服务的配置文件 10-kubeadm.conf :

[root@192-168-10-94 ~]# cat /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS

3 备份涉及的配置文件

/etc/kubernetes/bootstrap-kubelet.conf (可能并不存在，没有也没有关系)
/etc/kubernetes/kubelet.conf
/var/lib/kubelet/kubeadm-flags.env
/etc/sysconfig/kubelet

下面正式开始升级过程。

升级主控节点

升级之前，一定要确保具有多个控制节点，这样可以保障集群的可用。单一控制节点，升级万一挂了，怕是比较麻烦。添加控制节点的方法，参考上文的kubernetes 1.13 全新安装指南。

如果没有特殊说明本文除 kubectl 以外的命令，都是使用 root 账号执行。

1 先检查一下repo源中kubeadm是否更新到 1.14.0 的版本

yum list --showduplicates kubeadm --disableexcludes=kubernetes

我本地的源没有找到 1.14.0 。使用下面命令清理，后再行检查可以得到 1.14.0

yum--disablerepo=\*--enablerepo=kubernetes clean all

2 再次查看kubeadm版本信息

[root@192-168-10-21 ~]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.4", GitCommit:"c27b913fddd1a6c480c229191a087698aa92f0b1", GitTreeState:"clean", BuildDate:"2019-02-28T13:35:32Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}

3 安装kubeadm工具

yum install -y kubeadm-1.14.0-0 --disableexcludes=kubernetes

4 确认kubeadm版本升级完成

[root@192-168-10-21 ~]# kubeadm version 
kubeadm version: &version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.0", GitCommit:"641856db18352033a0d96dbc99153fa3b27298e5", GitTreeState:"clean", BuildDate:"2019-03-25T15:51:21Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/amd64"}

5 升级检查和方案

[root@192-168-10-21 ~]# kubeadm upgrade plan
[preflight] Running pre-flight checks.
[upgrade] Making sure the cluster is healthy:
[upgrade/config] Making sure the configuration is correct:
[upgrade/config] Reading configuration from the cluster...
[upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[upgrade] Fetching available versions to upgrade to
[upgrade/versions] Cluster version: v1.13.0
[upgrade/versions] kubeadm version: v1.14.0

Awesome, you're up-to-date! Enjoy!

kubeadm upgrade apply v1.14.0

这里的提示信息和官方文档有出入，不过这是正常的信息。

6 升级kubeadm到1.14

kubeadm upgrade apply v1.14.0

这个执行过程，视集群情况，大概会执行几分钟，输出信息也比较多，大概如下:

[root@192-168-10-21 ~]# kubeadm upgrade apply v1.14.0
[preflight] Running pre-flight checks.
[upgrade] Making sure the cluster is healthy:

.....

[upgrade/staticpods] Component "kube-scheduler" upgraded successfully!
[upload-config] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.14" in namespace kube-system with the configuration for the kubelets in the cluster
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

[upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.14.0". Enjoy!

[upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven't already done so.

7 检查CNI情况，确定是否要升级

kubernetes架构，网络部分确定Container Network Interface接口，具体实现交由其它组件。我的集群使用flannel，检查一下：

kubectl get pods -n kube-system
...
kubectl describe pod/kube-flannel-ds-amd64-5xxh7 -n kube-system
...
Image: quay.io/coreos/flannel:v0.11.0-amd64

使用的是 0.11，查看flannel主页得知已经是最新版，这一步不用处理。

8 升级kubectl和kubelet

yum install -y kubelet-1.14.0-0 kubectl-1.14.0-0 --disableexcludes=kubernetes

9 重启kubelet

[root@192-168-10-21 ~]# systemctl restart kubelet
Warning: kubelet.service changed on disk. Run 'systemctl daemon-reload' to reload units.
[root@192-168-10-21 ~]# systemctl daemon-reload
[root@192-168-10-21 ~]# systemctl restart kubelet

实际上，重启kubelet失败，报错：Failed to start ContainerManager failed to initialise top level QOS containers。排查过程请见附1

10 检查升级结果

[hall@192-168-10-21 ~]$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
192-168-10-14 Ready master 38h v1.13.0
192-168-10-18 Ready <none> 103d v1.13.0
192-168-10-21 Ready master 104d v1.14.0

192-168-10-21的状态为 Ready ，版本也变为 1.14.0 ，主控节点升级成功。

其它控制节点升级

参考上文升级好kubeadm，kubectl和kubelet工具。
升级到1.14

主控节点已经执行了检查和升级，192-168-10-14只需要执行 kubeadm upgrade apply v1.14.0。

不幸的是，又遇到了一点状况 failed to get APIEndpoint information for this node，排查过程请见附2

重启kubelet
检查升级结果

[hall@192-168-10-21 ~]$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
192-168-10-14 Ready master 39h v1.14.0
192-168-10-18 Ready <none> 103d v1.13.0
192-168-10-21 Ready master 104d v1.14.0

业务节点升级

1 临时备份

因为集群就一个业务节点，为安全起见，先调整一个控制节点，用于临时支撑业务：

[tyhall51@192-168-10-21 ~]$ kubectl taint node 192-168-10-14 node-role.kubernetes.io/master-
node/192-168-10-14 untainted

然后业务节点临时增加污点，防止升级期间调度：

[tyhall51@192-168-10-21 ~]$ kubectl drain 192-168-10-18 --ignore-daemonsets
node/192-168-10-18 cordoned
error: unable to drain node "192-168-10-18", aborting command...

There are pending nodes to be drained:
192-168-10-18
error: cannot delete Pods with local storage (use --delete-local-data to override): kube-system/elasticsearch-logging-0, kube-system/elasticsearch-logging-1, kube-system/monitoring-influxdb-8b7d57f5c-2bhlw

2 安装kubeadm工具

3 升级kubedam到1.14

[root@192-168-10-18 ~]# kubeadm upgrade node config --kubelet-version v1.14.0
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[upgrade] The configuration for this node was successfully updated!
[upgrade] Now you should go ahead and upgrade the kubelet package using your package manager.

4 升级kubectl和kubelet

kubelet同样需要重启

5 还原临时备份

先取消业务节点污点

[tyhall51@192-168-10-21 ~]$ kubectl uncordon 192-168-10-18
node/192-168-10-18 uncordoned

然后还原master节点

[tyhall51@192-168-10-21 ~]$ kubectl taint node 192-168-10-14 node-role.kubernetes.io/master=:NoSchedule
node/192-168-10-14 tainted

6 检查结果

[tyhall51@192-168-10-21 ~]$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
192-168-10-14 Ready master 40h v1.14.0
192-168-10-18 Ready <none> 103d v1.14.0
192-168-10-21 Ready master 104d v1.14.0

以上，完成了kubernetes从1.13到1.14的升级，整体上讲，升级过程比较轻松。总结一下升级过程:

详细阅读升级指南，完成重要业务信息备份，完成kubelet配置。
升级主要控制节点。
升级其它控制节点。
升级业务节点。

附

1 . kubelet重启失败

kubelet重启失败， systemctl status kubelet 中错误信息：

Failed to start ContainerManager failed to initialise top level QOS containers

参考https://github.com/kubernetes/kubernetes/issues/43704提示在kubelet启动时候增加 --cgroups-per-qos=false --enforce-node-allocatable="" 即可解决。之前备份kubelet的配置时候知道 /var/lib/kubelet/kubeadm-flags.env 中定义kubelet的启动参数，在其中加上，重启kubelet，恢复正常。

1 . kubeadm 升级失败

[root@192-168-10-14 ~]# kubeadm upgrade apply v1.14.0
[preflight] Running pre-flight checks.
[upgrade] Making sure the cluster is healthy:
[upgrade/config] Making sure the configuration is correct:
[upgrade/config] Reading configuration from the cluster...
[upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[upgrade/config] FATAL: failed to getAPIEndpoint: failed to get APIEndpoint information for this node

根据提示，使用编辑 kubectl-n kube-system edit cm kubeadm-config-oyaml kubeadm-config, 调整apiEndpoints为:apiEndpoints:192-168-10-21:advertiseAddress:192.168.10.21bindPort:6443192-168-10-14:advertiseAddress:192.168.10.14bindPort:6443继续执行kubeadm upgrade apply v1.14.0，正常完成。