1.部署規劃
本次部署Kubernetes在國內網路環境下,資源鏡像使用阿里源,使用官方推薦Kubeadm工具,只部署1個master節點僅供測驗使用,資源配置(4CPU,記憶體4GB,硬碟50GB),作業系統選擇CentOS-7-x86_64-Minimal-1810.iso,大規模的生產環境不建議使用Kubeadm方式部署,
部署計劃:先部署Kubernetes v1.20.8版本,然后升級到 v1.21.3版本,
2.部署前準備作業
2.1.關閉防火墻
關閉防火墻的原因是,nftables后端兼容性問題,產生重復的防火墻規則,操作如下所示:
$ systemctl stop firewalld && systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.關閉防火墻后,然后查看一下狀態,確認一下是否已經關閉,操作和結果如下所示:
$ systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
Jul 26 03:33:20 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Jul 26 03:33:21 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
Jul 26 03:37:39 loki systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jul 26 03:37:42 loki systemd[1]: Stopped firewalld - dynamic firewall daemon.2.2.關閉selinux
關閉selinux的原因是,關閉selinux以允許容器訪問宿主機的檔案系統,操作如下所示:
$ sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
$ setenforce 0
2.3.關閉swap
關閉swap,考慮這個當記憶體不足時,linux會自動使用swap,將部分記憶體資料存放到磁盤中,這個這樣會使性能下降,為了性能考慮推薦關掉
臨時關閉swap操作如下所示(重啟機器后無效):
$ swapoff -a或,永久關閉swap方式操作如下(先要備份原有的fstab檔案,防止出錯后丟失):
$ yes | cp /etc/fstab /etc/fstab_bak
$ cat /etc/fstab_bak |grep -v swap > /etc/fstab
2.4.配置允許iptables 通過橋接流量
1)確保 br_netfilter 模塊已加載,操作命令如下所示:
$ cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF操作如下命令,驗證配置是否生效:
$ modprobe br_netfilter2)作為 Linux 節點的 iptables 正確查看橋接流量的要求,需要確保在 sysctl 配置中將 net.bridge.bridge-nf-call-iptables 設定為 1,操作命令如下所示:
$ cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF操作如下命令,使配置生效:
$ sysctl --system回傳如下,則說明配置生效無誤:
…………
* Applying /etc/sysctl.d/k8s.conf ...
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
…………2.5.安裝docker組件
2.5.1.簡要說明
本次安裝使用的是舊版本的Docker,因為不需要像docker-ce需要配置yum源,在國內網路環境下,直接“install”即可,簡易快速(操作如下文所示),
1.具體docker-ce與docker-ee區別
Docker-EE 代表 Docker 企業版,而 Docker-CE 代表社區版,它們都捆綁了 Docker Engine(運行 Docker 容器的平臺),除此之外,企業版還增加了一些面向企業的功能,例如影像管理和應用程式管理,
所以,本質上 Docker-CE 是“Docker 的開源”,而 Docker-EE 是 Docker for Enterprises,
2.Docker的歷史版本
過去 Docker 曾經使用標準的版本編號約定,大多數版本都是從 1.* 開始的,直到 2017 年 3 月,慣例被更改以反映每月/每季度的發布時間表,那時 Docker-CE 誕生了 17.03 (YY.MM) 版本,與此同時,具有舊命名約定的舊版本 Docker 繼續存在,最新的是 Docker 1.13,在大多數系統中,這創建了兩個不同的包:代表版本 <= 1.13 的 docker 和代表版本 >= 17.03 的 docker-ce(或 -ee),
參考資料:
- https://www.marksei.com/docker-docker-ce-docker-ee-and-moby-which-one-do-i-pick/
- https://docs.docker.com/engine/install/centos/
2.5.2.安裝Docker
安裝docker,操作命令如下所示:
$ yum install docker查看docker版本,操作命令如下所示:
$ docker version
Client:
Version: 1.13.1
API version: 1.26
Package version:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?注:如上最后一行,可以看到docker程式尚未運行,下面將啟動docker,
啟動docker以及查看docker啟動后的狀態,確認是否啟動成功,操作命令如下所示:
$ systemctl enable --now docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
$ systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2021-07-26 03:49:46 EDT; 4s ago
…………
3.部署Kubernetes
3.1.配置Kubernetes源檔案
配置kubernetes的yum安全源檔案,在國內網路環境下,本次配置使用阿里鏡像源,配置如下操作所示:
$ vim /etc/yum.repos.d/kubernetes.repo[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg清理舊快取,建立新快取
$ yum clean all && yum makecache查看可以安裝的kubeadm版本號,操作命令如下所示:
$ yum list --showduplicates kubeadm --disableexcludes=kubernetes回傳資訊中,看到本次安裝需要的版本“1.20.8-0”
…………
kubeadm.x86_64 1.20.5-0 kubernetes
kubeadm.x86_64 1.20.6-0 kubernetes
kubeadm.x86_64 1.20.7-0 kubernetes
kubeadm.x86_64 1.20.8-0 kubernetes
kubeadm.x86_64 1.20.9-0 kubernetes
kubeadm.x86_64 1.21.0-0 kubernetes
…………3.2.安裝kubelet,kubectl組件以及部署工具kubeadm
安裝kubelet,kubeadm以及kubectl三個組件指定版本,格式如:“<組件名稱>-<版本號>“,本次安裝版本為“v1.20.8”,操作命令如下所示:
$ yum install kubelet-1.20.8 kubeadm-1.20.8 kubectl-1.20.8安裝完后,查看kubectl版本號:
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.8", GitCommit:"5575935422cc1cf5169dfc8847cb587aa47bac5a", GitTreeState:"clean", BuildDate:"2021-06-16T13:00:45Z", GoVersion:"go1.15.13", Compiler:"gc", Platform:"linux/amd64"}
The connection to the server localhost:8080 was refused - did you specify the right host or port?查看kubeadm版本號:
$ kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.8", GitCommit:"5575935422cc1cf5169dfc8847cb587aa47bac5a", GitTreeState:"clean", BuildDate:"2021-06-16T12:58:46Z", GoVersion:"go1.15.13", Compiler:"gc", Platform:"linux/amd64"}3.3.部署Kubernetes
部署操作命令如下所示:
$ kubeadm init \
--image-repository registry.aliyuncs.com/google_containers
--kubernetes-version v1.20.8
--pod-network-cidr=192.168.0.0/16引數說明:
1)“--image-repository”,本次部署在國內網路環境下,指定使用阿里鏡像倉庫的Kubernetes各組件鏡像,簡易快速;
2)“--kubernetes-version”,部署集群的版本是“v1.20.8”;
3)“--pod-network-cidr”,為了方便后面部署Pod通信網路組件calico,配置的pod網路段與calico部署默認的網路段保持一致,
部署完后,控制臺打出的日志最后一部分如下所示,顯示成功部署:
……………
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.130.100:6443 --token rdezq8.aug8yr22c0hmnjsc \
--discovery-token-ca-cert-hash sha256:41cec755874d780a609141fbc2480e0762f899bbd32637eb327ec82dec91f9e7如上最后一行顯示的“kubeadm join……”是為集群加入作業節點的命令token、hash值等,本次操作只有一個節點,這條命令不執行,
如上控制臺打出的日志,還有一部分作業需要操作,不然kubectl命令無效,操作如下所示:
$ mkdir -p $HOME/.kube
$ cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ chown $(id -u):$(id -g) $HOME/.kube/config然后可以查看Kubernetes節點資訊,操作如下所示:
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
loki NotReady control-plane,master 69s v1.20.8可以看到節點狀態是NotReady,因為網路組件還沒安裝,各Pod之間尚不能通信,
查看各命名空間下的Pod資訊,操作如下所示:
$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-7f89b7bc75-mzhgx 0/1 Pending 0 64s
kube-system coredns-7f89b7bc75-nrb79 0/1 Pending 0 64s
.. .. .. ..如上可以看到NDS決議服務coredns的pod還處于Pending狀態未運行,也是因為網路組件還沒安裝,
3.4.安裝網路組件Calico
網路組件Calico安裝使用Operator方式,該方式用于管理 Kubernetes上Calico安裝的生命周期,可以使 Calico的安裝、升級和持續生命周期管理盡可能簡單可靠,
1)首先,使用在線yaml檔案,安裝Calico Operator和自定義資源定義(也可以將該yaml下載到本機環境,直接運行創建),操作與回傳結果如下所示:
$ kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/imagesets.operator.tigera.io created
customresourcedefinition.apiextensions.k8s.io/installations.operator.tigera.io created
customresourcedefinition.apiextensions.k8s.io/tigerastatuses.operator.tigera.io created
namespace/tigera-operator created
podsecuritypolicy.policy/tigera-operator created
serviceaccount/tigera-operator created
clusterrole.rbac.authorization.k8s.io/tigera-operator created
clusterrolebinding.rbac.authorization.k8s.io/tigera-operator created
deployment.apps/tigera-operator created2)通過創建必要的自定義資源來安裝 Calico,操作與回傳結果如下所示:
$ kubectl create -f https://docs.projectcalico.org/manifests/custom-resources.yaml
installation.operator.tigera.io/default created等待幾分鐘后,查看節點狀態,操作與回傳結果如下所示:
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
loki Ready control-plane,master 6m28s v1.20.8查看各個命名空間下的Pod資訊,操作與回傳結果如下所示:
$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
calico-system calico-kube-controllers-5689d4dfdf-tg9k9 1/1 Running 0 3m8s
calico-system calico-node-ks4wq 1/1 Running 0 3m8s
calico-system calico-typha-5fb8684855-tmcdb 1/1 Running 0 3m9s
kube-system coredns-7f89b7bc75-mzhgx 1/1 Running 0 6m26s
kube-system coredns-7f89b7bc75-nrb79 1/1 Running 0 6m26s
kube-system etcd-loki 1/1 Running 0 6m39s
kube-system kube-apiserver-loki 1/1 Running 0 6m39s
kube-system kube-controller-manager-loki 1/1 Running 0 6m39s
kube-system kube-proxy-zspvt 1/1 Running 0 6m26s
kube-system kube-scheduler-loki 1/1 Running 0 6m39s
tigera-operator tigera-operator-86c4fc874f-9n94x 1/1 Running 0 4m18s如上所示,看到NDS決議服務coredns已經正常Running,而且新增了calio組件的相關Pod也在正常運行,
注:具體calico詳細介紹,部署以及配置請查看官方檔案:
1)https://github.com/tigera/operator
2)https://docs.projectcalico.org/getting-started/kubernetes/quickstart
4.運行負載示例測驗
Kubernetes的master節點默認不調度除集群組件外的其他負載Pod運行,本次環境僅為測驗環境,不作為生產環境,先移除該限制,
洗掉master節點上的污點限制,以便Pod調度到master節點,操作與回傳結果如下所示:
$ kubectl taint nodes --all node-role.kubernetes.io/master-
node/loki untainted撰寫一個簡易的測驗負載Pod,操作與撰寫內容如下所示:
$ vim pod-hello.yamlapiVersion: apps/v1
kind: Deployment
metadata:
name: pod-hello
spec:
selector:
matchLabels:
app: pod-hello
replicas: 1
template:
metadata:
labels:
app: pod-hello
spec:
containers:
- name: hello
image: busybox
command: ['sh', '-c', 'echo "Hello, Kubernetes!" && sleep 120000']
restartPolicy: "Always"運行該Pod,操作與回傳結果如下所示:
$ kubectl apply -f pod-hello.yaml
deployment.apps/pod-hello created查看該負載Pod,操作與回傳結果如下所示:
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
pod-hello-667f48bfd6-bcqgl 1/1 Running 0 2m15s查看該負載Pod運行日志,操作與回傳結果如下所示:
$ kubectl logs pod/pod-hello-667f48bfd6-bcqgl
Hello, Kubernetes!5.安裝kubernetes儀表盤
首先為kubernetes dashboard創建獨立的命名空間“kubernetes-dashboard”,操作與回傳結果如下所示:
$ kubectl create ns kubernetes-dashboard
namespace/kubernetes-dashboard created創建dashbord訪問所需的RBAC特權的資源賬號,操作與撰寫內容如下所示:
$ vim admin-user.yamlapiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: cluster-view
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- watch
- nonResourceURLs:
- '*'
verbs:
- get
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: view-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: view-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-view
subjects:
- kind: ServiceAccount
name: view-user
namespace: kubernetes-dashboard運行該yaml,操作與回傳結果如下所示:
$ kubectl apply -f admin-user.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
clusterrole.rbac.authorization.k8s.io/cluster-view created
serviceaccount/view-user created
clusterrolebinding.rbac.authorization.k8s.io/view-user created部署kubernetes-dashboard,操作與回傳結果如下所示:
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
Warning: resource namespaces/kubernetes-dashboard is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
namespace/kubernetes-dashboard configured
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard configured
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created為kubernetes-dashboard創建服務,并且將埠以nodeport方式暴漏出來(本示例使用30443,也可以使用別的埠,范圍:30000-32767), 操作與撰寫內容如下所示:
$ vim k8s-dashboard.yamlkind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30443
selector:
k8s-app: kubernetes-dashboard運行該yaml,操作與回傳結果如下所示:
$ kubectl apply -f k8s-dashboard.yaml
service/kubernetes-dashboard created查看kubernetes-dashboard的Pod,
$ kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-79c5968bdc-dkvmf 1/1 Running 0 82s
kubernetes-dashboard-658485d5c7-4twfq 1/1 Running 0 82s查看kubernetes-dashboard的服務,
$ kubectl get svc -n kubernetes-dashboard -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
dashboard-metrics-scraper ClusterIP 10.100.108.229 <none> 8000/TCP 3m16s k8s-app=dashboard-metrics-scraper
kubernetes-dashboard NodePort 10.100.33.243 <none> 443:30443/TCP 3m38s k8s-app=kubernetes-dashboard可以看到埠30443是暴露出來可以訪問的,
瀏覽打開,輸入地址https://IP+PORT,如下所示:
如上提示輸入token,如下操作命名獲取準入token:
$ kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"將得到的token輸入到上述頁面出,可以進入dashboard頁面,如下所示:
注:具體kubernetes-dashboard介紹,部署,配置等詳細資訊查閱github官方檔案
1)https://github.com/kubernetes/dashboard
2)https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/README.md
6.升級Kubernetes
之前步驟安裝的版本是“v1.20.8”,接下來的升級示范,升級至“v1.21.3”,
6.1.驅逐負載
升級該節點,防止還有負載調度到該節點,影響運行,首先將該節點設為禁止調度,操作與回傳結果如下所示:
$ kubectl cordon loki
node/loki cordoned查看節點驗證:
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
loki Ready,SchedulingDisabled control-plane,master 32m v1.20.8可以看到該節點狀態多了“SchedulingDisabled”,調度禁止狀態,
然后該節點上的負載也要驅逐到別的節點上,不然也影響運行,驅逐操作與回傳結果如下所示:
$ kubectl drain loki
node/loki already cordoned
error: unable to drain node "loki", aborting command...
There are pending nodes to be drained:
loki
cannot delete DaemonSet-managed Pods (use --ignore-daemonsets to ignore): calico-system/calico-node-ks4wq, kube-system/kube-proxy-zspvt
cannot delete Pods with local storage (use --delete-emptydir-data to override): kubernetes-dashboard/dashboard-metrics-scraper-79c5968bdc-dkvmf, kubernetes-dashboard/kubernetes-dashboard-658485d5c7-4twfq如上,DaemonSet和使用本機存盤的POD驅逐不了,本次示例,不用關心,
6.2.升級部署工具Kubeadm
首先查看可以升級的Kubeadm有哪些版本,操作如下所示
$ yum list --showduplicates kubeadm --disableexcludes=kubernetes回傳資訊中,看到本次安裝需要的版本“1.21.3-0”:
…………
kubeadm.x86_64 1.20.7-0 kubernetes
kubeadm.x86_64 1.20.8-0 kubernetes
kubeadm.x86_64 1.20.9-0 kubernetes
kubeadm.x86_64 1.21.0-0 kubernetes
kubeadm.x86_64 1.21.1-0 kubernetes
kubeadm.x86_64 1.21.2-0 kubernetes
kubeadm.x86_64 1.21.3-0 kubernetes
…………升級kubeadm指定版本,格式如:“<組件名稱>-<版本號>“,本次升級版本為“v1.21.3”,操作命令如下所示:
$ yum install kubeadm-1.21.3-0 --disableexcludes=kubernetes安裝升級完無誤后,查看當前Kubeadm版本,操作如下所示:
$ kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.3", GitCommit:"ca643a4d1f7bfe34773c74f79527be4afd95bf39", GitTreeState:"clean", BuildDate:"2021-07-15T21:03:28Z", GoVersion:"go1.16.6", Compiler:"gc", Platform:"linux/amd64"}6.3.升級Kubernetes
檢查可升級到哪些版本,并驗證您當前的集群是否可升級,操作如下所示:
$ kubeadm upgrade plan回傳結果查看到,當前集群可以升級,可以升級到v1.20.9,或v1.21.3,如下回傳結果只展示v1.21.3,所示:
…………
Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply':
COMPONENT CURRENT TARGET
kubelet 1 x v1.20.8 v1.21.3
Upgrade to the latest stable version:
COMPONENT CURRENT TARGET
kube-apiserver v1.20.8 v1.21.3
kube-controller-manager v1.20.8 v1.21.3
kube-scheduler v1.20.8 v1.21.3
kube-proxy v1.20.8 v1.21.3
CoreDNS 1.7.0 v1.8.0
etcd 3.4.13-0 3.4.13-0
You can now apply the upgrade by executing the following command:
kubeadm upgrade apply v1.21.3
………………接下來,將Kubernetes升級到指定版本,操作如下所示:
$ kubeadm upgrade apply v1.21.3 --etcd-upgrade=false引數說明:
- “--etcd-upgrade”:不升級Etcd;
回傳結果如下所示,說明升級成功完畢:
…………
[upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.21.3". Enjoy!
[upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven't already done so.6.4.升級組件Kubelet和kubectl
同樣升級到v1.21.3版本,操作如下所示:
$ yum install kubelet-1.21.3-0 kubectl-1.21.3-0 --disableexclude=kubernetes升級安裝完畢后,重啟kubelet,以及查看狀態,操作如下所示:
$ systemctl daemon-reload && systemctl restart kubelet && systemctl status kubelet等待幾分鐘后,查看節點狀態以及版本號,操作與回傳結果如下所示:
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
loki Ready,SchedulingDisabled control-plane,master 71m v1.21.36.5.后續操作
恢復節點調度,操作與回傳結果如下所示:
$ kubectl uncordon loki
node/loki uncordoned查看節點狀態,禁止調度已經去除,操作與回傳結果如下所示:
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
loki Ready control-plane,master 71m v1.21.37.問題匯總
7.1.[ERROR Swap]: running with swap on is not supported
在部署Kubernetes時候可能會報出swap錯誤“[ERROR Swap]: running with swap on is not supported. Please disable swap”,這個錯誤顯而易見,而且給出了解決措施,
$ kubeadm init \
> --image-repository registry.aliyuncs.com/google_containers \
> --kubernetes-version v1.20.8 \
> --pod-network-cidr=192.168.0.0/16
[init] Using Kubernetes version: v1.20.8
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR Swap]: running with swap on is not supported. Please disable swap
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher之前操作已經關閉了swap,但是只是臨時關閉,重啟機器后失效,具體關閉操作如下
臨時關閉swap操作如下所示(重啟機器后無效):
$ swapoff -a或,永久關閉swap方式操作如下(先要備份原有的fstab檔案,防止出錯后丟失):
$ yes | cp /etc/fstab /etc/fstab_bak
$ cat /etc/fstab_bak |grep -v swap > /etc/fstab7.2. Error: image google_containers/coredns:v1.8.0 not found
在升級Kubernetes操作中,遇到錯誤,“Error: image google_containers/coredns:v1.8.0 not found”,
在執行如下操作命令,回傳如下資訊:
$ kubeadm upgrade apply v1.21.3 --etcd-upgrade=false
[upgrade/config] Making sure the configuration is correct:
[upgrade/config] Reading configuration from the cluster...
[upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[preflight] Running pre-flight checks.
[upgrade] Running cluster health checks
[upgrade/version] You have chosen to change the cluster version to "v1.21.3"
[upgrade/versions] Cluster version: v1.20.8
[upgrade/versions] kubeadm version: v1.21.3
[upgrade/confirm] Are you sure you want to proceed with the upgrade? [y/N]: y
[upgrade/prepull] Pulling images required for setting up a Kubernetes cluster
[upgrade/prepull] This might take a minute or two, depending on the speed of your internet connection
[upgrade/prepull] You can also perform this action in beforehand using 'kubeadm config images pull'
[preflight] Some fatal errors occurred:
[ERROR ImagePull]: failed to pull image registry.aliyuncs.com/google_containers/coredns:v1.8.0: output: Trying to pull repository registry.aliyuncs.com/google_containers/coredns ...
Pulling repository registry.aliyuncs.com/google_containers/coredns
Error: image google_containers/coredns:v1.8.0 not found
, error: exit status 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher手動車嘗試拉取“coredns:v1.8.0”,
$ docker pull registry.aliyuncs.com/google_containers/coredns:v1.8.0
Trying to pull repository registry.aliyuncs.com/google_containers/coredns ...
Pulling repository registry.aliyuncs.com/google_containers/coredns
Error: image google_containers/coredns:v1.8.0 not found發現拉取不到該鏡像,查看本機已拉取到的coredns鏡像:
$ docker images | grep coredns
registry.aliyuncs.com/google_containers/coredns 1.7.0 bfe3a36ebd25 13 months ago 45.2 MB如上coredns版本是“1.7.0”,是kubernetes v1.20.8安裝的版本,版本號沒有“v”字樣,則手動拉取“coredns:1.8.0”測驗,
$ docker pull registry.aliyuncs.com/google_containers/coredns:1.8.0
Trying to pull repository registry.aliyuncs.com/google_containers/coredns ...
1.8.0: Pulling from registry.aliyuncs.com/google_containers/coredns
c6568d217a00: Already exists
5984b6d55edf: Pull complete
Digest: sha256:cc8fb77bc2a0541949d1d9320a641b82fd392b0d3d8145469ca4709ae769980e
Status: Downloaded newer image for registry.aliyuncs.com/google_containers/coredns:1.8.0這就是為什么之前報錯,拉取不到coredns:v1.8.0,但是coredns:1.8.0可以正常拉取到,接下來將coredns:1.8.0的tag標簽改為v1.8.0,
$ docker tag registry.aliyuncs.com/google_containers/coredns:1.8.0 registry.aliyuncs.com/google_containers/coredns:v1.8.0然后繼續去升級Kubernetes操作,就不會報錯之前拉取不到coredns:v1.8.0的錯誤了,
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/291603.html
標籤:其他
下一篇:用C完成一個小游戲:三子棋