k8s升级
官网下载二进制文件
官网
在官网下载相应版本的kubernetes-node-linux-amd64.tar.gz及kubernetes-server-linux-amd64.tar.gz,此处是1.15版本为例
升级node
kubelet
- 覆盖旧版本的kubelet
- 编写kubelet-config文件
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
failSwapOn: false
kubelet config详见
- 启动kubelet
kubelet --kubeconfig=/etc/kubernetes/kube-config --hostname-override=test-node1 --logtostderr=false --log-dir=/var/log/kubernetes --v=2 --config=/etc/kubernetes/kubelet-config
启动报错
failed to get container info for "/system.slice/docker.service": unknown container "/system.slice/docker.service"
解决方案在启动参数后面添加 --runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice
kube-proxy
升级master
升级kube-apiserver
- 替换kube-apiserver
- 修改配置文件
--storage-backend=etcd3 --etcd-servers=http://test-master:2379 --insecure-bind-address=127.0.0.1 --insecure-port=8080 --service-cluster-ip-range=169.169.0.0/16 --service-node-port-range=1-65535 --logtostderr=false --log-dir=/var/log/kubernetes --v=2 --authorization-mode=RBAC
升级kube-controller-manager
- 替换kube-controller-manager
升级kube-scheduler
- 替换kube-scheduler
报错
当通过执行kubectl exec 进入容器时,报错error: unable to upgrade connection: Unauthorized
- 修改node kubelet的配置文件
vi /etc/kubernetes/kubelet-config
------------------在文件末尾添加,认证确认
authentication:
anonymous:
enabled: true
----------------
# 然后重启kubelet
systemctl restart kubelet
- 在master节点上,添加认证用户,直接使用下列命令实现
kubectl create clusterrolebinding system:anonymous --clusterrole=cluster-admin --user=system:anonymous
重新实现,发现可以啦,进入pod完美。
kubectl exec报错error: unable to upgrade connection: Forbidden
为anonymous绑定cluster-admin权限
kubectl create clusterrolebinding system:anonymous --clusterrole=cluster-admin --user=system:anonymous
kubectl edit deploy 时报错Error from server (NotFound): the server could not find the requested resource
原因是kubectl未升级,将kubectl升级到相应版本
连接apiserver refused
如果node kube-config通过8080端口连接apiserver,则需要将apiserver的可信任ip调整为0.0.0.0