27-k8s 1.23.17-将容器运行时改为containerd及集群节点升级
官方参考链接
一、检查现有的运行时环境
1.方法一: 查看节点信息
[root@master231 ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master231 Ready control-plane,master 8d v1.23.17 10.0.0.231 <none> Ubuntu 22.04.4 LTS 5.15.0-136-generic docker://20.10.24
worker232 Ready <none> 8d v1.23.17 10.0.0.232 <none> Ubuntu 22.04.4 LTS 5.15.0-136-generic docker://20.10.24
worker233 Ready <none> 4d20h v1.23.17 10.0.0.233 <none> Ubuntu 22.04.4 LTS 5.15.0-136-generic docker://20.10.24
2.方法二: 检查kubelet的配置文件
[root@master231 ~]# kubectl get nodes -o yaml | grep kubeadm.alpha.kubernetes.io/cri-socket
kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
[root@master231 ~]#
二、驱逐节点
1.驱逐worker233节点
[root@master231 ~]# kubectl drain worker233 --ignore-daemonsets --delete-emptydir-data
node/worker233 already cordoned
WARNING: ignoring DaemonSet-managed Pods: calico-system/calico-node-scwkd, calico-system/csi-node-driver-2mzq6, kube-system/kube-proxy-hxmzb, metallb-system/speaker-zpn5c
evicting pod kubernetes-dashboard/kubernetes-dashboard-5ccf77bb87-2xvwm
evicting pod default/stress-5585b5ccc-xmhp2
evicting pod default/stress-5585b5ccc-bb88m
evicting pod kube-system/metrics-server-6b4f784878-qjvwr
evicting pod kubernetes-dashboard/dashboard-metrics-scraper-9d986c98c-86bqb
pod/dashboard-metrics-scraper-9d986c98c-86bqb evicted
pod/kubernetes-dashboard-5ccf77bb87-2xvwm evicted
pod/metrics-server-6b4f784878-qjvwr evicted
pod/stress-5585b5ccc-bb88m evicted
pod/stress-5585b5ccc-xmhp2 evicted
node/worker233 drained
[root@master231 ~]#
[root@master231 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master231 Ready control-plane,master 8d v1.23.17
worker232 Ready <none> 8d v1.23.17
worker233 Ready,SchedulingDisabled <none> 4d20h v1.23.17
[root@master231 ~]#
2.停止kubelet进程
[root@worker233 ~]# systemctl disable --now kubelet
Removed /etc/systemd/system/multi-user.target.wants/kubelet.service.
[root@worker233 ~]#
[root@worker233 ~]# systemctl disable --now docker.service
Removed /etc/systemd/system/multi-user.target.wants/docker.service.
[root@worker233 ~]#
三、更换运行时
1.移除docker环境
[root@worker233 ~]# ./install-docker.sh r
2.安装Containerd
[root@worker233 ~]# ctr version
Client:
Version: v1.6.36
Revision: 88c3d9bc5b5a193f40b7c14fa996d23532d6f956
Go version: go1.22.7
Server:
Version: v1.6.36
Revision: 88c3d9bc5b5a193f40b7c14fa996d23532d6f956
UUID: 96ed7873-56f9-4c48-a643-585ad9c51dc5
[root@worker233 ~]#
3.修改kubelet的运行时环境
[root@worker233 ~]# cat /var/lib/kubelet/kubeadm-flags.env
KUBELET_KUBEADM_ARGS="--network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.6"
[root@worker233 ~]#
[root@worker233 ~]# ll /run/containerd/containerd.sock
srw-rw---- 1 root root 0 Apr 15 11:43 /run/containerd/containerd.sock=
[root@worker233 ~]#
[root@worker233 ~]# cat /var/lib/kubelet/kubeadm-flags.env
KUBELET_KUBEADM_ARGS="--network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.6 --container-runtime-endpoint=unix:///run/containerd/containerd.sock --container-runtime=remote"
[root@worker233 ~]#
4.修改Node节点的配置
[root@master231 ~]# kubectl edit no worker233
...
5 apiVersion: v1
6 kind: Node
7 metadata:
8 annotations:
9 csi.volume.kubernetes.io/nodeid: '{"csi.tigera.io":"worker233"}'
10 #kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
11 kubeadm.alpha.kubernetes.io/cri-socket: unix:///run/containerd/containerd.sock
5.启动kubelet组件
[root@worker233 ~]# systemctl enable --now kubelet
Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service → /lib/systemd/system/kubelet.service.
[root@worker233 ~]#
[root@master231 ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master231 Ready control-plane,master 8d v1.23.17 10.0.0.231 <none> Ubuntu 22.04.4 LTS 5.15.0-136-generic docker://20.10.24
worker232 Ready <none> 8d v1.23.17 10.0.0.232 <none> Ubuntu 22.04.4 LTS 5.15.0-136-generic docker://20.10.24
worker233 Ready,SchedulingDisabled <none> 4d21h v1.23.17 10.0.0.233 <none> Ubuntu 22.04.4 LTS 5.15.0-136-generic containerd://1.6.36
四、取消节点不可调度
[root@master231 ~]# kubectl uncordon worker233
node/worker233 uncordoned
[root@master231 ~]#
[root@master231 ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master231 Ready control-plane,master 8d v1.23.17 10.0.0.231 <none> Ubuntu 22.04.4 LTS 5.15.0-136-generic docker://20.10.24
worker232 Ready <none> 8d v1.23.17 10.0.0.232 <none> Ubuntu 22.04.4 LTS 5.15.0-136-generic docker://20.10.24
worker233 Ready <none> 4d21h v1.23.17 10.0.0.233 <none> Ubuntu 22.04.4 LTS 5.15.0-136-generic containerd://1.6.36
[root@master231 ~]#
五、修改其他节点的配置
1.移除metrics-server
[root@master231 ~]# kubectl delete -f high-availability-1.21+.yaml
serviceaccount "metrics-server" deleted
clusterrole.rbac.authorization.k8s.io "system:aggregated-metrics-reader" deleted
clusterrole.rbac.authorization.k8s.io "system:metrics-server" deleted
rolebinding.rbac.authorization.k8s.io "metrics-server-auth-reader" deleted
clusterrolebinding.rbac.authorization.k8s.io "metrics-server:system:auth-delegator" deleted
clusterrolebinding.rbac.authorization.k8s.io "system:metrics-server" deleted
service "metrics-server" deleted
deployment.apps "metrics-server" deleted
poddisruptionbudget.policy "metrics-server" deleted
apiservice.apiregistration.k8s.io "v1beta1.metrics.k8s.io" deleted
[root@master231 ~]#
2.驱逐Pod
[root@master231 ~]# kubectl drain worker232 --ignore-daemonsets --delete-emptydir-data
node/worker232 already cordoned
WARNING: ignoring DaemonSet-managed Pods: calico-system/calico-node-4cvnj, calico-system/csi-node-driver-7z4hj, kube-system/kube-proxy-29dbp, metallb-system/speaker-tgwql
node/worker232 drained
[root@master231 ~]#
[root@master231 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master231 Ready control-plane,master 8d v1.23.17
worker232 Ready,SchedulingDisabled <none> 8d v1.23.17
worker233 Ready <none> 4d21h v1.23.17
[root@master231 ~]#
3.后续步骤参考之前的笔记
六、验证集群是否正常工作
1.检查集群节点的运行时
[root@master231 ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master231 Ready control-plane,master 8d v1.23.17 10.0.0.231 <none> Ubuntu 22.04.4 LTS 5.15.0-136-generic containerd://1.6.36
worker232 Ready <none> 8d v1.23.17 10.0.0.232 <none> Ubuntu 22.04.4 LTS 5.15.0-136-generic containerd://1.6.36
worker233 Ready <none> 4d21h v1.23.17 10.0.0.233 <none> Ubuntu 22.04.4 LTS 5.15.0-136-generic containerd://1.6.36
[root@master231 ~]#
[root@master231 ~]# kubectl get nodes -o yaml | grep kubeadm.alpha.kubernetes.io/cri-socket
kubeadm.alpha.kubernetes.io/cri-socket: unix:///run/containerd/containerd.sock
kubeadm.alpha.kubernetes.io/cri-socket: unix:///run/containerd/containerd.sock
kubeadm.alpha.kubernetes.io/cri-socket: unix:///run/containerd/containerd.sock
2.环境准备
每台机器做好Harbor仓库的域名解析
[root@master231 ~]# echo 10.0.0.250 harbor250.xxx.com >> /etc/hosts
[root@master231 ~]#
[root@worker232 ~]# echo 10.0.0.250 harbor250.xxx.com >> /etc/hosts
[root@worker232 ~]#
[root@worker233 ~]# echo 10.0.0.250 harbor250.xxx.com >> /etc/hosts
[root@worker233 ~]#
3.创建Pod测试
[root@master231 ~]# cat > test-cni.yaml <<EOF
apiVersion: v1
kind: Pod
metadata:
name: xixi
spec:
nodeName: worker232
containers:
- image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
name: c1
---
apiVersion: v1
kind: Pod
metadata:
name: haha
spec:
nodeName: worker233
containers:
- image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v2
name: c1
EOF
[root@master231 ~]# kubectl apply -f test-cni.yaml
pod/xixi created
pod/haha created
[root@master231 ~]#
[root@master231 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
haha 1/1 Running 0 7s 10.100.140.105 worker233 <none> <none>
xixi 1/1 Running 0 7s 10.100.203.176 worker232 <none> <none>
[root@master231 ~]#
[root@master231 ~]#
七、集群节点升级
参考官方链接
https://kubernetes.io/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-upgrade/
本文来自博客园,作者:丁志岩,转载请注明原文链接:https://www.cnblogs.com/dezyan/p/18887716
浙公网安备 33010602011771号