From ba67e131865b39e141d933f3e240be46987be372 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Leclerc?= Date: Mon, 8 Apr 2024 09:20:21 +0200 Subject: [PATCH] Update upgrade.fr.md --- labs/k8s/upgrade.fr.md | 151 ++++++++++++++++++++++++----------------- 1 file changed, 88 insertions(+), 63 deletions(-) diff --git a/labs/k8s/upgrade.fr.md b/labs/k8s/upgrade.fr.md index a115b6c..b6cf557 100644 --- a/labs/k8s/upgrade.fr.md +++ b/labs/k8s/upgrade.fr.md @@ -5,11 +5,22 @@ Machine : **master**, **worker-0**, **worker-1**
+Préparation de la mise à jour + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.zsh .numberLines} +curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring-1.28.gpg + +echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring-1.28.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee -a /etc/apt/sources.list.d/kubernetes.list + +sudo apt-get update +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Pour commencer, il faut mettre à jour kubeadm : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.zsh .numberLines} sudo apt-mark unhold kubeadm -sudo apt-get install kubeadm=1.24.10-00 +sudo apt-get install kubeadm=1.28.8-1.1 sudo apt-mark hold kubeadm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -36,36 +47,35 @@ Nous pouvons avoir un aperçu de l’upgrade de la façon suivante : sudo kubeadm upgrade plan -[upgrade/config] Making sure the configuration is correct: +[[upgrade/config] Making sure the configuration is correct: [upgrade/config] Reading configuration from the cluster... [upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' -W0206 09:34:54.193329 4187 initconfiguration.go:120] Usage of CRI endpoints without URL scheme is deprecated and can cause kubelet errors in the future. Automatically prepending scheme "unix" to the "criSocket" with value "/run/containerd/containerd.sock". Please update your configuration! [preflight] Running pre-flight checks. [upgrade] Running cluster health checks [upgrade] Fetching available versions to upgrade to -[upgrade/versions] Cluster version: v1.23.16 -[upgrade/versions] kubeadm version: v1.24.10 -I0206 09:34:58.968509 4187 version.go:256] remote version is much newer: v1.26.1; falling back to: stable-1.24 -[upgrade/versions] Target version: v1.24.10 -[upgrade/versions] Latest version in the v1.23 series: v1.23.16 +[upgrade/versions] Cluster version: v1.27.12 +[upgrade/versions] kubeadm version: v1.28.8 +I0408 06:40:22.060915 4163 version.go:256] remote version is much newer: v1.29.3; falling back to: stable-1.28 +[upgrade/versions] Target version: v1.28.8 +[upgrade/versions] Latest version in the v1.27 series: v1.27.12 Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply': -COMPONENT CURRENT TARGET -kubelet 3 x v1.23.16 v1.24.10 +COMPONENT CURRENT TARGET +kubelet 3 x v1.27.9 v1.28.8 Upgrade to the latest stable version: COMPONENT CURRENT TARGET -kube-apiserver v1.23.16 v1.24.10 -kube-controller-manager v1.23.16 v1.24.10 -kube-scheduler v1.23.16 v1.24.10 -kube-proxy v1.23.16 v1.24.10 -CoreDNS v1.8.6 v1.8.6 -etcd 3.5.6-0 3.5.6-0 +kube-apiserver v1.27.12 v1.28.8 +kube-controller-manager v1.27.12 v1.28.8 +kube-scheduler v1.27.12 v1.28.8 +kube-proxy v1.27.12 v1.28.8 +CoreDNS v1.10.1 v1.10.1 +etcd 3.5.9-0 3.5.12-0 You can now apply the upgrade by executing the following command: - kubeadm upgrade apply v1.24.10 + kubeadm upgrade apply v1.28.8 _____________________________________________________________________ @@ -80,9 +90,6 @@ kubeproxy.config.k8s.io v1alpha1 v1alpha1 no kubelet.config.k8s.io v1beta1 v1beta1 no _____________________________________________________________________ - - - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -93,7 +100,7 @@ Nous pouvons maintenant upgrade les composants du cluster : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.zsh .numberLines} -sudo kubeadm upgrade apply v1.24.10 +sudo kubeadm upgrade apply v1.28.8 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -101,62 +108,62 @@ sudo kubeadm upgrade apply v1.24.10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.zsh .numberLines} -[upgrade/config] Making sure the configuration is correct: +[[upgrade/config] Making sure the configuration is correct: [upgrade/config] Reading configuration from the cluster... [upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' -W0206 09:37:16.226531 4245 initconfiguration.go:120] Usage of CRI endpoints without URL scheme is deprecated and can cause kubelet errors in the future. Automatically prepending scheme "unix" to the "criSocket" with value "/run/containerd/containerd.sock". Please update your configuration! [preflight] Running pre-flight checks. [upgrade] Running cluster health checks -[upgrade/version] You have chosen to change the cluster version to "v1.24.10" -[upgrade/versions] Cluster version: v1.23.16 -[upgrade/versions] kubeadm version: v1.24.10 -[upgrade/confirm] Are you sure you want to proceed with the upgrade? [y/N]: y +[upgrade/version] You have chosen to change the cluster version to "v1.28.8" +[upgrade/versions] Cluster version: v1.27.12 +[upgrade/versions] kubeadm version: v1.28.8 +[upgrade] Are you sure you want to proceed? [y/N]: y [upgrade/prepull] Pulling images required for setting up a Kubernetes cluster [upgrade/prepull] This might take a minute or two, depending on the speed of your internet connection [upgrade/prepull] You can also perform this action in beforehand using 'kubeadm config images pull' -[upgrade/apply] Upgrading your Static Pod-hosted control plane to version "v1.24.10" (timeout: 5m0s)... +W0408 06:41:41.559443 4249 checks.go:835] detected that the sandbox image "registry.k8s.io/pause:3.6" of the container runtime is inconsistent with that used by kubeadm. It is recommended that using "registry.k8s.io/pause:3.9" as the CRI sandbox image. +[upgrade/apply] Upgrading your Static Pod-hosted control plane to version "v1.28.8" (timeout: 5m0s)... [upgrade/etcd] Upgrading to TLS for etcd [upgrade/staticpods] Preparing for "etcd" upgrade -[upgrade/staticpods] Current and new manifests of etcd are equal, skipping upgrade +[upgrade/staticpods] Renewing etcd-server certificate +[upgrade/staticpods] Renewing etcd-peer certificate +[upgrade/staticpods] Renewing etcd-healthcheck-client certificate +[upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/etcd.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2024-04-08-06-41-48/etcd.yaml" +[upgrade/staticpods] Waiting for the kubelet to restart the component +[upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s) +[apiclient] Found 1 Pods for label selector component=etcd +[upgrade/staticpods] Component "etcd" upgraded successfully! [upgrade/etcd] Waiting for etcd to become available -[upgrade/staticpods] Writing new Static Pod manifests to "/etc/kubernetes/tmp/kubeadm-upgraded-manifests1021044454" +[upgrade/staticpods] Writing new Static Pod manifests to "/etc/kubernetes/tmp/kubeadm-upgraded-manifests2343628394" [upgrade/staticpods] Preparing for "kube-apiserver" upgrade [upgrade/staticpods] Renewing apiserver certificate [upgrade/staticpods] Renewing apiserver-kubelet-client certificate [upgrade/staticpods] Renewing front-proxy-client certificate [upgrade/staticpods] Renewing apiserver-etcd-client certificate -[upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-apiserver.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2023-02-06-09-38-09/kube-apiserver.yaml" +[upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-apiserver.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2024-04-08-06-41-48/kube-apiserver.yaml" [upgrade/staticpods] Waiting for the kubelet to restart the component [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s) - - -..... -..... - - [apiclient] Found 1 Pods for label selector component=kube-apiserver [upgrade/staticpods] Component "kube-apiserver" upgraded successfully! [upgrade/staticpods] Preparing for "kube-controller-manager" upgrade [upgrade/staticpods] Renewing controller-manager.conf certificate -[upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-controller-manager.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2023-02-06-09-38-09/kube-controller-manager.yaml" +[upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-controller-manager.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2024-04-08-06-41-48/kube-controller-manager.yaml" [upgrade/staticpods] Waiting for the kubelet to restart the component [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s) [apiclient] Found 1 Pods for label selector component=kube-controller-manager [upgrade/staticpods] Component "kube-controller-manager" upgraded successfully! [upgrade/staticpods] Preparing for "kube-scheduler" upgrade [upgrade/staticpods] Renewing scheduler.conf certificate -[upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-scheduler.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2023-02-06-09-38-09/kube-scheduler.yaml" +[upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-scheduler.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2024-04-08-06-41-48/kube-scheduler.yaml" [upgrade/staticpods] Waiting for the kubelet to restart the component [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s) [apiclient] Found 1 Pods for label selector component=kube-scheduler [upgrade/staticpods] Component "kube-scheduler" upgraded successfully! -[upgrade/postupgrade] Removing the deprecated label node-role.kubernetes.io/master='' from all control plane Nodes. After this step only the label node-role.kubernetes.io/control-plane='' will be present on control plane Nodes. -[upgrade/postupgrade] Adding the new taint &Taint{Key:node-role.kubernetes.io/control-plane,Value:,Effect:NoSchedule,TimeAdded:,} to all control plane Nodes. After this step both taints &Taint{Key:node-role.kubernetes.io/control-plane,Value:,Effect:NoSchedule,TimeAdded:,} and &Taint{Key:node-role.kubernetes.io/master,Value:,Effect:NoSchedule,TimeAdded:,} should be present on control plane Nodes. [upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace [kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster +[upgrade] Backing up kubelet config file to /etc/kubernetes/tmp/kubeadm-kubelet-config1974182237/config.yaml [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes [bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials @@ -165,7 +172,7 @@ W0206 09:37:16.226531 4245 initconfiguration.go:120] Usage of CRI endpoints w [addons] Applied essential addon: CoreDNS [addons] Applied essential addon: kube-proxy -[upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.24.10". Enjoy! +[upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.28.8". Enjoy! [upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven't already done so. @@ -190,7 +197,7 @@ Nous devons maintenant mettre à jour la kubelet et kubectl : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.zsh .numberLines} sudo apt-mark unhold kubectl kubelet -sudo apt-get install kubectl=1.24.10-00 kubelet=1.24.10-00 +sudo apt-get install kubectl=1.28.8-1.1 kubelet=1.28.8-1.1 sudo apt-mark hold kubectl kubelet ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -207,21 +214,34 @@ Vérification de la mise à jour du **master** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.zsh .numberLines} kubectl get nodes -NAME STATUS ROLES AGE VERSION -master Ready,SchedulingDisabled control-plane 16m v1.24.10 -worker-0 Ready 15m v1.23.16 -worker-1 Ready 15m v1.23.16 +ubuntu@master:~$ kubectl get nodes +NAME STATUS ROLES AGE VERSION +master Ready control-plane 19m v1.28.8 +worker-0 Ready 14m v1.27.9 +worker-1 Ready 14m v1.27.9 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Nous devons maintenant mettre à jour les workers : -A faire sur les noeud 1 et 2 +A faire sur les noeud **worker-0 et worker-1** + + +Préparation de la mise à jour + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.zsh .numberLines} +curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring-1.28.gpg + +echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring-1.28.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee -a /etc/apt/sources.list.d/kubernetes.list + +sudo apt-get update +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.zsh .numberLines} -training@worker-0$ sudo apt-mark unhold kubeadm -training@worker-0$ sudo apt-get install kubeadm=1.24.10-00 -training@worker-0$ sudo apt-mark hold kubeadm +sudo apt-mark unhold kubeadm +sudo apt-get install kubeadm=1.28.8-1.1 +sudo apt-mark hold kubeadm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Comme pour le master, nous devons drain les noeuds workers : @@ -238,16 +258,19 @@ kubectl drain worker-0 --ignore-daemonsets Nous devons maintenant mettre à jour la configuration de notre worker-0 : + +Sur le worker-0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.zsh .numberLines} -training@worker-0$ sudo kubeadm upgrade node +sudo kubeadm upgrade node ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.zsh .numberLines} [upgrade] Reading configuration from the cluster... -[upgrade] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml' +[upgrade] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' [preflight] Running pre-flight checks [preflight] Skipping prepull. Not a control plane node. [upgrade] Skipping phase. Not a control plane node. +[upgrade] Backing up kubelet config file to /etc/kubernetes/tmp/kubeadm-kubelet-config2717758596/config.yaml [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [upgrade] The configuration for this node was successfully updated! [upgrade] Now you should go ahead and upgrade the kubelet package using your package manager. @@ -256,20 +279,21 @@ training@worker-0$ sudo kubeadm upgrade node Enfin, comme pour le master nous devons mettre a jour la kubelet et kubectl : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.zsh .numberLines} -training@worker-0$ sudo apt-mark unhold kubectl kubelet -training@worker-0$ sudo apt-get install kubectl=1.24.10-00 kubelet=1.24.10-00 -training@worker-0$ sudo apt-mark hold kubectl kubelet +sudo apt-mark unhold kubectl kubelet +sudo apt-get install kubectl=1.28.8-1.1 kubelet=1.28.8-1.1 +sudo apt-mark hold kubectl kubelet ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ En prenant soin de redémarrer la kubelet : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.zsh .numberLines} -training@worker-0$ sudo systemctl daemon-reload -training@worker-0$ sudo systemctl restart kubelet +sudo systemctl daemon-reload +sudo systemctl restart kubelet ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sans oublier de remettre le noeud en marche : +Sur le master ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.zsh .numberLines} kubectl uncordon worker-0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -279,13 +303,14 @@ Nous pouvons maintenant lister les noeuds : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.zsh .numberLines} kubectl get nodes -NAME STATUS ROLES AGE VERSION -master Ready,SchedulingDisabled control-plane 16m v1.24.10 -worker-0 Ready 15m v1.24.10 -worker-1 Ready 15m v1.23.16 +kubectl get nodes +NAME STATUS ROLES AGE VERSION +master Ready control-plane 25m v1.28.8 +worker-0 Ready 19m v1.28.8 +worker-1 Ready 19m v1.27.9 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Passez à la mise à jour du noeud 2 +Passez à la mise à jour du noeud **worker-1** Et lister les pods pour vérifier que tout est fonctionnel :