# 查看当前版本
[root@k8s-master ~]# kubectl version
Client Version: version.Info{Major:”1″, Minor:”28″, GitVersion:”v1.28.0″, GitCommit:”abc123″, GitTreeState:”clean”, BuildDate:”2026-03-01T00:00:00Z”, GoVersion:”go1.21.5″, Compiler:”gc”, Platform:”linux/amd64″}
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: version.Info{Major:”1″, Minor:”28″, GitVersion:”v1.28.0″, GitCommit:”abc123″, GitTreeState:”clean”, BuildDate:”2026-03-01T00:00:00Z”, GoVersion:”go1.21.5″, Compiler:”gc”, Platform:”linux/amd64″}

# 查看可用版本
[root@k8s-master ~]# yum list –showduplicates kubeadm –disableexcludes=kubernetes
Available Packages
kubeadm.x86_64 1.28.0-0 kubernetes
kubeadm.x86_64 学习交流加群风哥微信: itpux-com 1.28.1-0 kubernetes
kubeadm.x86_64 1.28.2-0 kubernetes
kubeadm.x86_64 1.28.3-0 kubernetes

# 升级kubeadm
[root@k8s-master ~]# yum install -y kubeadm-1.28.3-0 –disableexcludes=kubernetes
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
U学习交流加群风哥QQ113257174pgrading:
kubeadm x86_64 1.28.3-0 kubernetes 9.5 M

Transaction Summary
================================================================================
Upgrade 1 Package

# 检查升级计划
[root@k8s-master ~]# kubeadm upgrade plan
[preflight] Running pre-flight checks.
[upgrade/config] Reading configuration from the cluster…
[upgrade/config] FYI: You can look at this config file with ‘kubectl -n kube-system get cm kubeadm-config -o yaml’
[upgrade] Running cluster health checks
[upgrade] Fetching available versions to upgrade to
[upgrade/versions] Cluster version: v1.28.0
[upgrade/versions] kubeadm version: v1.28.3
[upgrade/versions] Latest stable version: v1.28.3
[upgrade/versions] Latest version in the v1.28 series: v1.28.3

Components that must be upgraded manually after you have upgraded the control plane with ‘kubeadm upgrade apply’:
COMPONENT CURRENT TARGET
kubelet 1 x v1.28.0 v1.28.3
2 x v1.28.0 v1.28.3

Upgrade to the latest version in the v1.28 series:

COMPONENT CURRENT TARGET
kube-apiserver v1.28.0 v1.28.3
kube-con更多学习教程公众号风哥教程itpux_comtroller-manager v1.28.0 v1.28.3
kube-scheduler v1.28.0 v1.28.3
kube-proxy v1.28.0 v1.28.3
CoreDNS v1.10.1 v1.10.1
etcd 3.5.9-0 3.5.9-0

# 升级控制平面
[root@k8s-master ~]# kubeadm upgrade apply v1.28.3
[upgrade/config] Reading configuration from the cluster…
[upgrade/config] FYI: You can look at this config file with ‘kubectl -n kube-system get cm kubeadm-config -o yaml’
[preflight] Running pre-flight checks.
[upgrade] Running cluster health checks
[upgrade/version] You have chosen to change the cluster version to “v1.28.3”
[upgrade/versions] Cluster version: v1.28.0
[upgrade/versions] kubeadm version: v1.28.3
[upgrade] Are you sure you want to proceed? [y/N]: y
[upgrade/prepull] Pulling images required for setting up a Kubernetes cluster
[upgrade/prepull] This might take a minute or two, depending on the speed of your internet connection
[upgrade/prepull] You can also perform this action in beforehand using ‘kubeadm config images pull’
[upgrade/apply] Upgrading your Static Pod-hosted control plane to version “v1.28.3” (timeout: 5m0s)…
[upgrade/etcd] Upgrading the TLS etcd static pod
[upgrade/staticpods] Preparing for “etcd” upgrade
[upgrade/staticpods] Renewing etcd-server certificate
[upgrade/staticpods] Renewing etcd-peer certificate
[upgrade/staticpods] Renewing etcd-healthcheck-client certificate
[upgrade/staticpods] Moved new manifest to “/etc/kubernetes/manifests/etcd.yaml” and backed up old manifest to “/etc/kubernetes/tmp/kubeadm-backup-manifests-2026-04-04-12-00-00/etcd.yaml”
[upgrade/staticpods] Waiting for the kubelet to restart the component
[upgrade/staticpods] This might take a minute or two
[upgrade/etcd] etcd health check passed
[upgrade/staticpods] Preparing for “kube-apiserver” upgrade
[upgrade/staticpods] Renewing apiserver certificate
[upgrade/staticpods] Renewing apiserver-kubelet-client certificate
[upgrade/staticpods] Renewing front-proxy-client certificate
[upgrade/staticpods] Moved new manifest to “/etc/kubernetes/manifests/kube-apiserver.yaml” and backed up old manifest to “/etc/kubernetes/tmp/kubeadm-backup-manifests-2026-04-04-12-00-00/kube-apiserver.yaml”
[upgrade/staticpods] Waiting for the kubelet to restart the component
[upgrade/staticpods] This might take a minute or two
[apiclient] Found 1 Pods for node k8s-master
[upgrade/staticpods] Component “kube-apiserver” upgraded successfully!
[upgrade/staticpods] Preparing for “kube-controller-manager” upgrade
[upgrade/staticpods] Renewing controller-manager.conf certificate
[upgrade/staticpods] Moved new manifest to “/etc/kubernetes/manifests/kube-controller-manager.yaml” and backed up old manifest to “/etc/kubernetes/tmp/kubeadm-backup-manifests-2026-04-04-12-00-00/kube-controller-manager.yaml”
[upgrade/staticpods] Waiting for the kubelet to restart the component
[upgrade/staticpods] This might take a minute or two
[apiclient] Found 1 Pods for node k8s-master
[upgrade/staticpods] Component “kube-controller-manager” upgraded successfully!
[upgrade/staticpods] Preparing for “kube-scheduler” upgrade
[upgrade/staticpods] Renewing scheduler.conf certificate
[upgrade/staticpods] Moved new manifest to “/etc/kubernetes/manifests/kube-scheduler.yaml” and backed up old manifest to “/etc/kubernetes/tmp/kubeadm-backup-manifests-2026-04-04-12-00-00/kube-scheduler.yaml”
[upgrade/staticpods] Waiting for the kubelet to restart the component
[upgrade/staticpods] This might take a minute or two
[apiclient] Found 1 Pods for node k8s-master
[upgrade/staticpods] Component “kube-scheduler” upgraded successfully!
[upload-config] Storing the configuration used in ConfigMap “kubeadm-config” in the “kube-system” Namespace
[kubelet] Creating a ConfigMap “kubelet-config” in namespace kube-system with the configuration for the kubelets in the cluster
[upgrade] Backing up kubelet config file to /etc/kubernetes/tmp/kubeadm-backup-manifests-2026-04-04-12-00-00/kubelet-config.yaml
[kubelet-start] Writing kubelet configuration to file “/var/lib/kubelet/config.yaml”
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

[upgrade/successful] SUCCESS! Your cluster was upgraded to “v1.28.3”. Enjoy!

[upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven’t already done so.

# 升级kubelet
[root@k8s-master ~]# yum install -y kubelet-1.28.3-0 kubectl-1.28.3-0 –disableexcludes=kubernetes
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Upgrading:
kubectl x86_64 1.28.3-0 kubernetes 10 M
kubelet x86_64 1.28.3-0 kubernetes 19 M

Transaction Summary
================================================================================
Upgrade 2 Packages

# 重启kubelet
[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# systemctl restart kubelet

# 验证升级结果
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane 10d v1.28.3
k8s-node1 Ready 10d v1.28.0
k8s-node2 Ready 10d v1.28.0

# 备份etcd数据
[root@k8s-master ~]# ETCDCTL_API=3 etcdctl snapshot save /backup/etcd-snapshot-$(date +%Y%m%d).db \
–cacert=/etc/kubernetes/pki/etcd/ca.crt \
–cert=/etc/kubernetes/pki/etcd/server.crt \
–key=/etc/kubernetes/pki/etcd/server.key
Snapshot saved at /backup/etcd-snapshot-20260404.db

# 验证备份
[root@k8s-master ~]# ETCDCTL_API=3 etcdctl snapshot status /backup/etcd-snapshot-20260404.db
Snapshot SHA: abc123def456
Snapshot revision: 12345678
Snapshot total keys: 12345
Snapshot total size: 123 MB

# 备份kubeadm配置
[root@k8s-master ~]# kubectl -n kube-system get configmap kubeadm-config -o yaml > /backup/kubeadm-config.yamfrom PG视频:www.itpux.coml

# 备份证书
[root@k8s-master ~]# tar czf /backup/kubernetes-certs-$(date +%Y%m%d).tar.gz /etc/kubernetes/pki/
tar: Removing leading ‘/’ from member names

# 备份清单
[root@k8s-master ~]# kubectl get all -A -o yaml > /backup/kubernetes-resources-$(date +%Y%m%d).yaml

# 停止etcd
[root@k8s-master ~]# mv /etc/kubernetes/manifests/etcd.yaml /tmp/

# 恢复etcd数据
[root@k8s-master ~]# ETCDCTL_API=3 etcdctl snapshot restore /backup/etcd-snapshot-20260404.db \
–data-dir=/var/lib/etcd-restore
2026-04-04 13:00:00.123456 I | mvcc: restore compact to 12345678
2026-04-04 13:00:00.234567 I | etcdserver/membership: added member abc123 [http://localhost:2380] to cluster def456

# 更新etcd配置
[root@k8s-master ~]# mv /var/lib/etcd /var/lib/etcd.bak
[root@k8s-master ~]# mv /var/lib/etcd-restore /var/lib/etcd

# 启动etcd
[root@k8s-master ~]# mv /tmp/etcd.yaml /etc/kubernetes/manifests/

# 验证恢复
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane 10d v1.28.3
k8s-node1 Ready 10d v1.28.3
k8s-node2 Ready 10d v1.28.3