# 查看当前版本
[root@k8s-master ~]# kubectl version
Client Version: version.Info{Major:”1″, Minor:”27″, GitVersion:”v1.27.3″}
Server Version: version.Info{Major:”1″, Minor:”27″, GitVersion:”v1.27.3″}

# 查看节点状态
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane 100d v1.27.3
k8s-node1 Ready 100d v1.27.3
k8s-node2 Ready 100d v1.27.3

# 检查Pod状态
[root@k8s-master ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-abc12-xyz789 1/1 Running 0 100d
kube-system etcd-k8s-master 1/1 Running 0 100d
kube-system kube-apiserver-k8s-master 1/1 Running 0 100d
kube-system kube-controller-manager-k8s-master 1/1 Running 0 100d
kube-system kube-proxy-abc12 1/1 Running 0 100d
kube-system kube-scheduler-k8s-master 1/1 Running 0 100d

# 备份etcd
[root@k8s-master ~]# ETCDCTL_API=3 etcdctl snapshot save /backup/etcd-snapshot-$(date +%Y%m%d).db \
–endpoints=https://127.0.0.1:2379 \
–cacert=/etc/kubernetes/pki/etcd/ca.crt \
–cert=/etc/kubernetes/pki/etcd/server.crt \
–key=/etc/kubernetes/pki/etcd/server.key
Snapshot saved at /backup/etcd-snapshot-20260404.db

# 备份配置文件
[root@k8s-master ~]# cp -r /etc/kubernetes /backup/kubernetes-backup-$(date +%Y%m%d)

# 检查可用升级版本
[root@k8s-master ~]# kubeadm upgrade plan
[preflight] Running pre-flight checks.
[upgrade] Running cluster health checks
[upgrade] Fetching available versions to upgrade to
[upgrade/versions] Cluster version: v1.27.3
[upgrade/versions] kubeadm version: v1.28.3
I0423 23:00:00.000000 12345 version.go:256] remote version is much newer: v1.29.3; falling back to: v1.28.3
[upgrade/versions] Target version: v1.28.3
[upgrade/versions] Latest version in the v1.27 series: v1.27.6

Components that must be upgraded manually after you have upgraded the control plane:
COMPONENT CURRENT TARGET
kubelet 3 x v1.27.3 v1.28.3

Upgrade to the latest stable version:

COMPONENT CURRENT TARGET
kube-apiserver v1.27.3 v1.28.3
kube-controller-manager v1.27.3 v1.28.3
kube-scheduler v1.27.3 v1.28.3
kube-proxy v1.27.3 v1.28.3
CoreDNS v1.10.1 v1.10.1
etcd 3.5.7-0 3.5.9-0

# 升级kubeadm
[root@k8s-master ~]# yum install -y kubeadm-1.28.3 –disableexcludes=kubernetes
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
kubeadm x86_64 1.28.3-0 kubernetes 11 M

Transaction Summary
================================================================================
Install 1 Package

Total download size: 11 M
Installed size: 45 M
Downloading Packages:
kubeadm-1.28.3-0.x86_64.rpm 11 MB/s | 11 MB 00:01
——————————————————————————–
Total 11 MB/s | 11 MB 00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Preparing : 1/1
Upgrading : kubeadm-1.28.3-0.x86_64 1/1
Cleanup : kubeadm-1.27.3-0.x86_64 2/2
Verifying : kubeadm-1.28.3-0.x86_64 1/1

Upgraded:
kubeadm-1.28.3-0.x86_64

Complete!

# 验证kubeadm版本
[root@k8s-master ~]# kubeadm version
kubeadm version: &version.Info{Major:”1″, Minor:”28″, GitVersion:”v1.28.3″}

# 执行升级
[root@k8s-master ~]# kubeadm upgrade apply v1.28.3
[upgrade/config] Making sure the configuration is correct:
[upgrade/config] Reading configuration from the cluster…
[upgrade/config] FYI: You can look at this config file with ‘kubectl -n kube-system get cm kubeadm-config -o yaml’
[preflight] Running pre-flight checks.
[upgrade] Running cluster health checks
[upgrade/version] You have chosen to change the cluster version to “v1.28.3”
[upgrade/versions] Cluster version: v1.27.3
[upgrade/versions] kubeadm version: v1.28.3
[upgrade] Are you sure you want to proceed with the upgrade? [y/N]: y
[upgrade/prepull] Pulling images required for setting up a Kubernetes cluster
[upgrade/prepull] This might take a minute or two, depending on the speed of your internet connection
[upgrade/prepull] You can also perform this action in beforehand using ‘kubeadm config images pull’
[upgrade/apply] Upgrading your Static Pod-hosted control plane to version “v1.28.3” (timeout: 5m0s)…
[upgrade/etcd] Upgrading the TLS etcd static pod from v3.5.7 to v3.5.9
[upgrade/staticpods] Preparing for “etcd” upgrade
[upgrade/staticpods] Renewing etcd-server certificate
[upgrade/staticpods] Renewing etcd-peer certificate
[upgrade/staticpods] Renewing etcd-healthcheck-client certificate
[upgrade/staticpods] Moved new manifest to “/etc/kubernetes/manifests/etcd.yaml” and backed up old manifest to “/etc/kubernetes/tmp/kubeadm-backup-manifests-2026-04-04-23-00-00/etcd.yaml”
[upgrade/staticpods] Waiting for the kubelet to restart the component
[upgrade/staticpods] This might take a minute or two
[upgrade/etcd] etcd health check passed
[upgrade/staticpods] Preparing for “kube-apiserver” upgrade
[upgrade/staticpods] Renewing apiserver certificate
[upgrade/staticpods] Renewing apiserver-kubelet-client certificate
[upgrade/staticpods] Renewing front-proxy-client certificate
[upgrade/staticpods] Moved new manifest to “/etc/kubernetes/manifests/kube-apiserver.yaml” and backed up old manifest to “/etc/kubernetes/tmp/kubeadm-backup-manifests-2026-04-04-23-00-00/kube-apiserver.yaml”
[upgrade/staticpods] Waiting for the kubelet to restart the component
[upgrade/staticpods] This might take a minute or two
[upgrade/staticpods] Preparing for “kube-controller-manager” upgrade
[upgrade/staticpods] Moved new manifest to “/etc/kubernetes/manifests/kube-controller-manager.yaml” and backed up old manifest to “/etc/kubernetes/tmp/kubeadm-backup-manifests-2026-04-04-23-00-00/kube-controller-manager.yaml”
[upgrade/staticpods] Waiting for the kubelet to restart the component
[upgrade/staticpods] This might take a minute or two
[upgrade/staticpods] Preparing for “kube-scheduler” upgrade
[upgrade/staticpods] Moved new manifest to “/etc/kubernetes/manifests/kube-scheduler.yaml” and backed up old manifest to “/etc/kubernetes/tmp/kubeadm-backup-manifests-2026-04-04-23-00-00/kube-scheduler.yaml”
[upgrade/staticpods] Waiting for the kubelet to restart the component
[upgrade/staticpods] This might take a minute or two
[upload-config] Storing the configuration used in ConfigMap “kubeadm-config” in the “kube-system” Namespace
[kubelet] Creating a ConfigMap “kubelet-config” in namespace kube-system with the configuration for the kubelets in the cluster
[upgrade] Backing up kubelet config file to /etc/kubernetes/tmp/kubeadm-kubelet-config1234567890/config.yaml
[kubelet-start] Writing kubelet configuration to file “/var/lib/kubelet/config.yaml”
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

[upgrade/successful] SUCCESS!学习交流加群风哥微信: itpux-com Your cluster was upgraded to “v1.28.3”. Enjoy!

[upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven’t already done so.

# 驱逐节点上的Pod
[root@k8s-master ~]# kubectl drain k8s-node1 –ignore-daemonsets –delete-emptydir-data
node/k8s-node1 cordoned
WARNING: ignoring DaemonSet-managed Pods: kube-system/calico-node-abc12, kube-system/kube-proxy-abc12
evicting pod kube-system/coredns-abc12-xyz789
evicting pod default/fgedu-app-abc12-xyz789
pod/fgedu-app-abc12-xyz789 evicted
pod/coredns-abc12-xyz789 evicted
node/k8s-node1 drained

# 在Worker节点升级kubelet和kubeadm
[root@k8s-node1 ~]# yum install -y kubeadm-1.28.3 kubelet-1.28.3 –disableexcludes=kubernetes
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
kubeadm x86_64 1.28.3-0 kubernetes 11 M
kubelet x86_64 1.28.3-0 kubernetes 21 M

Transaction Summary
================================================================================
Install 2 Packages

Total download size: 32 M
Installed size: 120 M
Downloading Packages:
(1/2): kubeadm-1.28.3-0.x86_64.rpm 11 MB/s | 11 MB 00:01
(2/2): kubelet-1.28.3-0.x86_64.rpm 20 MB/s | 21 MB 00:01
——————————————————————————–
Total 25 MB/s | 32 MB 00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Preparing : from PG视频:www.itpux.com 1/1
Upgrading : kubeadm-1.28.3-0.x86_64 1/2
Upgrading : kubelet-1.28.3-0.x86_64 2/2
Running scriptlet: kubelet-1.28.3-0.x86_64 2/2
Cleanup : kubeadm-1.27.3-0.x86_64 3/4
Cleanup : kubelet-1.27.3-0.x86_64 4/4

Upgraded:
kubeadm-1.28.3-0.x86_64 kubelet-1.更多视频教程www.fgedu.net.cn28.3-0.x86_64

Complete!

# 更新kubelet配置
[root@k8s-node1 ~]# kubeadm upgrade node
[upgrade] Reading configuration from the cluster…
[upgrade] FYI: You can look at this config file with ‘kubectl -n kube-system get cm kubeadm-config -o yaml’
[preflight] Running pre-flight checks
[upgrade] Skipping phases. Not a control plane node.
[kubelet-start] Writing kubelet configuration to file “/var/lib/kubelet/config.yaml”
[upgrade] The configuration for this node was successfully updated!
[upgrade] Now you should upgrade the kubelet on this node.

# 重启kubelet
[root@k8s-node1 ~]# systemctl restart kubelet

# 恢复节点调度
[root@k8s-master ~]# kubectl uncordon k8s-node1
node/k8s-node1 uncordoned

# 验证节点版本
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane 100d v1.28.3
k8s-node1 Ready 100d v1.28.3
k8s-node2 Ready 100d v1.27.3

# 验证所有组件状态
[root@k8s-master ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {“health”:”true”,”reason”:””}

# 验证Pod状态
[root@k8s-master ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-abc12-xyz789 1/1 Running 0 5m
kube-system etcd-k8s-master 1/1 Running 0 5m
kube-system kube-apiserver-k8s-master 1/1 Running 0 5m
kube-system kube-controller-manager-k8s-master 1/1 Running 0 5m
kube-system kube-proxy-abc12 1/1 Running 0 5m
kube-system kube-scheduler-k8s-master 1/1 Running 0 5m

# 验证应用运行状态
[root@k8s-master ~]# kubectl get deploy -A
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
default fgedu-app 3/3 3 3 50d
kube-system coredns 2/2 2 2 100d

# 验证版本
[root@k8s-master ~]# kubectl version
Client Version: version.Info{Major:”1″, Minor:”28″, GitVersion:”v1.28.3″}
Server Version: version.Info{Major:”1″, Minor:”28″, GitVersion:”v1.28.3″}