KubeSphere教程FG037-KubeSphere离线更新与组件升级实战
本教程详细介绍KubeSphere中离线更新与组件升级的实战操作,包括基础概念、生产环境规划、具体实施方案和实战案例。风哥教程参考KubeSphere官方文档KubeSphere容器平台使用指南、KubeSphere升级指南、KubeSphere离线安装文档等相关内容。
目录大纲
Part01-基础概念与理论知识
1.1 离线更新核心概念
离线更新是指在没有外网连接的环境中更新KubeSphere,它包括:
- 离线安装包:包含所有需要的镜像和安装文件
- 本地镜像仓库:存储镜像的本地仓库
- 离线安装脚本:用于离线安装的脚本
- 离线更新流程:离线更新的流程
- 离线更新验证:验证离线更新是否成功
1.2 组件升级核心概念
组件升级是指升级KubeSphere的各个组件,它包括:
- KubeSphere核心组件:KubeSphere的核心组件
- Kubernetes组件:Kubernetes的组件
- 存储组件:存储相关的组件
- 网络组件:网络相关的组件
- 监控组件:监控相关的组件
1.3 版本管理核心概念
版本管理是指管理KubeSphere的版本,它包括:
- 版本号:KubeSphere的版本号
- 版本兼容性:不同版本之间的兼容性
- 版本升级路径:从旧版本升级到新版本的路径
- 版本回滚:从新版本回滚到旧版本
- 版本管理工具:用于版本管理的工具
Part02-生产环境规划与建议
2.1 离线更新规划
在实施离线更新与组件升级时,离线更新规划是非常重要的:
- 离线环境准备:准备离线环境
- 离线安装包准备:准备离线安装包
- 本地镜像仓库准备:准备本地镜像仓库
- 离线更新流程规划:规划离线更新流程
- 离线更新验证规划:规划离线更新验证
2.2 组件升级规划
组件升级规划对于离线更新与组件升级也非常重要:
- 升级前检查:检查升级前的环境
- 升级路径规划:规划升级路径
- 升级顺序规划:规划升级顺序
- 升级时间规划:规划升级时间
- 升级验证规划:规划升级验证
2.3 回滚规划
回滚规划是离线更新与组件升级的重要组成部分:
- 回滚策略设计:设计回滚策略
- 回滚步骤规划:规划回滚步骤
- 回滚时间规划:规划回滚时间
- 回滚验证规划:规划回滚验证
- 回滚演练:定期进行回滚演练
Part03-生产环境项目实施方案
3.1 离线更新配置
离线更新的配置步骤:
- 下载离线安装包:下载KubeSphere离线安装包
- 配置本地镜像仓库:配置本地镜像仓库
- 上传离线安装包:上传离线安装包到目标服务器
- 执行离线更新:执行离线更新
- 验证离线更新:验证离线更新是否成功
3.2 组件升级配置
组件升级的配置步骤:
- 检查当前版本:检查当前KubeSphere版本
- 检查升级路径:检查升级路径
- 备份当前配置:备份当前配置
- 执行组件升级:执行组件升级
- 验证组件升级:验证组件升级是否成功
3.3 回滚配置
回滚的配置步骤: 风哥提示:
- 检查当前版本:检查当前KubeSphere版本
- 选择回滚版本:选择要回滚的版本
- 备份当前配置:备份当前配置
- 执行回滚:执行回滚
- 验证回滚:验证回滚是否成功
Part04-生产案例与实战讲解
4.1 离线更新实战
下面我们来实战演示离线更新: 学习交流加群风哥微信: itpux-com
kubectl get cc -n kubesphere-system
NAME VERSION PROGRESS STATUS AGE
ks-installer v3.4.0 1/1 Running 30d
wget https://github.com/kubesphere/kubesphere/releases/download/v3.4.1/kubesphere-v3.4.1-offline-amd64.tar.gz
–2024-01-01 00:00:00– https://github.com/kubesphere/kubesphere/releases/download/v3.4.1/kubesphere-v3.4.1-offline-amd64.tar.gz
Resolving github.com (github.com)… 140.82.112.4
Connecting to github.com (github.com)|140.82.112.4|:443… connected.
HTTP request sent, awaiting response… 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/123456789/abc123def456/1234567890123456789012345678901234567890?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=… [following]
–2024-01-01 00:00:01– https://objects.githubusercontent.com/github-production-release-asset-2e65be/123456789/abc123def456/1234567890123456789012345678901234567890?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=…
Resolving objects.githubusercontent.com (objects.githubusercontent.com)… 185.199.108.133
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 1234567890 (1.2G) [application/octet-stream]
Saving to: ‘kubesphere-v3.4.1-offline-amd64.tar.gz’
kubesphere-v3.4.1-offline-amd64.tar.gz 100%[=============================>] 1.15G 10.2MB/s in 2m 0s
2024-01-01 00:02:01 (9.72 MB/s) – ‘kubesphere-v3.4.1-offline-amd64.tar.gz’ saved [1234567890/1234567890]
tar -zxvf kubesphere-v3.4.1-offline-amd64.tar.gz
kubesphere-v3.4.1-offline-amd64/
kubesphere-v3.4.1-offline-amd64/README.md
kubesphere-v3.4.1-offline-amd64/images/
kubesphere-v3.4.1-offline-amd64/images/kubesphere-images-v3.4.1.tar.gz
kubesphere-v3.4.1-offline-amd64/images/sha256sum.txt
kubesphere-v3.4.1-offline-amd64/scripts/
kubesphere-v3.4.1-offline-amd64/scripts/offline-install.sh
kubesphere-v3.4.1-offline-amd64/scripts/offline-upgrade.sh
kubesphere-v3.4.1-offline-amd64/kubesphere-installer.yaml
docker run -d -p 5000:5000 –restart=always –name registry registry:2
Unable to find image ‘registry:2’ locally
2: Pulling from library/registry
Digest: sha256:abc123def456…
Status: Downloaded newer image for registry:2
abc123def456789012345678901234567890123456789012345678901234567890
docker load < kubesphere-v3.4.1-offline-amd64/images/kubesphere-images-v3.4.1.tar.gz
Loaded image: kubesphere/ks-installer:v3.4.1
Loaded image: kubesphere/ks-apiserver:v3.4.1
Loaded image: kubesphere/ks-console:v3.4.1
…
for image in $(docker images –format ‘{{.Repository}}:{{.Tag}}’ | grep kubesphere); do
docker tag $image localhost:5000/$image
docker push localhost:5000/$image
done
The push refers to repository [localhost:5000/kubesphere/ks-installer]
abc123def456: Pushed
…
abc123def456: Pushed
v3.4.1: digest: sha256:abc123def456… size: 1234
cat <<EOF > kubesphere-config.yaml
apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:
name: ks-installer
namespace: kubesphere-system
labels:
version: v3.4.1
spec:
persistence:
storageClass: “”
,
authentication:
jwtSecret: “”
local_registry: “localhost:5000”
namespace_override: “”
etcd:
monitoring: false
endpointIps: localhost
port: 2379
tlsEnable: true
common:
openpitrix:
store:
default: “local”
core:
console:
enableMultiLogin: true
port: 30880
type: NodePort
monitoring:
endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
GPUMonitoring:
enabled: false
gpu:
kinds:
– resourceName: “nvidia.com/gpu”
resourceType: “GPU”
default: true
alerting:
enabled: true
prometheusEndpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
thanosRulerEndpoint: http://thanos-ruler-operated.kubesphere-monitoring-system.svc:10902
auditing:
enabled: true
devops:
enabled: true
jenkinsCpuReq: 0.5
jenkinsCpuLim: 1
jenkinsMemoryReq: 4Gi
jenkinsMemoryLim: 8Gi
events:
enabled: true
logging:
enabled: true
logsidecar:
enabled: true
replicas: 2
metrics_server:
enabled: false
monitoring:
storageClass: “”
prometheusMemoryRequest: 400Mi
prometheusVolumeSize: 20Gi
alertmanagerVolumeSize: 2Gi
multicluster:
clusterRole: none
network:
networkpolicy:
enabled: true
ippool:
type: none
topology:
type: none
openldap:
enabled: false
servicemesh:
enabled: true
istio:
components:
ingressGateways:
– name: istio-ingressgateway
enabled: false
cni:
enabled: false
edgeruntime:
enabled: false
kubeedge:
enabled: false
cloudCore:
cloudHub:
advertiseAddress:
– “”
nodeLimit: 100
service:
cloudhubNodePort: “30000”
cloudhubQuicPort: “10001”
cloudhubHttpsPort: “10002”
cloudstreamPort: “10003”
tunnelPort: “10004”
hostnetwork: false
iptables-manager:
enabled: true
mode: “external”
edgeService:
enabled: false
gatekeeper:
,
enabled: false
base:
enabled: true
replicas: 3
audit:
enabled: true
replicas: 1
replicas: 1
EOF
kubectl apply -f kubesphere-config.yaml
clusterconfiguration.installer.kubesphere.io/ks-installer configured
kubectl logs -n kubesphere-system deployment/ks-installer -f
I0101 00:00:00.123456 1 main.go:79] Welcome to the KubeSphere Installer!
I0101 00:00:00.234567 1 main.go:80] KubeSphere Version: v3.4.1
I0101 00:00:00.345678 1 main.go:81] Kubernetes Version: v1.26.5
I0101 00:00:00.456789 1 main.go:82] Local Registry: localhost:5000
I0101 00:00:01.567890 1 main.go:83] Start to install KubeSphere components…
…
I0101 00:10:00.678901 1 main.go:84] KubeSphere components installed successfully!
kubectl get cc -n kubesphere-system
NAME VERSION PROGRESS STATUS AGE
ks-installer v3.4.1 1/1 Running 30d
4.2 组件升级实战
下面我们来实战演示组件升级: 学习交流加群风哥QQ113257174 更多视频教程www.fgedu.net.cn
kubectl version –short
Client Version: v1.26.5
Kustomize Version: v4.5.7
Server Version: v1.26.5
kubeadm upgrade plan
[upgrade/config] Making sure the configuration is correct…
[preflight] Running pre-flight checks
[upgrade] Fetching available versions to upgrade to
[upgrade/versions] Cluster version: v1.26.5
[upgrade/versions] Latest stable version: v1.27.3
[upgrade/versions] Latest version in the v1.26 series: v1.26.8
Components that must be upgraded manually after you have upgraded the control plane with ‘kubeadm upgrade apply’:
COMPONENT CURRENT AVAILABLE
kubelet 1 x v1.26.5 v1.26.8
Upgrade to the latest version in the v1.26 series:
COMPONENT CURRENT AVAILABLE
kube-apiserver v1.26.5 v1.26.8
kube-controller-manager v1.26.5 v1.26.8
kube-scheduler v1.26.5 v1.26.8
kube-proxy v1.26.5 v1.26.8
CoreDNS 1.8.6 1.9.3
etcd 3.5.6-0 3.5.7-0
You can now apply the upgrade by executing the following command:
kubeadm upgrade apply v1.26.8
kubeadm upgrade apply v1.26.8
[upgrade/config] Making sure the configuration is correct…
[preflight] Running pre-flight checks
[upgrade] Fetching available versions to upgrade to
[upgrade/versions] Cluster version: v1.26.5
[upgrade/versions] Latest version in the v1.26 series: v1.26.8
Components that must be upgraded manually after you have upgraded the control plane with ‘kubeadm upgrade apply’:
COMPONENT CURRENT AVAILABLE
kubelet 1 x v1.26.5 v1.26.8
Continue with upgrade? [y/N]: y
[preflight] Running pre-flight checks
[upgrade] Running before upgrade checks
[upgrade] Applying upgrade
,
[upgrade] Upgrading control plane component kube-apiserver
[upgrade] Upgrading control plane component kube-controller-manager
[upgrade] Upgrading control plane component kube-scheduler
[upgrade] Upgrading control plane component etcd
[upgrade] Upgrading control plane component kube-proxy
[upgrade] Upgrading CoreDNS
[upgrade] Successfully upgraded control plane!
kubectl drain node1 –ignore-daemonsets –delete-emptydir-data
node/node1 cordoned
WARNING: ignoring DaemonSet-managed Pods: kube-system/calico-node-abcde, kube-system/kube-proxy-fghij
evicting pod/default/nginx-6b8d9b8c7f-abcde
pod/nginx-6b8d9b8c7f-abcde evicted
node/node1 drained
apt-get update && apt-get install -y kubelet=1.26.8-00 kubeadm=1.26.8-00
Hit:1 http://apt.kubernetes.io kubernetes-xenial InRelease
Get:2 http://apt.kubernetes.io kubernetes-xenial/main amd64 Packages [123 kB]
Fetched 123 kB in 1s (123 kB/s)
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
The following packages will be upgraded:
kubeadm kubelet
2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/45.6 MB of archives.
After this operation, 0 B of additional disk space will be used.
(Reading database … 123456 files and directories currently installed.)
Preparing to unpack …/kubelet_1.26.8-00_amd64.deb …
Unpacking kubelet (1.26.8-00) over (1.26.5-00) …
Preparing to unpack …/kubeadm_1.26.8-00_amd64.deb …
Unpacking kubeadm (1.26.8-00) over (1.26.5-00) …
Setting up kubelet (1.26.8-00) …
Setting up kubeadm (1.26.8-00) …
systemctl daemon-reload && systemctl restart kubelet
kubectl uncordon node1
node/node1 uncordoned
kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane 30d v1.26.8
node1 Ready <none> 30d v1.26.8
node2 Ready <none> 30d v1.26.8
4.3 回滚实战
下面我们来实战演示回滚: 更多学习教程公众号风哥教程itpux_com
kubectl get cc -n kubesphere-system ks-installer -o yaml > kubesphere-backup.yaml
cat <<EOF | kubectl apply -f –
apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:
name: ks-installer
namespace: kubesphere-system
labels:
version: v3.4.0
spec:
persistence:
storageClass: “”
authentication:
jwtSecret: “”
local_registry: “localhost:5000”
namespace_override: “”
etcd:
monitoring: false
endpointIps: localhost
port: 2379
tlsEnable: true
,
common:
openpitrix:
store:
default: “local”
core:
console:
enableMultiLogin: true
port: 30880
type: NodePort
monitoring:
endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
GPUMonitoring:
enabled: false
gpu:
kinds:
– resourceName: “nvidia.com/gpu”
resourceType: “GPU”
default: true
EOF
clusterconfiguration.installer.kubesphere.io/ks-installer configured
kubectl logs -n kubesphere-system deployment/ks-installer -f
I0101 00:00:00.123456 1 main.go:79] Welcome to the KubeSphere Installer!
I0101 00:00:00.234567 1 main.go:80] KubeSphere Version: v3.4.0
I0101 00:00:00.345678 1 main.go:81] Kubernetes Version: v1.26.8
I0101 00:00:00.456789 1 main.go:82] Local Registry: localhost:5000
I0101 00:00:01.567890 1 main.go:83] Start to rollback KubeSphere components…
…
I0101 00:10:00.678901 1 main.go:84] KubeSphere components rollback successfully!
kubectl get cc -n kubesphere-system
NAME VERSION PROGRESS STATUS AGE
ks-installer v3.4.0 1/1 Running 30d
Part05-风哥经验总结与分享
5.1 常见问题与解决方案
问题1:离线更新失败
现象:离线更新过程中出现错误
原因:离线安装包不完整或本地镜像仓库配置错误
解决方案:
cd kubesphere-v3.4.1-offline-amd64/images
sha256sum -c sha256sum.txt
kubesphere-images-v3.4.1.tar.gz: OK
curl http://localhost:5000/v2/_catalog
{
“repositories”: [
“kubesphere/ks-installer”,
“kubesphere/ks-apiserver”,
…
]
}
问题2:组件升级后服务不可用
现象:组件升级后服务无法正常访问
原因:组件版本不兼容或配置错误
解决方案:
kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kubesphere-system ks-apiserver-6b8d9b8c7f-abcde 0/1 Running 0 10s
kubesphere-system ks-console-6b8d9b8c7f-fghij 1/1 Running 0 10s
kubectl logs -n kubesphere-system ks-apiserver-6b8d9b8c7f-abcde
I0101 00:00:00.123456 1 main.go:79] Starting KubeSphere API Server…
E0101 00:00:01.234567 1 main.go:80] Failed to connect to database: connection refused
问题3:回滚失败
现象:回滚过程中出现错误
原因:备份配置不完整或回滚路径错误
解决方案: from K8S+DB视频:www.itpux.com
cat kubesphere-backup.yaml | grep version
version: v3.4.0
kubectl get cc -n kubesphere-system ks-installer -o yaml | grep version
version: v3.4.1
5.2 最佳实践建议
建议1:做好备份工作
在进行离线更新与组件升级时,应该:
- 备份KubeSphere配置
- 备份Kubernetes配置
- 备份应用数据
- 备份镜像仓库
- 定期测试备份恢复
建议2:先在测试环境验证
在进行离线更新与组件升级时,应该:
- 在测试环境先进行更新
- 验证更新后的功能
- 验证更新后的性能
- 验证回滚流程
- 记录更新过程中的问题
建议3:制定详细的升级计划
在进行离线更新与组件升级时,应该:
- 制定详细的升级计划
- 设置合理的升级时间
- 通知相关人员
- 准备回滚方案
- 监控升级过程
5.3 性能优化技巧
技巧1:优化离线更新速度
离线更新的速度优化可以通过以下方式实现:
- 使用更快的网络
- 使用更快的存储
- 并行加载镜像
- 优化本地镜像仓库
- 使用更高效的压缩算法
技巧2:优化组件升级速度
组件升级的速度优化可以通过以下方式实现:
- 分批升级节点
- 使用滚动更新
- 优化升级脚本
- 使用更快的网络
- 监控升级进度
技巧3:优化回滚速度
回滚的速度优化可以通过以下方式实现:
- 使用自动化回滚脚本
- 预先准备回滚镜像
- 使用快速回滚策略
- 监控回滚进度
- 定期演练回滚流程
离线更新与组件升级是KubeSphere运维的重要组成部分,需要根据实际业务需求进行合理规划和配置。在生产环境中,建议先在测试环境验证配置,然后再应用到生产环境。同时,务必做好备份工作,以防升级失败时可以快速回滚。
本教程由风哥提供,更多KubeSphere实战教程请关注风哥课堂
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
