a29.ansible 生产实战案例 -- 基于二进制包安装kubernetes v1.20 -- 集群升级(二)

2023-11-02 23:50
文章标签 实战 集群 安装 kubernetes 案例 二进制 升级 生产 ansible v1.20 a29

本文主要是介绍a29.ansible 生产实战案例 -- 基于二进制包安装kubernetes v1.20 -- 集群升级(二),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

18.升级kubernetes

把yaml文件先备份了

[root@k8s-master01 ~]# mkdir bak
[root@k8s-master01 ~]# mv *.yaml bak/
[root@k8s-master01 ~]# ls bak/
admin.yaml  bootstrap.secret.yaml  calico-etcd.yaml  components.yaml  coredns.yaml  recommended.yaml

18.1 etcd

18.1.1 升级etcd

[root@ansible-server ansible]# mkdir -p roles/etcd-update/{files,tasks}
[root@ansible-server ansible]# cd roles/etcd-update/
[root@ansible-server etcd-update]# ls
files  tasks[root@ansible-server etcd-update]# wget https://github.com/etcd-io/etcd/releases/download/v3.5.0/etcd-v3.5.0-linux-amd64.tar.gz[root@ansible-server etcd-update]# tar -xf etcd-v3.5.0-linux-amd64.tar.gz --strip-components=1 -C files/ etcd-v3.5.0-linux-amd64/etcd{,ctl}
[root@ansible-server etcd-update]# ls files/
etcd  etcdctl
[root@ansible-server etcd-update]# rm -f etcd-v3.5.0-linux-amd64.tar.gz[root@ansible-server etcd-update]# vim tasks/upgrade_etcd01.yml
- name: stop etcdsystemd:name: etcdstate: stoppedwhen:- ansible_hostname=="k8s-etcd01"
- name: copy etcd files to etcd01copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- etcd- etcdctlwhen:- ansible_hostname=="k8s-etcd01"
- name: start etcdsystemd:name: etcdstate: restartedwhen:- ansible_hostname=="k8s-etcd01"[root@ansible-server etcd-update]# vim tasks/upgrade_etcd02.yml
- name: stop etcdsystemd:name: etcdstate: stoppedwhen:- ansible_hostname=="k8s-etcd02"
- name: copy etcd files to etcd02copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- etcd- etcdctlwhen:- ansible_hostname=="k8s-etcd02"
- name: start etcdsystemd:name: etcdstate: restartedwhen:- ansible_hostname=="k8s-etcd02"[root@ansible-server etcd-update]# vim tasks/upgrade_etcd03.yml
- name: stop etcdsystemd:name: etcdstate: stoppedwhen:- ansible_hostname=="k8s-etcd03"
- name: copy etcd files to etcd03copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- etcd- etcdctlwhen:- ansible_hostname=="k8s-etcd03"
- name: start etcdsystemd:name: etcdstate: restartedwhen:- ansible_hostname=="k8s-etcd03"[root@ansible-server etcd-update]# vim tasks/main.yml
- include: upgrade_etcd01.yml
- include: upgrade_etcd02.yml
- include: upgrade_etcd03.yml[root@ansible-server ansible]# tree roles/etcd-update/
roles/etcd-update/
├── files
│   ├── etcd
│   └── etcdctl
└── tasks├── main.yml├── upgrade_etcd01.yml├── upgrade_etcd02.yml└── upgrade_etcd03.yml2 directories, 6 files[root@ansible-server ansible]# vim etcd_update_role.yml
---
- hosts: etcdroles:- role: etcd-update[root@ansible-server ansible]# ansible-playbook etcd_update_role.yml

18.1.2 验证etcd

[root@k8s-etcd01 ~]# etcdctl --endpoints="172.31.3.108:2379,172.31.3.109:2379,172.31.3.110:2379" --cacert=/etc/kubernetes/pki/etcd/etcd-ca.pem --cert=/etc/kubernetes/pki/etcd/etcd.pem --key=/etc/kubernetes/pki/etcd/etcd-key.pem endpoint status --write-out=table
+-------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
|     ENDPOINT      |        ID        | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+-------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| 172.31.3.108:2379 | a9fef56ff96ed75c |   3.5.0 |  6.0 MB |      true |      false |         4 |      43156 |              43156 |        |
| 172.31.3.109:2379 | 8319ef09e8b3d277 |   3.5.0 |  6.1 MB |     false |      false |         4 |      43156 |              43156 |        |
| 172.31.3.110:2379 | 209a1f57c506dba2 |   3.5.0 |  6.0 MB |     false |      false |         4 |      43156 |              43156 |        |
+-------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+

18.2 master

18.2.1 升级master

[root@ansible-server ansible]# mkdir -p roles/kubernetes-master-update/{files,tasks,templates,vars}
[root@ansible-server ansible]# cd roles/kubernetes-master-update/
[root@ansible-server kubernetes-master-update]# ls
files  tasks  templates  vars[root@ansible-server kubernetes-master-update]# wget https://dl.k8s.io/v1.22.6/kubernetes-server-linux-amd64.tar.gz
[root@ansible-server kubernetes-master-update]# tar -xf kubernetes-server-linux-amd64.tar.gz  --strip-components=3 -C files/ kubernetes/server/bin/kube{let,ctl,-apiserver,-controller-manager,-scheduler,-proxy}
[root@ansible-server kubernetes-master-update]# ls files/
kube-apiserver  kube-controller-manager  kubectl  kubelet  kube-proxy  kube-scheduler
[root@ansible-server kubernetes-master-update]# rm -f kubernetes-server-linux-amd64.tar.gz #下面MASTER01、MASTER02和MASTER03的IP地址根据自己的更改,HARBOR_DOMAIN的地址设置成自己的harbor域名地址
[root@ansible-server kubernetes-master-update]# vim vars/main.yml
MASTER01: 172.31.3.101
MASTER02: 172.31.3.102
MASTER03: 172.31.3.103
HARBOR_DOMAIN: harbor.raymonds.cc
PAUSE_VERSION: 3.5MASTER_SERVICE:- kube-apiserver- kube-controller-manager- kube-scheduler- kube-proxy- kubelet[root@ansible-server kubernetes-master-update]# vim templates/10-kubelet.conf.j2 
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig --kubeconfig=/etc/kubernetes/kubelet.kubeconfig"
Environment="KUBELET_SYSTEM_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
Environment="KUBELET_CONFIG_ARGS=--config=/etc/kubernetes/kubelet-conf.yml --pod-infra-container-image={{ HARBOR_DOMAIN }}/google_containers/pause:{{ PAUSE_VERSION }}"
Environment="KUBELET_EXTRA_ARGS=--node-labels=node.kubernetes.io/node='' "
ExecStart=
ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_SYSTEM_ARGS $KUBELET_EXTRA_ARG[root@ansible-server kubernetes-master-update]# vim tasks/upgrade_master01.yml
- name: install CentOS or Rocky socatyum: name: socatwhen:- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")- inventory_hostname in groups.ha
- name: install Ubuntu socatapt:name: socatforce: yeswhen:- ansible_distribution=="Ubuntu"- inventory_hostname in groups.ha
- name: download pause imageshell: |docker pull registry.aliyuncs.com/google_containers/pause:{{ PAUSE_VERSION }}docker tag registry.aliyuncs.com/google_containers/pause:{{ PAUSE_VERSION }} {{ HARBOR_DOMAIN }}/google_containers/pause:{{ PAUSE_VERSION }}docker rmi registry.aliyuncs.com/google_containers/pause:{{ PAUSE_VERSION }}docker push {{ HARBOR_DOMAIN }}/google_containers/pause:{{ PAUSE_VERSION }}when:- ansible_hostname=="k8s-master01"
- name: down master01shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "disable server kubernetes-6443/{{ MASTER01 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"
- name: stop servicesystemd:name: "{{ item }}"state: stoppedloop:"{{ MASTER_SERVICE }}"when:- ansible_hostname=="k8s-master01"
- name: copy kubernetes files to master01copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- kube-apiserver- kube-controller-manager- kubectl- kubelet- kube-proxy- kube-schedulerwhen:- ansible_hostname=="k8s-master01"
- name: copy 10-kubelet.conf to master01template: src: 10-kubelet.conf.j2dest: /etc/systemd/system/kubelet.service.d/10-kubelet.confwhen:- ansible_hostname=="k8s-master01"
- name: start servicesystemd:name: "{{ item }}"state: restarteddaemon_reload: yesloop:"{{ MASTER_SERVICE }}"when:- ansible_hostname=="k8s-master01"
- name: up master01shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "enable server kubernetes-6443/{{ MASTER01 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"[root@ansible-server kubernetes-master-update]# vim tasks/upgrade_master02.yml 
- name: down master02shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "disable server kubernetes-6443/{{ MASTER02 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"
- name: stop servicesystemd:name: "{{ item }}"state: stoppedloop:"{{ MASTER_SERVICE }}"when:- ansible_hostname=="k8s-master02"
- name: copy kubernetes files to master02copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- kube-apiserver- kube-controller-manager- kubectl- kubelet- kube-proxy- kube-schedulerwhen:- ansible_hostname=="k8s-master02"
- name: copy 10-kubelet.conf to master02template: src: 10-kubelet.conf.j2dest: /etc/systemd/system/kubelet.service.d/10-kubelet.confwhen:- ansible_hostname=="k8s-master02"
- name: start servicesystemd:name: "{{ item }}"state: restarteddaemon_reload: yesloop:"{{ MASTER_SERVICE }}"when:- ansible_hostname=="k8s-master02"
- name: up master02shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "enable server kubernetes-6443/{{ MASTER02 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"[root@ansible-server kubernetes-master-update]# vim tasks/upgrade_master03.yml 
- name: down master03shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "disable server kubernetes-6443/{{ MASTER03 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"
- name: stop servicesystemd:name: "{{ item }}"state: stoppedloop:"{{ MASTER_SERVICE }}"when:- ansible_hostname=="k8s-master03"
- name: copy kubernetes files to master03copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- kube-apiserver- kube-controller-manager- kubectl- kubelet- kube-proxy- kube-schedulerwhen:- ansible_hostname=="k8s-master03"
- name: copy 10-kubelet.conf to master03template: src: 10-kubelet.conf.j2dest: /etc/systemd/system/kubelet.service.d/10-kubelet.confwhen:- ansible_hostname=="k8s-master03"
- name: start servicesystemd:name: "{{ item }}"state: restarteddaemon_reload: yesloop:"{{ MASTER_SERVICE }}"when:- ansible_hostname=="k8s-master03"
- name: up master03shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "enable server kubernetes-6443/{{ MASTER03 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"[root@ansible-server kubernetes-master-update]# vim tasks/main.yml
- include: upgrade_master01.yml
- include: upgrade_master02.yml
- include: upgrade_master03.yml[root@ansible-server kubernetes-master-update]# cd ../../
[root@ansible-server ansible]# tree roles/kubernetes-master-update/
roles/kubernetes-master-update/
├── files
│   ├── kube-apiserver
│   ├── kube-controller-manager
│   ├── kubectl
│   ├── kubelet
│   ├── kube-proxy
│   └── kube-scheduler
├── tasks
│   ├── main.yml
│   ├── upgrade_master01.yml
│   ├── upgrade_master02.yml
│   └── upgrade_master03.yml
├── templates
│   └── 10-kubelet.conf.j2
└── vars└── main.yml4 directories, 12 files[root@ansible-server ansible]# vim kubernetes_master_update_role.yml
---
- hosts: master:haroles:- role: kubernetes-master-update[root@ansible-server ansible]# ansible-playbook kubernetes_master_update_role.yml

18.2.2 验证master

[root@k8s-master01 ~]# kubectl get nodes
NAME                         STATUS   ROLES    AGE   VERSION
k8s-master01.example.local   Ready    <none>   46m   v1.22.6
k8s-master02.example.local   Ready    <none>   46m   v1.22.6
k8s-master03.example.local   Ready    <none>   46m   v1.22.6
k8s-node01.example.local     Ready    <none>   46m   v1.20.14
k8s-node02.example.local     Ready    <none>   46m   v1.20.14
k8s-node03.example.local     Ready    <none>   46m   v1.20.14

18.3 升级calico

18.3.1 升级calico

[root@ansible-server ansible]# mkdir -p roles/calico-update/{tasks,vars,templates}
[root@ansible-server ansible]# cd roles/calico-update
[root@ansible-server calico-update]# ls
tasks  templates  vars#下面HARBOR_DOMAIN的地址设置成自己的harbor域名地址,POD_SUBNET改成自己规划的容器网段,MASTER01、MASTER02和MASTER03的IP地址根据自己的更改
[root@ansible-server calico-update]# vim vars/main.yml
HARBOR_DOMAIN: harbor.raymonds.cc
POD_SUBNET: 192.168.0.0/12
MASTER01: 172.31.3.101
MASTER02: 172.31.3.102
MASTER03: 172.31.3.103[root@ansible-server calico-update]# wget https://docs.projectcalico.org/manifests/calico-etcd.yaml -p templates/calico-etcd.yaml.j2[root@k8s-master01 ~]# vim templates/calico-etcd.yaml.j2
...
spec:selector:matchLabels:k8s-app: calico-nodeupdateStrategy:type: OnDelete #修改这里,calico不会滚动更新,只有重启了kubelet,才会更新template:metadata:labels:k8s-app: calico-node
...#修改下面内容
[root@ansible-server calico-update]# grep "etcd_endpoints:.*" templates/calico-etcd.yaml.j2 etcd_endpoints: "http://<ETCD_IP>:<ETCD_PORT>"[root@ansible-server calico-update]# sed -i 's#etcd_endpoints: "http://<ETCD_IP>:<ETCD_PORT>"#etcd_endpoints: "{% for i in groups.etcd %}https://{{ hostvars[i].ansible_default_ipv4.address }}:2379{% if not loop.last %},{% endif %}{% endfor %}"#g' templates/calico-etcd.yaml.j2  [root@ansible-server calico-update]# grep "etcd_endpoints:.*" templates/calico-etcd.yaml.j2etcd_endpoints: "{% for i in groups.etcd %}https://{{ hostvars[i].ansible_default_ipv4.address }}:2379{% if not loop.last %},{% endif %}{% endfor %}"	[root@ansible-server calico-update]# vim tasks/calico_file.yml
- name: copy calico-etcd.yaml filetemplate:src: calico-etcd.yaml.j2dest: /root/calico-etcd.yamlwhen:- ansible_hostname=="k8s-master01"[root@ansible-server calico-update]# vim tasks/config.yml
- name: get ETCD_KEY keyshell:cmd: cat /etc/kubernetes/pki/etcd/etcd-key.pem | base64 | tr -d '\n'register: ETCD_KEYwhen:- ansible_hostname=="k8s-master01"
- name: Modify the ".*etcd-key:.*" linereplace:path: /root/calico-etcd.yamlregexp: '# (etcd-key:) null'replace: '\1 {{ ETCD_KEY.stdout }}'when:- ansible_hostname=="k8s-master01"
- name: get ETCD_CERT keyshell:cmd: cat /etc/kubernetes/pki/etcd/etcd.pem | base64 | tr -d '\n'register: ETCD_CERTwhen:- ansible_hostname=="k8s-master01"
- name: Modify the ".*etcd-cert:.*" linereplace:path: /root/calico-etcd.yamlregexp: '# (etcd-cert:) null'replace: '\1 {{ ETCD_CERT.stdout }}'when:- ansible_hostname=="k8s-master01"
- name: get ETCD_CA keyshell:cmd: cat /etc/kubernetes/pki/etcd/etcd-ca.pem | base64 | tr -d '\n'when:- ansible_hostname=="k8s-master01"register: ETCD_CA
- name: Modify the ".*etcd-ca:.*" linereplace:path: /root/calico-etcd.yamlregexp: '# (etcd-ca:) null'replace: '\1 {{ ETCD_CA.stdout }}'when:- ansible_hostname=="k8s-master01"
- name: Modify the ".*etcd_ca:.*" linereplace:path: /root/calico-etcd.yamlregexp: '(etcd_ca:) ""'replace: '\1 "/calico-secrets/etcd-ca"'when:- ansible_hostname=="k8s-master01"
- name: Modify the ".*etcd_cert:.*" linereplace:path: /root/calico-etcd.yamlregexp: '(etcd_cert:) ""'replace: '\1 "/calico-secrets/etcd-cert"'when:- ansible_hostname=="k8s-master01"
- name: Modify the ".*etcd_key:.*" linereplace:path: /root/calico-etcd.yamlregexp: '(etcd_key:) ""'replace: '\1 "/calico-secrets/etcd-key"'when:- ansible_hostname=="k8s-master01"
- name: Modify the ".*CALICO_IPV4POOL_CIDR.*" linereplace:path: /root/calico-etcd.yamlregexp: '# (- name: CALICO_IPV4POOL_CIDR)'replace: '\1'when:- ansible_hostname=="k8s-master01"
- name: Modify the ".*192.168.0.0.*" linereplace:path: /root/calico-etcd.yamlregexp: '#   (value:) "192.168.0.0/16"'replace: '  \1 "{{ POD_SUBNET }}"'when:- ansible_hostname=="k8s-master01"
- name: Modify the "image:" linereplace:path: /root/calico-etcd.yamlregexp: '(.*image:) docker.io/calico(/.*)'replace: '\1 {{ HARBOR_DOMAIN }}/google_containers\2'when:- ansible_hostname=="k8s-master01"[root@ansible-server calico-update]# vim tasks/download_images.yml
- name: get calico versionshell:chdir: /rootcmd: awk -F "/"  '/image:/{print $NF}' calico-etcd.yamlregister: CALICO_VERSIONwhen:- ansible_hostname=="k8s-master01"
- name: download calico imageshell: |{% for i in CALICO_VERSION.stdout_lines %}docker pull registry.cn-beijing.aliyuncs.com/raymond9/{{ i }}docker tag registry.cn-beijing.aliyuncs.com/raymond9/{{ i }} {{ HARBOR_DOMAIN }}/google_containers/{{ i }}docker rmi registry.cn-beijing.aliyuncs.com/raymond9/{{ i }}docker push {{ HARBOR_DOMAIN }}/google_containers/{{ i }}{% endfor %}when:- ansible_hostname=="k8s-master01"[root@ansible-server calico-update]# vim tasks/install_calico.yml
- name: install calicoshell:chdir: /rootcmd: "kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig apply -f calico-etcd.yaml"when:- ansible_hostname=="k8s-master01"[root@ansible-server calico-update]# vim tasks/delete_master01_calico_container.yml 
- name: down master01shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "disable server kubernetes-6443/{{ MASTER01 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"
- name: get calico containershell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig get pod -n kube-system -o wide|grep calico |grep master01 |awk -F " " '{print $1}'register: CALICO_CONTAINERwhen:- ansible_hostname=="k8s-master01"
- name: delete calico containershell: |kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig delete pod {{ CALICO_CONTAINER.stdout }} -n kube-systemsleep 30swhen:- ansible_hostname=="k8s-master01"
- name: up master01shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "enable server kubernetes-6443/{{ MASTER01 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"[root@ansible-server calico-update]# vim tasks/delete_master02_calico_container.yml 
- name: down master02shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "disable server kubernetes-6443/{{ MASTER02 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"
- name: get calico containershell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig get pod -n kube-system -o wide|grep calico |grep master02 |awk -F " " '{print $1}'register: CALICO_CONTAINERwhen:- ansible_hostname=="k8s-master01"
- name: delete calico containershell: |kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig delete pod {{ CALICO_CONTAINER.stdout }} -n kube-systemsleep 30swhen:- ansible_hostname=="k8s-master01"
- name: up master02shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "enable server kubernetes-6443/{{ MASTER02 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"[root@ansible-server calico-update]# vim tasks/delete_master03_calico_container.yml 
- name: down master03shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "disable server kubernetes-6443/{{ MASTER03 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"
- name: get calico containershell:cmd: kubectl get --kubeconfig=/etc/kubernetes/admin.kubeconfig pod -n kube-system -o wide|grep calico |grep master03 |awk -F " " '{print $1}'register: CALICO_CONTAINERwhen:- ansible_hostname=="k8s-master01"
- name: delete calico containershell: |kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig delete pod {{ CALICO_CONTAINER.stdout }} -n kube-systemsleep 30swhen:- ansible_hostname=="k8s-master01"
- name: up master03shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "enable server kubernetes-6443/{{ MASTER03 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"[root@ansible-server calico-update]# vim tasks/main.yml
- include: calico_file.yml
- include: config.yml
- include: download_images.yml
- include: install_calico.yml
- include: delete_master01_calico_container.yml
- include: delete_master02_calico_container.yml
- include: delete_master03_calico_container.yml[root@ansible-server calico-update]# cd ../../
[root@ansible-server ansible]# tree roles/calico-update/
roles/calico-update/
├── tasks
│   ├── calico_file.yml
│   ├── config.yml
│   ├── delete_master01_calico_container.yml
│   ├── delete_master02_calico_container.yml
│   ├── delete_master03_calico_container.yml
│   ├── download_images.yml
│   ├── install_calico.yml
│   └── main.yml
├── templates
│   └── calico-etcd.yaml.j2
└── vars└── main.yml3 directories, 10 files[root@ansible-server ansible]# vim calico_update_role.yml 
---
- hosts: master:etcdroles:- role: calico-update[root@ansible-server ansible]# ansible-playbook calico_update_role.yml

18.3.2 验证calico

[root@k8s-master01 ~]# kubectl get pod -n kube-system -o wide|grep calico|grep master01|tail -n1
calico-node-pkx8j                          1/1     Running   0          7m14s   172.31.3.101      k8s-master01.example.local   <none>           <none>
[root@k8s-master01 ~]# kubectl get pod  calico-node-pkx8j -n kube-system -o yaml|grep "image"image: harbor.raymonds.cc/google_containers/node:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/cni:v3.21.4imagePullPolicy: IfNotPresent- image: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/node:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/node@sha256:1ce80e8524bc68b29593e4e7a6186ad0c6986a0e68f3cd55ccef8637bdd2e922image: harbor.raymonds.cc/google_containers/cni:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/cni@sha256:8dd84a8c73929a6b1038774d2cf5fd669856e09eaf3d960fd321df433dc1f05bimage: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/pod2daemon-flexvol@sha256:5b5fcca78d54341bfbd729ba8199624af61f7144a980bc46fcd1347d20bd8eef[root@k8s-master01 ~]# kubectl get pod -n kube-system -o wide|grep calico|grep master02|tail -n1
calico-node-zzpwt                          1/1     Running   0          30m     172.31.3.102      k8s-master02.example.local   <none>           <none>
[root@k8s-master01 ~]# kubectl get pod calico-node-zzpwt -n kube-system -o yaml|grep "image"image: harbor.raymonds.cc/google_containers/node:v3.15.3imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/cni:v3.15.3imagePullPolicy: IfNotPresent- image: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.15.3imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/node:v3.15.3imageID: docker-pullable://harbor.raymonds.cc/google_containers/node@sha256:988095dbe39d2066b1964aafaa4a302a1286b149a4a80c9a1eb85544f2a0cdd0image: harbor.raymonds.cc/google_containers/cni:v3.15.3imageID: docker-pullable://harbor.raymonds.cc/google_containers/cni@sha256:a559d264c7a75a7528560d11778dba2d3b55c588228aed99be401fd2baa9b607image: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.15.3imageID: docker-pullable://harbor.raymonds.cc/google_containers/pod2daemon-flexvol@sha256:6bd1246d0ea1e573a6a050902995b1666ec0852339e5bda3051f583540361b55[root@k8s-master01 ~]# kubectl get pod -n kube-system -o wide|grep calico|grep master03|tail -n1
calico-node-kncgx                          1/1     Running   0          6m47s   172.31.3.103      k8s-master03.example.local   <none>           <none>
[root@k8s-master01 ~]# kubectl get pod calico-node-kncgx -n kube-system -o yaml|grep "image"image: harbor.raymonds.cc/google_containers/node:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/cni:v3.21.4imagePullPolicy: IfNotPresent- image: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/node:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/node@sha256:1ce80e8524bc68b29593e4e7a6186ad0c6986a0e68f3cd55ccef8637bdd2e922image: harbor.raymonds.cc/google_containers/cni:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/cni@sha256:8dd84a8c73929a6b1038774d2cf5fd669856e09eaf3d960fd321df433dc1f05bimage: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/pod2daemon-flexvol@sha256:5b5fcca78d54341bfbd729ba8199624af61f7144a980bc46fcd1347d20bd8eef

18.4 node

18.4.1 升级node

[root@ansible-server ansible]# mkdir -p roles/kubernetes-node-update/{files,tasks,templates,vars}
[root@ansible-server ansible]# cd roles/kubernetes-node-update/
[root@ansible-server kubernetes-node-update]# ls
files  tasks  templates  vars[root@ansible-server kubernetes-node-update]# cp /data/ansible/roles/kubernetes-master-update/files/{kubelet,kube-proxy} files/
[root@ansible-server kubernetes-node-update]# ls files/
kubelet  kube-proxy#下面HARBOR_DOMAIN的地址设置成自己的harbor域名地址
[root@ansible-server kubernetes-node-update]# vim vars/main.yml
HARBOR_DOMAIN: harbor.raymonds.cc
PAUSE_VERSION: 3.5NODE_SERVICE:- kube-proxy- kubelet[root@ansible-server kubernetes-node-update]# vim templates/10-kubelet.conf.j2
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig --kubeconfig=/etc/kubernetes/kubelet.kubeconfig"
Environment="KUBELET_SYSTEM_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
Environment="KUBELET_CONFIG_ARGS=--config=/etc/kubernetes/kubelet-conf.yml --pod-infra-container-image={{ HARBOR_DOMAIN }}/google_containers/pause:{{ PAUSE_VERSION }}"
Environment="KUBELET_EXTRA_ARGS=--node-labels=node.kubernetes.io/node='' "
ExecStart=
ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_SYSTEM_ARGS $KUBELET_EXTRA_ARGS[root@ansible-server kubernetes-node-update]# vim tasks/upgrade_node01.yml
- name: drain node01shell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig drain k8s-node01.example.local --delete-emptydir-data --force --ignore-daemonsetswhen:- ansible_hostname=="k8s-master01"
- name: stop servicesystemd:name: "{{ item }}"state: stoppedloop:"{{ NODE_SERVICE }}"when:- ansible_hostname=="k8s-node01"
- name: copy kubernetes files to node01copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- kubelet- kube-proxywhen:- ansible_hostname=="k8s-node01"
- name: copy 10-kubelet.conf to node01template: src: 10-kubelet.conf.j2dest: /etc/systemd/system/kubelet.service.d/10-kubelet.confwhen:- ansible_hostname=="k8s-node01"
- name: start servicesystemd:name: "{{ item }}"state: restarteddaemon_reload: yesloop:"{{ NODE_SERVICE }}"when:- ansible_hostname=="k8s-node01"
- name: get calico containershell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig get pod -n kube-system -o wide|grep calico |grep node01 |tail -n1|awk -F " " '{print $1}'register: CALICO_CONTAINERwhen:- ansible_hostname=="k8s-master01"
- name: delete calico containershell: |kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig delete pod {{ CALICO_CONTAINER.stdout }} -n kube-systemsleep 60swhen:- ansible_hostname=="k8s-master01"
- name: uncordon node01shell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig uncordon k8s-node01.example.localwhen:- ansible_hostname=="k8s-master01"[root@ansible-server kubernetes-node-update]# vim tasks/upgrade_node02.yml 
- name: drain node02shell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig drain k8s-node02.example.local --delete-emptydir-data --force --ignore-daemonsetswhen:- ansible_hostname=="k8s-master01"
- name: stop servicesystemd:name: "{{ item }}"state: stoppedloop:"{{ NODE_SERVICE }}"when:- ansible_hostname=="k8s-node02"
- name: copy kubernetes files to node02copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- kubelet- kube-proxywhen:- ansible_hostname=="k8s-node02"
- name: copy 10-kubelet.conf to node02template: src: 10-kubelet.conf.j2dest: /etc/systemd/system/kubelet.service.d/10-kubelet.confwhen:- ansible_hostname=="k8s-node02"
- name: start servicesystemd:name: "{{ item }}"state: restarteddaemon_reload: yesloop:"{{ NODE_SERVICE }}"when:- ansible_hostname=="k8s-node02"
- name: get calico containershell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig get pod -n kube-system -o wide|grep calico |grep node02 |tail -n1|awk -F " " '{print $1}'register: CALICO_CONTAINERwhen:- ansible_hostname=="k8s-master01"
- name: delete calico containershell: |kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig delete pod {{ CALICO_CONTAINER.stdout }} -n kube-systemsleep 60swhen:- ansible_hostname=="k8s-master01"
- name: uncordon node02shell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig uncordon k8s-node02.example.localwhen:- ansible_hostname=="k8s-master01"[root@ansible-server kubernetes-node-update]# vim tasks/upgrade_node03.yml 
- name: drain node03shell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig drain k8s-node03.example.local --delete-emptydir-data --force --ignore-daemonsetswhen:- ansible_hostname=="k8s-master01"
- name: stop servicesystemd:name: "{{ item }}"state: stoppedloop:"{{ NODE_SERVICE }}"when:- ansible_hostname=="k8s-node03"
- name: copy kubernetes files to node03copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- kubelet- kube-proxywhen:- ansible_hostname=="k8s-node03"
- name: copy 10-kubelet.conf to node03template: src: 10-kubelet.conf.j2dest: /etc/systemd/system/kubelet.service.d/10-kubelet.confwhen:- ansible_hostname=="k8s-node03"
- name: start servicesystemd:name: "{{ item }}"state: restarteddaemon_reload: yesloop:"{{ NODE_SERVICE }}"when:- ansible_hostname=="k8s-node03"
- name: get calico containershell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig get pod -n kube-system -o wide|grep calico |grep node03 |tail -n1|awk -F " " '{print $1}'register: CALICO_CONTAINERwhen:- ansible_hostname=="k8s-master01"
- name: delete calico containershell: |kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig delete pod {{ CALICO_CONTAINER.stdout }} -n kube-systemsleep 60swhen:- ansible_hostname=="k8s-master01"
- name: uncordon node03shell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig uncordon k8s-node03.example.localwhen:- ansible_hostname=="k8s-master01"[root@ansible-server kubernetes-node-update]# vim tasks/main.yml
- include: upgrade_node01.yml
- include: upgrade_node02.yml
- include: upgrade_node03.yml[root@ansible-server kubernetes-node-update]# cd ../../
[root@ansible-server ansible]# tree roles/kubernetes-node-update/
roles/kubernetes-node-update/
├── files
│   ├── kubelet
│   └── kube-proxy
├── tasks
│   ├── main.yml
│   ├── upgrade_node01.yml
│   ├── upgrade_node02.yml
│   └── upgrade_node03.yml
├── templates
│   └── 10-kubelet.conf.j2
└── vars└── main.yml4 directories, 8 files[root@ansible-server ansible]# vim kubernetes_node_update_role.yml
---
- hosts: master01:noderoles:- role: kubernetes-node-update[root@ansible-server ansible]# ansible-playbook kubernetes_node_update_role.yml

18.4.2 验证node

[root@k8s-master01 ~]# kubectl get nodes
NAME                         STATUS   ROLES    AGE   VERSION
k8s-master01.example.local   Ready    <none>   99m   v1.22.6
k8s-master02.example.local   Ready    <none>   99m   v1.22.6
k8s-master03.example.local   Ready    <none>   99m   v1.22.6
k8s-node01.example.local     Ready    <none>   99m   v1.22.6
k8s-node02.example.local     Ready    <none>   99m   v1.22.6
k8s-node03.example.local     Ready    <none>   99m   v1.22.6[root@k8s-master01 ~]# kubectl get pod -n kube-system -o wide|grep calico|grep node01|tail -n1
calico-node-xthsn                          1/1     Running   0          4m34s   172.31.3.111      k8s-node01.example.local     <none>           <none>
[root@k8s-master01 ~]# kubectl get pod calico-node-xthsn -n kube-system -o yaml |grep imageimage: harbor.raymonds.cc/google_containers/node:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/cni:v3.21.4imagePullPolicy: IfNotPresent- image: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/node:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/node@sha256:1ce80e8524bc68b29593e4e7a6186ad0c6986a0e68f3cd55ccef8637bdd2e922image: harbor.raymonds.cc/google_containers/cni:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/cni@sha256:8dd84a8c73929a6b1038774d2cf5fd669856e09eaf3d960fd321df433dc1f05bimage: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/pod2daemon-flexvol@sha256:5b5fcca78d54341bfbd729ba8199624af61f7144a980bc46fcd1347d20bd8eef[root@k8s-master01 ~]# kubectl get pod -n kube-system -o wide|grep calico|grep node02|tail -n1
calico-node-7jp6h                          1/1     Running   0          3m52s   172.31.3.112      k8s-node02.example.local     <none>           <none>
[root@k8s-master01 ~]# kubectl get pod calico-node-7jp6h -n kube-system -o yaml |grep imageimage: harbor.raymonds.cc/google_containers/node:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/cni:v3.21.4imagePullPolicy: IfNotPresent- image: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/node:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/node@sha256:1ce80e8524bc68b29593e4e7a6186ad0c6986a0e68f3cd55ccef8637bdd2e922image: harbor.raymonds.cc/google_containers/cni:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/cni@sha256:8dd84a8c73929a6b1038774d2cf5fd669856e09eaf3d960fd321df433dc1f05bimage: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/pod2daemon-flexvol@sha256:5b5fcca78d54341bfbd729ba8199624af61f7144a980bc46fcd1347d20bd8eef[root@k8s-master01 ~]# kubectl get pod -n kube-system -o wide|grep calico|grep node03|tail -n1
calico-node-wfxmr                          1/1     Running   0          3m2s    172.31.3.113      k8s-node03.example.local     <none>           <none>
[root@k8s-master01 ~]# kubectl get pod calico-node-wfxmr -n kube-system -o yaml |grep imageimage: harbor.raymonds.cc/google_containers/node:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/cni:v3.21.4imagePullPolicy: IfNotPresent- image: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/node:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/node@sha256:1ce80e8524bc68b29593e4e7a6186ad0c6986a0e68f3cd55ccef8637bdd2e922image: harbor.raymonds.cc/google_containers/cni:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/cni@sha256:8dd84a8c73929a6b1038774d2cf5fd669856e09eaf3d960fd321df433dc1f05bimage: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/pod2daemon-flexvol@sha256:5b5fcca78d54341bfbd729ba8199624af61f7144a980bc46fcd1347d20bd8eef

18.5 coredns

18.5.1 升级coredns

[root@ansible-server ansible]# mkdir -p roles/coredns-update/{tasks,templates,vars}
[root@ansible-server ansible]# cd roles/coredns-update/
[root@ansible-server coredns-update]# ls
tasks  templates  vars#下面CLUSTERDNS改成自己规划的service网段的第10个IP地址,HARBOR_DOMAIN的地址设置成自己的harbor域名地址
[root@ansible-server coredns-update]# vim vars/main.yml 
CLUSTERDNS: 10.96.0.10                                 
HARBOR_DOMAIN: harbor.raymonds.cc[root@ansible-server coredns-update]# cat templates/coredns.yaml.j2 
apiVersion: v1
kind: ServiceAccount
metadata:name: corednsnamespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:labels:kubernetes.io/bootstrapping: rbac-defaultsname: system:coredns
rules:- apiGroups:- ""resources:- endpoints- services- pods- namespacesverbs:- list- watch- apiGroups:- discovery.k8s.ioresources:- endpointslicesverbs:- list- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:annotations:rbac.authorization.kubernetes.io/autoupdate: "true"labels:kubernetes.io/bootstrapping: rbac-defaultsname: system:coredns
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: system:coredns
subjects:
- kind: ServiceAccountname: corednsnamespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:name: corednsnamespace: kube-system
data:Corefile: |.:53 {errorshealth {lameduck 5s}readykubernetes cluster.local in-addr.arpa ip6.arpa {fallthrough in-addr.arpa ip6.arpa}prometheus :9153forward . /etc/resolv.conf {max_concurrent 1000}cache 30loopreloadloadbalance}
---
apiVersion: apps/v1
kind: Deployment
metadata:name: corednsnamespace: kube-systemlabels:k8s-app: kube-dnskubernetes.io/name: "CoreDNS"
spec:# replicas: not specified here:# 1. Default is 1.# 2. Will be tuned in real time if DNS horizontal auto-scaling is turned on.strategy:type: RollingUpdaterollingUpdate:maxUnavailable: 1selector:matchLabels:k8s-app: kube-dnstemplate:metadata:labels:k8s-app: kube-dnsspec:priorityClassName: system-cluster-criticalserviceAccountName: corednstolerations:- key: "CriticalAddonsOnly"operator: "Exists"nodeSelector:kubernetes.io/os: linuxaffinity:podAntiAffinity:requiredDuringSchedulingIgnoredDuringExecution:- labelSelector:matchExpressions:- key: k8s-appoperator: Invalues: ["kube-dns"]topologyKey: kubernetes.io/hostnamecontainers:- name: corednsimage: coredns/coredns:1.8.6imagePullPolicy: IfNotPresentresources:limits:memory: 170Mirequests:cpu: 100mmemory: 70Miargs: [ "-conf", "/etc/coredns/Corefile" ]volumeMounts:- name: config-volumemountPath: /etc/corednsreadOnly: trueports:- containerPort: 53name: dnsprotocol: UDP- containerPort: 53name: dns-tcpprotocol: TCP- containerPort: 9153name: metricsprotocol: TCPsecurityContext:allowPrivilegeEscalation: falsecapabilities:add:- NET_BIND_SERVICEdrop:- allreadOnlyRootFilesystem: truelivenessProbe:httpGet:path: /healthport: 8080scheme: HTTPinitialDelaySeconds: 60timeoutSeconds: 5successThreshold: 1failureThreshold: 5readinessProbe:httpGet:path: /readyport: 8181scheme: HTTPdnsPolicy: Defaultvolumes:- name: config-volumeconfigMap:name: corednsitems:- key: Corefilepath: Corefile
---
apiVersion: v1
kind: Service
metadata:name: kube-dnsnamespace: kube-systemannotations:prometheus.io/port: "9153"prometheus.io/scrape: "true"labels:k8s-app: kube-dnskubernetes.io/cluster-service: "true"kubernetes.io/name: "CoreDNS"
spec:selector:k8s-app: kube-dnsclusterIP: 10.96.0.10ports:- name: dnsport: 53protocol: UDP- name: dns-tcpport: 53protocol: TCP- name: metricsport: 9153protocol: TCP[root@ansible-server coredns-update]# vim templates/coredns.yaml.j2
...
data:Corefile: |.:53 {errorshealth {lameduck 5s}readykubernetes cluster.local in-addr.arpa ip6.arpa {fallthrough in-addr.arpa ip6.arpa}prometheus :9153forward . /etc/resolv.conf {max_concurrent 1000}cache 30loop ##将loop插件直接删除,避免内部循环reloadloadbalance}
...
spec:selector:k8s-app: kube-dnsclusterIP: {{ CLUSTERDNS }} #修改这里
...[root@ansible-server coredns-update]# vim tasks/coredns_file.yml
- name: copy coredns.yaml filetemplate:src: coredns.yaml.j2dest: /root/coredns.yamlwhen:- ansible_hostname=="k8s-master01"[root@ansible-server coredns-update]# vim tasks/config.yml
- name: Modify the "image:" linereplace:path: /root/coredns.yamlregexp: '(.*image:) coredns(/.*)'replace: '\1 {{ HARBOR_DOMAIN }}/google_containers\2'[root@ansible-server coredns-update]# vim tasks/download_images.yml
- name: get coredns versionshell:chdir: /rootcmd: awk -F "/"  '/image:/{print $NF}' coredns.yamlregister: COREDNS_VERSION
- name: download coredns imageshell: |{% for i in COREDNS_VERSION.stdout_lines %}docker pull registry.aliyuncs.com/google_containers/{{ i }}docker tag registry.aliyuncs.com/google_containers/{{ i }} {{ HARBOR_DOMAIN }}/google_containers/{{ i }}docker rmi registry.aliyuncs.com/google_containers/{{ i }}docker push {{ HARBOR_DOMAIN }}/google_containers/{{ i }}{% endfor %}[root@ansible-server coredns-update]# vim tasks/install_coredns.yml
- name: install corednsshell:chdir: /rootcmd: "kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig apply -f coredns.yaml"[root@ansible-server coredns-update]# vim tasks/main.yml
- include: coredns_file.yml
- include: config.yml
- include: download_images.yml
- include: install_coredns.yml[root@ansible-server coredns-update]# cd ../../
[root@ansible-server ansible]# tree roles/coredns/
roles/coredns/
├── tasks
│   ├── config.yml
│   ├── coredns_file.yml
│   ├── download_images.yml
│   ├── install_coredns.yml
│   └── main.yml
├── templates
│   └── coredns.yaml.j2
└── vars└── main.yml3 directories, 7 files[root@ansible-server ansible]# vim coredns_role.yml
---
- hosts: master01roles:- role: coredns-update[root@ansible-server ansible]# ansible-playbook coredns_update_role.yml

18.5.2 验证coredns

[root@k8s-master01 ~]# kubectl get po -n kube-system -l k8s-app=kube-dns
NAME                       READY   STATUS    RESTARTS   AGE
coredns-867b8c5ddf-2nnfd   1/1     Running   0          33s

18.6 metrics

18.6.1 升级metrics

[root@ansible-server ansible]# mkdir -p roles/metrics-update/{files,vars,tasks}
[root@ansible-server ansible]# cd roles/metrics-update/
[root@ansible-server metrics-update]# ls
files  tasks  vars[root@ansible-server metrics-update]# wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml -P files/#下面HARBOR_DOMAIN的地址设置成自己的harbor域名地址
[root@ansible-server metrics-update]# vim vars/main.yml
HARBOR_DOMAIN: harbor.raymonds.cc[root@ansible-server metrics-update]# wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml -P files/[root@ansible-server metrics-update]# vim files/components.yaml
...spec:containers:- args:- --cert-dir=/tmp- --secure-port=4443- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname- --kubelet-use-node-status-port- --metric-resolution=15s
#添加下面两行内容- --kubelet-insecure-tls- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.pem
...volumeMounts:- mountPath: /tmpname: tmp-dir
#添加下面两行内容- name: ca-sslmountPath: /etc/kubernetes/pki
...volumes:- emptyDir: {}name: tmp-dir
#添加下面三行内容- name: ca-sslhostPath:path: /etc/kubernetes/pki
...[root@ansible-server metrics-update]# vim tasks/metrics_file.yml
- name: copy components.yaml filecopy:src: components.yamldest: /root/components.yaml[root@ansible-server metrics-update]# vim tasks/config.yml
- name: Modify the "image:" linereplace:path: /root/components.yamlregexp: '(.*image:) k8s.gcr.io/metrics-server(/.*)'replace: '\1 {{ HARBOR_DOMAIN }}/google_containers\2'[root@ansible-server metrics-update]# vim tasks/download_images.yml
- name: get metrics versionshell:chdir: /rootcmd: awk -F "/"  '/image:/{print $NF}' components.yamlregister: METRICS_VERSION
- name: download metrics imageshell: |{% for i in METRICS_VERSION.stdout_lines %}docker pull registry.aliyuncs.com/google_containers/{{ i }}docker tag registry.aliyuncs.com/google_containers/{{ i }} {{ HARBOR_DOMAIN }}/google_containers/{{ i }}docker rmi registry.aliyuncs.com/google_containers/{{ i }}docker push {{ HARBOR_DOMAIN }}/google_containers/{{ i }}{% endfor %}[root@ansible-server metrics-update]# vim tasks/install_metrics.yml
- name: install metricsshell:chdir: /rootcmd: "kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig apply -f components.yaml"[root@ansible-server metrics-update]# vim tasks/main.yml
- include: metrics_file.yml
- include: config.yml
- include: download_images.yml
- include: install_metrics.yml[root@ansible-server metrics-update]# cd ../../
[root@ansible-server ansible]# tree roles/metrics-update/
roles/metrics-update/
├── files
│   └── components.yaml
├── tasks
│   ├── config.yml
│   ├── download_images.yml
│   ├── install_metrics.yml
│   ├── main.yml
│   └── metrics_file.yml
└── vars└── main.yml3 directories, 7 files[root@ansible-server ansible]# vim metrics_update_role.yml 
---
- hosts: master01roles:- role: metrics-update[root@ansible-server ansible]# ansible-playbook metrics_update_role.yml

18.6.2 验证metrics

[root@k8s-master01 ~]# kubectl get pod -A|grep metrics-server
kube-system            metrics-server-648f84647-2l5bk               1/1     Running   0          34s[root@k8s-master01 ~]# kubectl top node 
NAME                         CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
k8s-master01.example.local   143m         7%     1853Mi          48%       
k8s-master02.example.local   140m         7%     1561Mi          40%       
k8s-master03.example.local   129m         6%     1446Mi          37%       
k8s-node01.example.local     97m          4%     863Mi           22%       
k8s-node02.example.local     80m          4%     854Mi           22%       
k8s-node03.example.local     80m          4%     884Mi           23%

18.7 dashboard

18.7.1 升级dashboard

[root@ansible-server ansible]# mkdir -p roles/dashboard-update/{files,templates,vars,tasks}
[root@ansible-server ansible]# cd roles/dashboard-update/
[root@ansible-server dashboard-update]# ls
files  tasks  templates  vars[root@ansible-server dashboard-update]# vim files/admin.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:name: admin-usernamespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding 
metadata: name: admin-userannotations:rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-admin
subjects:
- kind: ServiceAccountname: admin-usernamespace: kube-system[root@ansible-server dashboard-update]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml -P templates/recommended.yaml.j2[root@ansible-server dashboard-update]# vim templates/recommended.yaml.j2
...
kind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:type: NodePort #添加这行ports:- port: 443targetPort: 8443nodePort: {{ NODEPORT }} #添加这行selector:k8s-app: kubernetes-dashboard
...#下面HARBOR_DOMAIN的地址设置成自己的harbor域名地址
[root@ansible-server dashboard-update]# vim vars/main.yml
HARBOR_DOMAIN: harbor.raymonds.cc
NODEPORT: 30005[root@ansible-server dashboard-update]# vim tasks/dashboard_file.yml
- name: copy recommended.yaml filetemplate:src: recommended.yaml.j2dest: /root/recommended.yaml
- name: copy admin.yaml filecopy:src: admin.yamldest: /root/admin.yaml[root@ansible-server dashboard-update]# vim tasks/config.yml
- name: Modify the "image:" linereplace:path: /root/recommended.yamlregexp: '(.*image:) kubernetesui(/.*)'replace: '\1 {{ HARBOR_DOMAIN }}/google_containers\2'[root@ansible-server dashboard-update]# vim tasks/download_images.yml
- name: get dashboard versionshell:chdir: /rootcmd: awk -F "/"  '/image:/{print $NF}' recommended.yamlregister: DASHBOARD_VERSION
- name: download dashboard imageshell: |{% for i in DASHBOARD_VERSION.stdout_lines %}docker pull kubernetesui/{{ i }}docker tag kubernetesui/{{ i }} {{ HARBOR_DOMAIN }}/google_containers/{{ i }}docker rmi kubernetesui/{{ i }}docker push {{ HARBOR_DOMAIN }}/google_containers/{{ i }}{% endfor %}[root@ansible-server dashboard-update]# vim tasks/install_dashboard.yml
- name: install dashboardshell:chdir: /rootcmd: "kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig apply -f recommended.yaml -f admin.yaml"[root@ansible-server dashboard-update]# vim tasks/main.yml
- include: dashboard_file.yml
- include: config.yml
- include: download_images.yml
- include: install_dashboard.yml[root@ansible-server dashboard-update]# cd ../../
[root@ansible-server ansible]# tree roles/dashboard-update/
roles/dashboard-update/
├── files
│   └── admin.yaml
├── tasks
│   ├── config.yml
│   ├── dashboard_file.yml
│   ├── download_images.yml
│   ├── install_dashboard.yml
│   └── main.yml
├── templates
│   └── recommended.yaml.j2
└── vars└── main.yml4 directories, 8 files[root@ansible-server ansible]# vim dashboard_update_role.yml 
---
- hosts: master01roles:- role: dashboard-update[root@ansible-server ansible]# ansible-playbook dashboard_update_role.yml

18.7.2 登录dashboard

https://172.31.3.101:30005

[root@k8s-master01 ~]#  kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-s426j
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-userkubernetes.io/service-account.uid: 1eb8f4ab-1ef8-46e0-ab60-bd8592da66b9Type:  kubernetes.io/service-account-tokenData
====
ca.crt:     1411 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InV4dHpkbGRoSGZnbEJHU0dLRnE4TmNzYzU5cTlLazN6SFpUdGFPYjczbXcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXM0MjZqIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIxZWI4ZjRhYi0xZWY4LTQ2ZTAtYWI2MC1iZDg1OTJkYTY2YjkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.Hde0T5KKcVOD4SBr44WMsGAX96jKLGywE9m3ML-J3bMeZzHmLbRgfSkFaJ_Gu_vR8gBbY_HoeoSdq136WlkJzr8hEjRPypoWoWNHiYL3Xl-9U-tZ4SKCmrFqGpYQV38rG4rzX086M2nSpLL880dZKc8i_PtuKeAtvVTqJ6V_-ozyuO7BWiU4vpvTk-U6tFNTegCjtfT3mavveAUcfYN3mTrFRr0E-KHkjxdCf6i-bsJk46xPC8ZvkaqY4VL3kGGJSkx2NwWlC9B_Eq0YsajGqdIr9gSJWQ2KFdHlsOWgT-um8sW7oBSYoTsZ4ZFjDfbEvAgFjbSaRfPGGQidXNvKmg

在这里插入图片描述

这篇关于a29.ansible 生产实战案例 -- 基于二进制包安装kubernetes v1.20 -- 集群升级(二)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!


http://www.chinasem.cn/article/334149

相关文章

SQL server数据库如何下载和安装

SQL server数据库如何下载和安装

《SQLserver数据库如何下载和安装》本文指导如何下载安装SQLServer2022评估版及SSMS工具,涵盖安装配置、连接字符串设置、C#连接数据库方法和安全注意事项,如混合验证、参数化查... 目录第一步:打开官网下载对应文件第二步:程序安装配置第三部:安装工具SQL Server Manageme
阅读更多...
MySQL 多列 IN 查询之语法、性能与实战技巧(最新整理)

MySQL 多列 IN 查询之语法、性能与实战技巧(最新整理)

《MySQL多列IN查询之语法、性能与实战技巧(最新整理)》本文详解MySQL多列IN查询,对比传统OR写法,强调其简洁高效,适合批量匹配复合键,通过联合索引、分批次优化提升性能,兼容多种数据库... 目录一、基础语法:多列 IN 的两种写法1. 直接值列表2. 子查询二、对比传统 OR 的写法三、性能分析
阅读更多...
Python通用唯一标识符模块uuid使用案例详解

Python通用唯一标识符模块uuid使用案例详解

《Python通用唯一标识符模块uuid使用案例详解》Pythonuuid模块用于生成128位全局唯一标识符,支持UUID1-5版本,适用于分布式系统、数据库主键等场景,需注意隐私、碰撞概率及存储优... 目录简介核心功能1. UUID版本2. UUID属性3. 命名空间使用场景1. 生成唯一标识符2. 数
阅读更多...
Python办公自动化实战之打造智能邮件发送工具

Python办公自动化实战之打造智能邮件发送工具

《Python办公自动化实战之打造智能邮件发送工具》在数字化办公场景中,邮件自动化是提升工作效率的关键技能,本文将演示如何使用Python的smtplib和email库构建一个支持图文混排,多附件,多... 目录前言一、基础配置:搭建邮件发送框架1.1 邮箱服务准备1.2 核心库导入1.3 基础发送函数二、
阅读更多...
Jenkins分布式集群配置方式

Jenkins分布式集群配置方式

《Jenkins分布式集群配置方式》:本文主要介绍Jenkins分布式集群配置方式,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教... 目录1.安装jenkins2.配置集群总结Jenkins是一个开源项目,它提供了一个容易使用的持续集成系统,并且提供了大量的plugin满
阅读更多...
Python包管理工具pip的升级指南

Python包管理工具pip的升级指南

《Python包管理工具pip的升级指南》本文全面探讨Python包管理工具pip的升级策略,从基础升级方法到高级技巧,涵盖不同操作系统环境下的最佳实践,我们将深入分析pip的工作原理,介绍多种升级方... 目录1. 背景介绍1.1 目的和范围1.2 预期读者1.3 文档结构概述1.4 术语表1.4.1 核
阅读更多...
PowerShell中15个提升运维效率关键命令实战指南

PowerShell中15个提升运维效率关键命令实战指南

《PowerShell中15个提升运维效率关键命令实战指南》作为网络安全专业人员的必备技能,PowerShell在系统管理、日志分析、威胁检测和自动化响应方面展现出强大能力,下面我们就来看看15个提升... 目录一、PowerShell在网络安全中的战略价值二、网络安全关键场景命令实战1. 系统安全基线核查
阅读更多...
PostgreSQL的扩展dict_int应用案例解析

PostgreSQL的扩展dict_int应用案例解析

《PostgreSQL的扩展dict_int应用案例解析》dict_int扩展为PostgreSQL提供了专业的整数文本处理能力,特别适合需要精确处理数字内容的搜索场景,本文给大家介绍PostgreS... 目录PostgreSQL的扩展dict_int一、扩展概述二、核心功能三、安装与启用四、字典配置方法
阅读更多...
从原理到实战深入理解Java 断言assert

从原理到实战深入理解Java 断言assert

《从原理到实战深入理解Java断言assert》本文深入解析Java断言机制,涵盖语法、工作原理、启用方式及与异常的区别,推荐用于开发阶段的条件检查与状态验证,并强调生产环境应使用参数验证工具类替代... 目录深入理解 Java 断言(assert):从原理到实战引言:为什么需要断言?一、断言基础1.1 语
阅读更多...
Python中win32包的安装及常见用途介绍

Python中win32包的安装及常见用途介绍

《Python中win32包的安装及常见用途介绍》在Windows环境下,PythonWin32模块通常随Python安装包一起安装,:本文主要介绍Python中win32包的安装及常见用途的相关... 目录前言主要组件安装方法常见用途1. 操作Windows注册表2. 操作Windows服务3. 窗口操作
阅读更多...

Copyright China编程 23002807@qq.com

沪ICP备2023033072号-2