a29.ansible 生产实战案例 -- 基于二进制包安装kubernetes v1.20 -- 集群升级(二)

2023-11-02 23:50
文章标签 实战 集群 安装 kubernetes 案例 二进制 升级 生产 ansible v1.20 a29

本文主要是介绍a29.ansible 生产实战案例 -- 基于二进制包安装kubernetes v1.20 -- 集群升级(二),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

18.升级kubernetes

把yaml文件先备份了

[root@k8s-master01 ~]# mkdir bak
[root@k8s-master01 ~]# mv *.yaml bak/
[root@k8s-master01 ~]# ls bak/
admin.yaml  bootstrap.secret.yaml  calico-etcd.yaml  components.yaml  coredns.yaml  recommended.yaml

18.1 etcd

18.1.1 升级etcd

[root@ansible-server ansible]# mkdir -p roles/etcd-update/{files,tasks}
[root@ansible-server ansible]# cd roles/etcd-update/
[root@ansible-server etcd-update]# ls
files  tasks[root@ansible-server etcd-update]# wget https://github.com/etcd-io/etcd/releases/download/v3.5.0/etcd-v3.5.0-linux-amd64.tar.gz[root@ansible-server etcd-update]# tar -xf etcd-v3.5.0-linux-amd64.tar.gz --strip-components=1 -C files/ etcd-v3.5.0-linux-amd64/etcd{,ctl}
[root@ansible-server etcd-update]# ls files/
etcd  etcdctl
[root@ansible-server etcd-update]# rm -f etcd-v3.5.0-linux-amd64.tar.gz[root@ansible-server etcd-update]# vim tasks/upgrade_etcd01.yml
- name: stop etcdsystemd:name: etcdstate: stoppedwhen:- ansible_hostname=="k8s-etcd01"
- name: copy etcd files to etcd01copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- etcd- etcdctlwhen:- ansible_hostname=="k8s-etcd01"
- name: start etcdsystemd:name: etcdstate: restartedwhen:- ansible_hostname=="k8s-etcd01"[root@ansible-server etcd-update]# vim tasks/upgrade_etcd02.yml
- name: stop etcdsystemd:name: etcdstate: stoppedwhen:- ansible_hostname=="k8s-etcd02"
- name: copy etcd files to etcd02copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- etcd- etcdctlwhen:- ansible_hostname=="k8s-etcd02"
- name: start etcdsystemd:name: etcdstate: restartedwhen:- ansible_hostname=="k8s-etcd02"[root@ansible-server etcd-update]# vim tasks/upgrade_etcd03.yml
- name: stop etcdsystemd:name: etcdstate: stoppedwhen:- ansible_hostname=="k8s-etcd03"
- name: copy etcd files to etcd03copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- etcd- etcdctlwhen:- ansible_hostname=="k8s-etcd03"
- name: start etcdsystemd:name: etcdstate: restartedwhen:- ansible_hostname=="k8s-etcd03"[root@ansible-server etcd-update]# vim tasks/main.yml
- include: upgrade_etcd01.yml
- include: upgrade_etcd02.yml
- include: upgrade_etcd03.yml[root@ansible-server ansible]# tree roles/etcd-update/
roles/etcd-update/
├── files
│   ├── etcd
│   └── etcdctl
└── tasks├── main.yml├── upgrade_etcd01.yml├── upgrade_etcd02.yml└── upgrade_etcd03.yml2 directories, 6 files[root@ansible-server ansible]# vim etcd_update_role.yml
---
- hosts: etcdroles:- role: etcd-update[root@ansible-server ansible]# ansible-playbook etcd_update_role.yml

18.1.2 验证etcd

[root@k8s-etcd01 ~]# etcdctl --endpoints="172.31.3.108:2379,172.31.3.109:2379,172.31.3.110:2379" --cacert=/etc/kubernetes/pki/etcd/etcd-ca.pem --cert=/etc/kubernetes/pki/etcd/etcd.pem --key=/etc/kubernetes/pki/etcd/etcd-key.pem endpoint status --write-out=table
+-------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
|     ENDPOINT      |        ID        | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+-------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| 172.31.3.108:2379 | a9fef56ff96ed75c |   3.5.0 |  6.0 MB |      true |      false |         4 |      43156 |              43156 |        |
| 172.31.3.109:2379 | 8319ef09e8b3d277 |   3.5.0 |  6.1 MB |     false |      false |         4 |      43156 |              43156 |        |
| 172.31.3.110:2379 | 209a1f57c506dba2 |   3.5.0 |  6.0 MB |     false |      false |         4 |      43156 |              43156 |        |
+-------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+

18.2 master

18.2.1 升级master

[root@ansible-server ansible]# mkdir -p roles/kubernetes-master-update/{files,tasks,templates,vars}
[root@ansible-server ansible]# cd roles/kubernetes-master-update/
[root@ansible-server kubernetes-master-update]# ls
files  tasks  templates  vars[root@ansible-server kubernetes-master-update]# wget https://dl.k8s.io/v1.22.6/kubernetes-server-linux-amd64.tar.gz
[root@ansible-server kubernetes-master-update]# tar -xf kubernetes-server-linux-amd64.tar.gz  --strip-components=3 -C files/ kubernetes/server/bin/kube{let,ctl,-apiserver,-controller-manager,-scheduler,-proxy}
[root@ansible-server kubernetes-master-update]# ls files/
kube-apiserver  kube-controller-manager  kubectl  kubelet  kube-proxy  kube-scheduler
[root@ansible-server kubernetes-master-update]# rm -f kubernetes-server-linux-amd64.tar.gz #下面MASTER01、MASTER02和MASTER03的IP地址根据自己的更改,HARBOR_DOMAIN的地址设置成自己的harbor域名地址
[root@ansible-server kubernetes-master-update]# vim vars/main.yml
MASTER01: 172.31.3.101
MASTER02: 172.31.3.102
MASTER03: 172.31.3.103
HARBOR_DOMAIN: harbor.raymonds.cc
PAUSE_VERSION: 3.5MASTER_SERVICE:- kube-apiserver- kube-controller-manager- kube-scheduler- kube-proxy- kubelet[root@ansible-server kubernetes-master-update]# vim templates/10-kubelet.conf.j2 
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig --kubeconfig=/etc/kubernetes/kubelet.kubeconfig"
Environment="KUBELET_SYSTEM_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
Environment="KUBELET_CONFIG_ARGS=--config=/etc/kubernetes/kubelet-conf.yml --pod-infra-container-image={{ HARBOR_DOMAIN }}/google_containers/pause:{{ PAUSE_VERSION }}"
Environment="KUBELET_EXTRA_ARGS=--node-labels=node.kubernetes.io/node='' "
ExecStart=
ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_SYSTEM_ARGS $KUBELET_EXTRA_ARG[root@ansible-server kubernetes-master-update]# vim tasks/upgrade_master01.yml
- name: install CentOS or Rocky socatyum: name: socatwhen:- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")- inventory_hostname in groups.ha
- name: install Ubuntu socatapt:name: socatforce: yeswhen:- ansible_distribution=="Ubuntu"- inventory_hostname in groups.ha
- name: download pause imageshell: |docker pull registry.aliyuncs.com/google_containers/pause:{{ PAUSE_VERSION }}docker tag registry.aliyuncs.com/google_containers/pause:{{ PAUSE_VERSION }} {{ HARBOR_DOMAIN }}/google_containers/pause:{{ PAUSE_VERSION }}docker rmi registry.aliyuncs.com/google_containers/pause:{{ PAUSE_VERSION }}docker push {{ HARBOR_DOMAIN }}/google_containers/pause:{{ PAUSE_VERSION }}when:- ansible_hostname=="k8s-master01"
- name: down master01shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "disable server kubernetes-6443/{{ MASTER01 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"
- name: stop servicesystemd:name: "{{ item }}"state: stoppedloop:"{{ MASTER_SERVICE }}"when:- ansible_hostname=="k8s-master01"
- name: copy kubernetes files to master01copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- kube-apiserver- kube-controller-manager- kubectl- kubelet- kube-proxy- kube-schedulerwhen:- ansible_hostname=="k8s-master01"
- name: copy 10-kubelet.conf to master01template: src: 10-kubelet.conf.j2dest: /etc/systemd/system/kubelet.service.d/10-kubelet.confwhen:- ansible_hostname=="k8s-master01"
- name: start servicesystemd:name: "{{ item }}"state: restarteddaemon_reload: yesloop:"{{ MASTER_SERVICE }}"when:- ansible_hostname=="k8s-master01"
- name: up master01shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "enable server kubernetes-6443/{{ MASTER01 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"[root@ansible-server kubernetes-master-update]# vim tasks/upgrade_master02.yml 
- name: down master02shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "disable server kubernetes-6443/{{ MASTER02 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"
- name: stop servicesystemd:name: "{{ item }}"state: stoppedloop:"{{ MASTER_SERVICE }}"when:- ansible_hostname=="k8s-master02"
- name: copy kubernetes files to master02copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- kube-apiserver- kube-controller-manager- kubectl- kubelet- kube-proxy- kube-schedulerwhen:- ansible_hostname=="k8s-master02"
- name: copy 10-kubelet.conf to master02template: src: 10-kubelet.conf.j2dest: /etc/systemd/system/kubelet.service.d/10-kubelet.confwhen:- ansible_hostname=="k8s-master02"
- name: start servicesystemd:name: "{{ item }}"state: restarteddaemon_reload: yesloop:"{{ MASTER_SERVICE }}"when:- ansible_hostname=="k8s-master02"
- name: up master02shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "enable server kubernetes-6443/{{ MASTER02 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"[root@ansible-server kubernetes-master-update]# vim tasks/upgrade_master03.yml 
- name: down master03shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "disable server kubernetes-6443/{{ MASTER03 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"
- name: stop servicesystemd:name: "{{ item }}"state: stoppedloop:"{{ MASTER_SERVICE }}"when:- ansible_hostname=="k8s-master03"
- name: copy kubernetes files to master03copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- kube-apiserver- kube-controller-manager- kubectl- kubelet- kube-proxy- kube-schedulerwhen:- ansible_hostname=="k8s-master03"
- name: copy 10-kubelet.conf to master03template: src: 10-kubelet.conf.j2dest: /etc/systemd/system/kubelet.service.d/10-kubelet.confwhen:- ansible_hostname=="k8s-master03"
- name: start servicesystemd:name: "{{ item }}"state: restarteddaemon_reload: yesloop:"{{ MASTER_SERVICE }}"when:- ansible_hostname=="k8s-master03"
- name: up master03shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "enable server kubernetes-6443/{{ MASTER03 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"[root@ansible-server kubernetes-master-update]# vim tasks/main.yml
- include: upgrade_master01.yml
- include: upgrade_master02.yml
- include: upgrade_master03.yml[root@ansible-server kubernetes-master-update]# cd ../../
[root@ansible-server ansible]# tree roles/kubernetes-master-update/
roles/kubernetes-master-update/
├── files
│   ├── kube-apiserver
│   ├── kube-controller-manager
│   ├── kubectl
│   ├── kubelet
│   ├── kube-proxy
│   └── kube-scheduler
├── tasks
│   ├── main.yml
│   ├── upgrade_master01.yml
│   ├── upgrade_master02.yml
│   └── upgrade_master03.yml
├── templates
│   └── 10-kubelet.conf.j2
└── vars└── main.yml4 directories, 12 files[root@ansible-server ansible]# vim kubernetes_master_update_role.yml
---
- hosts: master:haroles:- role: kubernetes-master-update[root@ansible-server ansible]# ansible-playbook kubernetes_master_update_role.yml

18.2.2 验证master

[root@k8s-master01 ~]# kubectl get nodes
NAME                         STATUS   ROLES    AGE   VERSION
k8s-master01.example.local   Ready    <none>   46m   v1.22.6
k8s-master02.example.local   Ready    <none>   46m   v1.22.6
k8s-master03.example.local   Ready    <none>   46m   v1.22.6
k8s-node01.example.local     Ready    <none>   46m   v1.20.14
k8s-node02.example.local     Ready    <none>   46m   v1.20.14
k8s-node03.example.local     Ready    <none>   46m   v1.20.14

18.3 升级calico

18.3.1 升级calico

[root@ansible-server ansible]# mkdir -p roles/calico-update/{tasks,vars,templates}
[root@ansible-server ansible]# cd roles/calico-update
[root@ansible-server calico-update]# ls
tasks  templates  vars#下面HARBOR_DOMAIN的地址设置成自己的harbor域名地址,POD_SUBNET改成自己规划的容器网段,MASTER01、MASTER02和MASTER03的IP地址根据自己的更改
[root@ansible-server calico-update]# vim vars/main.yml
HARBOR_DOMAIN: harbor.raymonds.cc
POD_SUBNET: 192.168.0.0/12
MASTER01: 172.31.3.101
MASTER02: 172.31.3.102
MASTER03: 172.31.3.103[root@ansible-server calico-update]# wget https://docs.projectcalico.org/manifests/calico-etcd.yaml -p templates/calico-etcd.yaml.j2[root@k8s-master01 ~]# vim templates/calico-etcd.yaml.j2
...
spec:selector:matchLabels:k8s-app: calico-nodeupdateStrategy:type: OnDelete #修改这里,calico不会滚动更新,只有重启了kubelet,才会更新template:metadata:labels:k8s-app: calico-node
...#修改下面内容
[root@ansible-server calico-update]# grep "etcd_endpoints:.*" templates/calico-etcd.yaml.j2 etcd_endpoints: "http://<ETCD_IP>:<ETCD_PORT>"[root@ansible-server calico-update]# sed -i 's#etcd_endpoints: "http://<ETCD_IP>:<ETCD_PORT>"#etcd_endpoints: "{% for i in groups.etcd %}https://{{ hostvars[i].ansible_default_ipv4.address }}:2379{% if not loop.last %},{% endif %}{% endfor %}"#g' templates/calico-etcd.yaml.j2  [root@ansible-server calico-update]# grep "etcd_endpoints:.*" templates/calico-etcd.yaml.j2etcd_endpoints: "{% for i in groups.etcd %}https://{{ hostvars[i].ansible_default_ipv4.address }}:2379{% if not loop.last %},{% endif %}{% endfor %}"	[root@ansible-server calico-update]# vim tasks/calico_file.yml
- name: copy calico-etcd.yaml filetemplate:src: calico-etcd.yaml.j2dest: /root/calico-etcd.yamlwhen:- ansible_hostname=="k8s-master01"[root@ansible-server calico-update]# vim tasks/config.yml
- name: get ETCD_KEY keyshell:cmd: cat /etc/kubernetes/pki/etcd/etcd-key.pem | base64 | tr -d '\n'register: ETCD_KEYwhen:- ansible_hostname=="k8s-master01"
- name: Modify the ".*etcd-key:.*" linereplace:path: /root/calico-etcd.yamlregexp: '# (etcd-key:) null'replace: '\1 {{ ETCD_KEY.stdout }}'when:- ansible_hostname=="k8s-master01"
- name: get ETCD_CERT keyshell:cmd: cat /etc/kubernetes/pki/etcd/etcd.pem | base64 | tr -d '\n'register: ETCD_CERTwhen:- ansible_hostname=="k8s-master01"
- name: Modify the ".*etcd-cert:.*" linereplace:path: /root/calico-etcd.yamlregexp: '# (etcd-cert:) null'replace: '\1 {{ ETCD_CERT.stdout }}'when:- ansible_hostname=="k8s-master01"
- name: get ETCD_CA keyshell:cmd: cat /etc/kubernetes/pki/etcd/etcd-ca.pem | base64 | tr -d '\n'when:- ansible_hostname=="k8s-master01"register: ETCD_CA
- name: Modify the ".*etcd-ca:.*" linereplace:path: /root/calico-etcd.yamlregexp: '# (etcd-ca:) null'replace: '\1 {{ ETCD_CA.stdout }}'when:- ansible_hostname=="k8s-master01"
- name: Modify the ".*etcd_ca:.*" linereplace:path: /root/calico-etcd.yamlregexp: '(etcd_ca:) ""'replace: '\1 "/calico-secrets/etcd-ca"'when:- ansible_hostname=="k8s-master01"
- name: Modify the ".*etcd_cert:.*" linereplace:path: /root/calico-etcd.yamlregexp: '(etcd_cert:) ""'replace: '\1 "/calico-secrets/etcd-cert"'when:- ansible_hostname=="k8s-master01"
- name: Modify the ".*etcd_key:.*" linereplace:path: /root/calico-etcd.yamlregexp: '(etcd_key:) ""'replace: '\1 "/calico-secrets/etcd-key"'when:- ansible_hostname=="k8s-master01"
- name: Modify the ".*CALICO_IPV4POOL_CIDR.*" linereplace:path: /root/calico-etcd.yamlregexp: '# (- name: CALICO_IPV4POOL_CIDR)'replace: '\1'when:- ansible_hostname=="k8s-master01"
- name: Modify the ".*192.168.0.0.*" linereplace:path: /root/calico-etcd.yamlregexp: '#   (value:) "192.168.0.0/16"'replace: '  \1 "{{ POD_SUBNET }}"'when:- ansible_hostname=="k8s-master01"
- name: Modify the "image:" linereplace:path: /root/calico-etcd.yamlregexp: '(.*image:) docker.io/calico(/.*)'replace: '\1 {{ HARBOR_DOMAIN }}/google_containers\2'when:- ansible_hostname=="k8s-master01"[root@ansible-server calico-update]# vim tasks/download_images.yml
- name: get calico versionshell:chdir: /rootcmd: awk -F "/"  '/image:/{print $NF}' calico-etcd.yamlregister: CALICO_VERSIONwhen:- ansible_hostname=="k8s-master01"
- name: download calico imageshell: |{% for i in CALICO_VERSION.stdout_lines %}docker pull registry.cn-beijing.aliyuncs.com/raymond9/{{ i }}docker tag registry.cn-beijing.aliyuncs.com/raymond9/{{ i }} {{ HARBOR_DOMAIN }}/google_containers/{{ i }}docker rmi registry.cn-beijing.aliyuncs.com/raymond9/{{ i }}docker push {{ HARBOR_DOMAIN }}/google_containers/{{ i }}{% endfor %}when:- ansible_hostname=="k8s-master01"[root@ansible-server calico-update]# vim tasks/install_calico.yml
- name: install calicoshell:chdir: /rootcmd: "kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig apply -f calico-etcd.yaml"when:- ansible_hostname=="k8s-master01"[root@ansible-server calico-update]# vim tasks/delete_master01_calico_container.yml 
- name: down master01shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "disable server kubernetes-6443/{{ MASTER01 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"
- name: get calico containershell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig get pod -n kube-system -o wide|grep calico |grep master01 |awk -F " " '{print $1}'register: CALICO_CONTAINERwhen:- ansible_hostname=="k8s-master01"
- name: delete calico containershell: |kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig delete pod {{ CALICO_CONTAINER.stdout }} -n kube-systemsleep 30swhen:- ansible_hostname=="k8s-master01"
- name: up master01shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "enable server kubernetes-6443/{{ MASTER01 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"[root@ansible-server calico-update]# vim tasks/delete_master02_calico_container.yml 
- name: down master02shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "disable server kubernetes-6443/{{ MASTER02 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"
- name: get calico containershell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig get pod -n kube-system -o wide|grep calico |grep master02 |awk -F " " '{print $1}'register: CALICO_CONTAINERwhen:- ansible_hostname=="k8s-master01"
- name: delete calico containershell: |kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig delete pod {{ CALICO_CONTAINER.stdout }} -n kube-systemsleep 30swhen:- ansible_hostname=="k8s-master01"
- name: up master02shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "enable server kubernetes-6443/{{ MASTER02 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"[root@ansible-server calico-update]# vim tasks/delete_master03_calico_container.yml 
- name: down master03shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "disable server kubernetes-6443/{{ MASTER03 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"
- name: get calico containershell:cmd: kubectl get --kubeconfig=/etc/kubernetes/admin.kubeconfig pod -n kube-system -o wide|grep calico |grep master03 |awk -F " " '{print $1}'register: CALICO_CONTAINERwhen:- ansible_hostname=="k8s-master01"
- name: delete calico containershell: |kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig delete pod {{ CALICO_CONTAINER.stdout }} -n kube-systemsleep 30swhen:- ansible_hostname=="k8s-master01"
- name: up master03shell:cmd: ssh -o StrictHostKeyChecking=no root@k8s-lb "echo "enable server kubernetes-6443/{{ MASTER03 }}" | socat stdio /var/lib/haproxy/haproxy.sock"when:- ansible_hostname=="k8s-master01"[root@ansible-server calico-update]# vim tasks/main.yml
- include: calico_file.yml
- include: config.yml
- include: download_images.yml
- include: install_calico.yml
- include: delete_master01_calico_container.yml
- include: delete_master02_calico_container.yml
- include: delete_master03_calico_container.yml[root@ansible-server calico-update]# cd ../../
[root@ansible-server ansible]# tree roles/calico-update/
roles/calico-update/
├── tasks
│   ├── calico_file.yml
│   ├── config.yml
│   ├── delete_master01_calico_container.yml
│   ├── delete_master02_calico_container.yml
│   ├── delete_master03_calico_container.yml
│   ├── download_images.yml
│   ├── install_calico.yml
│   └── main.yml
├── templates
│   └── calico-etcd.yaml.j2
└── vars└── main.yml3 directories, 10 files[root@ansible-server ansible]# vim calico_update_role.yml 
---
- hosts: master:etcdroles:- role: calico-update[root@ansible-server ansible]# ansible-playbook calico_update_role.yml

18.3.2 验证calico

[root@k8s-master01 ~]# kubectl get pod -n kube-system -o wide|grep calico|grep master01|tail -n1
calico-node-pkx8j                          1/1     Running   0          7m14s   172.31.3.101      k8s-master01.example.local   <none>           <none>
[root@k8s-master01 ~]# kubectl get pod  calico-node-pkx8j -n kube-system -o yaml|grep "image"image: harbor.raymonds.cc/google_containers/node:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/cni:v3.21.4imagePullPolicy: IfNotPresent- image: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/node:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/node@sha256:1ce80e8524bc68b29593e4e7a6186ad0c6986a0e68f3cd55ccef8637bdd2e922image: harbor.raymonds.cc/google_containers/cni:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/cni@sha256:8dd84a8c73929a6b1038774d2cf5fd669856e09eaf3d960fd321df433dc1f05bimage: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/pod2daemon-flexvol@sha256:5b5fcca78d54341bfbd729ba8199624af61f7144a980bc46fcd1347d20bd8eef[root@k8s-master01 ~]# kubectl get pod -n kube-system -o wide|grep calico|grep master02|tail -n1
calico-node-zzpwt                          1/1     Running   0          30m     172.31.3.102      k8s-master02.example.local   <none>           <none>
[root@k8s-master01 ~]# kubectl get pod calico-node-zzpwt -n kube-system -o yaml|grep "image"image: harbor.raymonds.cc/google_containers/node:v3.15.3imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/cni:v3.15.3imagePullPolicy: IfNotPresent- image: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.15.3imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/node:v3.15.3imageID: docker-pullable://harbor.raymonds.cc/google_containers/node@sha256:988095dbe39d2066b1964aafaa4a302a1286b149a4a80c9a1eb85544f2a0cdd0image: harbor.raymonds.cc/google_containers/cni:v3.15.3imageID: docker-pullable://harbor.raymonds.cc/google_containers/cni@sha256:a559d264c7a75a7528560d11778dba2d3b55c588228aed99be401fd2baa9b607image: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.15.3imageID: docker-pullable://harbor.raymonds.cc/google_containers/pod2daemon-flexvol@sha256:6bd1246d0ea1e573a6a050902995b1666ec0852339e5bda3051f583540361b55[root@k8s-master01 ~]# kubectl get pod -n kube-system -o wide|grep calico|grep master03|tail -n1
calico-node-kncgx                          1/1     Running   0          6m47s   172.31.3.103      k8s-master03.example.local   <none>           <none>
[root@k8s-master01 ~]# kubectl get pod calico-node-kncgx -n kube-system -o yaml|grep "image"image: harbor.raymonds.cc/google_containers/node:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/cni:v3.21.4imagePullPolicy: IfNotPresent- image: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/node:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/node@sha256:1ce80e8524bc68b29593e4e7a6186ad0c6986a0e68f3cd55ccef8637bdd2e922image: harbor.raymonds.cc/google_containers/cni:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/cni@sha256:8dd84a8c73929a6b1038774d2cf5fd669856e09eaf3d960fd321df433dc1f05bimage: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/pod2daemon-flexvol@sha256:5b5fcca78d54341bfbd729ba8199624af61f7144a980bc46fcd1347d20bd8eef

18.4 node

18.4.1 升级node

[root@ansible-server ansible]# mkdir -p roles/kubernetes-node-update/{files,tasks,templates,vars}
[root@ansible-server ansible]# cd roles/kubernetes-node-update/
[root@ansible-server kubernetes-node-update]# ls
files  tasks  templates  vars[root@ansible-server kubernetes-node-update]# cp /data/ansible/roles/kubernetes-master-update/files/{kubelet,kube-proxy} files/
[root@ansible-server kubernetes-node-update]# ls files/
kubelet  kube-proxy#下面HARBOR_DOMAIN的地址设置成自己的harbor域名地址
[root@ansible-server kubernetes-node-update]# vim vars/main.yml
HARBOR_DOMAIN: harbor.raymonds.cc
PAUSE_VERSION: 3.5NODE_SERVICE:- kube-proxy- kubelet[root@ansible-server kubernetes-node-update]# vim templates/10-kubelet.conf.j2
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig --kubeconfig=/etc/kubernetes/kubelet.kubeconfig"
Environment="KUBELET_SYSTEM_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
Environment="KUBELET_CONFIG_ARGS=--config=/etc/kubernetes/kubelet-conf.yml --pod-infra-container-image={{ HARBOR_DOMAIN }}/google_containers/pause:{{ PAUSE_VERSION }}"
Environment="KUBELET_EXTRA_ARGS=--node-labels=node.kubernetes.io/node='' "
ExecStart=
ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_SYSTEM_ARGS $KUBELET_EXTRA_ARGS[root@ansible-server kubernetes-node-update]# vim tasks/upgrade_node01.yml
- name: drain node01shell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig drain k8s-node01.example.local --delete-emptydir-data --force --ignore-daemonsetswhen:- ansible_hostname=="k8s-master01"
- name: stop servicesystemd:name: "{{ item }}"state: stoppedloop:"{{ NODE_SERVICE }}"when:- ansible_hostname=="k8s-node01"
- name: copy kubernetes files to node01copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- kubelet- kube-proxywhen:- ansible_hostname=="k8s-node01"
- name: copy 10-kubelet.conf to node01template: src: 10-kubelet.conf.j2dest: /etc/systemd/system/kubelet.service.d/10-kubelet.confwhen:- ansible_hostname=="k8s-node01"
- name: start servicesystemd:name: "{{ item }}"state: restarteddaemon_reload: yesloop:"{{ NODE_SERVICE }}"when:- ansible_hostname=="k8s-node01"
- name: get calico containershell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig get pod -n kube-system -o wide|grep calico |grep node01 |tail -n1|awk -F " " '{print $1}'register: CALICO_CONTAINERwhen:- ansible_hostname=="k8s-master01"
- name: delete calico containershell: |kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig delete pod {{ CALICO_CONTAINER.stdout }} -n kube-systemsleep 60swhen:- ansible_hostname=="k8s-master01"
- name: uncordon node01shell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig uncordon k8s-node01.example.localwhen:- ansible_hostname=="k8s-master01"[root@ansible-server kubernetes-node-update]# vim tasks/upgrade_node02.yml 
- name: drain node02shell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig drain k8s-node02.example.local --delete-emptydir-data --force --ignore-daemonsetswhen:- ansible_hostname=="k8s-master01"
- name: stop servicesystemd:name: "{{ item }}"state: stoppedloop:"{{ NODE_SERVICE }}"when:- ansible_hostname=="k8s-node02"
- name: copy kubernetes files to node02copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- kubelet- kube-proxywhen:- ansible_hostname=="k8s-node02"
- name: copy 10-kubelet.conf to node02template: src: 10-kubelet.conf.j2dest: /etc/systemd/system/kubelet.service.d/10-kubelet.confwhen:- ansible_hostname=="k8s-node02"
- name: start servicesystemd:name: "{{ item }}"state: restarteddaemon_reload: yesloop:"{{ NODE_SERVICE }}"when:- ansible_hostname=="k8s-node02"
- name: get calico containershell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig get pod -n kube-system -o wide|grep calico |grep node02 |tail -n1|awk -F " " '{print $1}'register: CALICO_CONTAINERwhen:- ansible_hostname=="k8s-master01"
- name: delete calico containershell: |kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig delete pod {{ CALICO_CONTAINER.stdout }} -n kube-systemsleep 60swhen:- ansible_hostname=="k8s-master01"
- name: uncordon node02shell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig uncordon k8s-node02.example.localwhen:- ansible_hostname=="k8s-master01"[root@ansible-server kubernetes-node-update]# vim tasks/upgrade_node03.yml 
- name: drain node03shell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig drain k8s-node03.example.local --delete-emptydir-data --force --ignore-daemonsetswhen:- ansible_hostname=="k8s-master01"
- name: stop servicesystemd:name: "{{ item }}"state: stoppedloop:"{{ NODE_SERVICE }}"when:- ansible_hostname=="k8s-node03"
- name: copy kubernetes files to node03copy:src: "{{ item }}"dest: /usr/local/bin/mode: 0755loop:- kubelet- kube-proxywhen:- ansible_hostname=="k8s-node03"
- name: copy 10-kubelet.conf to node03template: src: 10-kubelet.conf.j2dest: /etc/systemd/system/kubelet.service.d/10-kubelet.confwhen:- ansible_hostname=="k8s-node03"
- name: start servicesystemd:name: "{{ item }}"state: restarteddaemon_reload: yesloop:"{{ NODE_SERVICE }}"when:- ansible_hostname=="k8s-node03"
- name: get calico containershell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig get pod -n kube-system -o wide|grep calico |grep node03 |tail -n1|awk -F " " '{print $1}'register: CALICO_CONTAINERwhen:- ansible_hostname=="k8s-master01"
- name: delete calico containershell: |kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig delete pod {{ CALICO_CONTAINER.stdout }} -n kube-systemsleep 60swhen:- ansible_hostname=="k8s-master01"
- name: uncordon node03shell:cmd: kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig uncordon k8s-node03.example.localwhen:- ansible_hostname=="k8s-master01"[root@ansible-server kubernetes-node-update]# vim tasks/main.yml
- include: upgrade_node01.yml
- include: upgrade_node02.yml
- include: upgrade_node03.yml[root@ansible-server kubernetes-node-update]# cd ../../
[root@ansible-server ansible]# tree roles/kubernetes-node-update/
roles/kubernetes-node-update/
├── files
│   ├── kubelet
│   └── kube-proxy
├── tasks
│   ├── main.yml
│   ├── upgrade_node01.yml
│   ├── upgrade_node02.yml
│   └── upgrade_node03.yml
├── templates
│   └── 10-kubelet.conf.j2
└── vars└── main.yml4 directories, 8 files[root@ansible-server ansible]# vim kubernetes_node_update_role.yml
---
- hosts: master01:noderoles:- role: kubernetes-node-update[root@ansible-server ansible]# ansible-playbook kubernetes_node_update_role.yml

18.4.2 验证node

[root@k8s-master01 ~]# kubectl get nodes
NAME                         STATUS   ROLES    AGE   VERSION
k8s-master01.example.local   Ready    <none>   99m   v1.22.6
k8s-master02.example.local   Ready    <none>   99m   v1.22.6
k8s-master03.example.local   Ready    <none>   99m   v1.22.6
k8s-node01.example.local     Ready    <none>   99m   v1.22.6
k8s-node02.example.local     Ready    <none>   99m   v1.22.6
k8s-node03.example.local     Ready    <none>   99m   v1.22.6[root@k8s-master01 ~]# kubectl get pod -n kube-system -o wide|grep calico|grep node01|tail -n1
calico-node-xthsn                          1/1     Running   0          4m34s   172.31.3.111      k8s-node01.example.local     <none>           <none>
[root@k8s-master01 ~]# kubectl get pod calico-node-xthsn -n kube-system -o yaml |grep imageimage: harbor.raymonds.cc/google_containers/node:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/cni:v3.21.4imagePullPolicy: IfNotPresent- image: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/node:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/node@sha256:1ce80e8524bc68b29593e4e7a6186ad0c6986a0e68f3cd55ccef8637bdd2e922image: harbor.raymonds.cc/google_containers/cni:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/cni@sha256:8dd84a8c73929a6b1038774d2cf5fd669856e09eaf3d960fd321df433dc1f05bimage: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/pod2daemon-flexvol@sha256:5b5fcca78d54341bfbd729ba8199624af61f7144a980bc46fcd1347d20bd8eef[root@k8s-master01 ~]# kubectl get pod -n kube-system -o wide|grep calico|grep node02|tail -n1
calico-node-7jp6h                          1/1     Running   0          3m52s   172.31.3.112      k8s-node02.example.local     <none>           <none>
[root@k8s-master01 ~]# kubectl get pod calico-node-7jp6h -n kube-system -o yaml |grep imageimage: harbor.raymonds.cc/google_containers/node:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/cni:v3.21.4imagePullPolicy: IfNotPresent- image: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/node:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/node@sha256:1ce80e8524bc68b29593e4e7a6186ad0c6986a0e68f3cd55ccef8637bdd2e922image: harbor.raymonds.cc/google_containers/cni:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/cni@sha256:8dd84a8c73929a6b1038774d2cf5fd669856e09eaf3d960fd321df433dc1f05bimage: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/pod2daemon-flexvol@sha256:5b5fcca78d54341bfbd729ba8199624af61f7144a980bc46fcd1347d20bd8eef[root@k8s-master01 ~]# kubectl get pod -n kube-system -o wide|grep calico|grep node03|tail -n1
calico-node-wfxmr                          1/1     Running   0          3m2s    172.31.3.113      k8s-node03.example.local     <none>           <none>
[root@k8s-master01 ~]# kubectl get pod calico-node-wfxmr -n kube-system -o yaml |grep imageimage: harbor.raymonds.cc/google_containers/node:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/cni:v3.21.4imagePullPolicy: IfNotPresent- image: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imagePullPolicy: IfNotPresentimage: harbor.raymonds.cc/google_containers/node:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/node@sha256:1ce80e8524bc68b29593e4e7a6186ad0c6986a0e68f3cd55ccef8637bdd2e922image: harbor.raymonds.cc/google_containers/cni:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/cni@sha256:8dd84a8c73929a6b1038774d2cf5fd669856e09eaf3d960fd321df433dc1f05bimage: harbor.raymonds.cc/google_containers/pod2daemon-flexvol:v3.21.4imageID: docker-pullable://harbor.raymonds.cc/google_containers/pod2daemon-flexvol@sha256:5b5fcca78d54341bfbd729ba8199624af61f7144a980bc46fcd1347d20bd8eef

18.5 coredns

18.5.1 升级coredns

[root@ansible-server ansible]# mkdir -p roles/coredns-update/{tasks,templates,vars}
[root@ansible-server ansible]# cd roles/coredns-update/
[root@ansible-server coredns-update]# ls
tasks  templates  vars#下面CLUSTERDNS改成自己规划的service网段的第10个IP地址,HARBOR_DOMAIN的地址设置成自己的harbor域名地址
[root@ansible-server coredns-update]# vim vars/main.yml 
CLUSTERDNS: 10.96.0.10                                 
HARBOR_DOMAIN: harbor.raymonds.cc[root@ansible-server coredns-update]# cat templates/coredns.yaml.j2 
apiVersion: v1
kind: ServiceAccount
metadata:name: corednsnamespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:labels:kubernetes.io/bootstrapping: rbac-defaultsname: system:coredns
rules:- apiGroups:- ""resources:- endpoints- services- pods- namespacesverbs:- list- watch- apiGroups:- discovery.k8s.ioresources:- endpointslicesverbs:- list- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:annotations:rbac.authorization.kubernetes.io/autoupdate: "true"labels:kubernetes.io/bootstrapping: rbac-defaultsname: system:coredns
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: system:coredns
subjects:
- kind: ServiceAccountname: corednsnamespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:name: corednsnamespace: kube-system
data:Corefile: |.:53 {errorshealth {lameduck 5s}readykubernetes cluster.local in-addr.arpa ip6.arpa {fallthrough in-addr.arpa ip6.arpa}prometheus :9153forward . /etc/resolv.conf {max_concurrent 1000}cache 30loopreloadloadbalance}
---
apiVersion: apps/v1
kind: Deployment
metadata:name: corednsnamespace: kube-systemlabels:k8s-app: kube-dnskubernetes.io/name: "CoreDNS"
spec:# replicas: not specified here:# 1. Default is 1.# 2. Will be tuned in real time if DNS horizontal auto-scaling is turned on.strategy:type: RollingUpdaterollingUpdate:maxUnavailable: 1selector:matchLabels:k8s-app: kube-dnstemplate:metadata:labels:k8s-app: kube-dnsspec:priorityClassName: system-cluster-criticalserviceAccountName: corednstolerations:- key: "CriticalAddonsOnly"operator: "Exists"nodeSelector:kubernetes.io/os: linuxaffinity:podAntiAffinity:requiredDuringSchedulingIgnoredDuringExecution:- labelSelector:matchExpressions:- key: k8s-appoperator: Invalues: ["kube-dns"]topologyKey: kubernetes.io/hostnamecontainers:- name: corednsimage: coredns/coredns:1.8.6imagePullPolicy: IfNotPresentresources:limits:memory: 170Mirequests:cpu: 100mmemory: 70Miargs: [ "-conf", "/etc/coredns/Corefile" ]volumeMounts:- name: config-volumemountPath: /etc/corednsreadOnly: trueports:- containerPort: 53name: dnsprotocol: UDP- containerPort: 53name: dns-tcpprotocol: TCP- containerPort: 9153name: metricsprotocol: TCPsecurityContext:allowPrivilegeEscalation: falsecapabilities:add:- NET_BIND_SERVICEdrop:- allreadOnlyRootFilesystem: truelivenessProbe:httpGet:path: /healthport: 8080scheme: HTTPinitialDelaySeconds: 60timeoutSeconds: 5successThreshold: 1failureThreshold: 5readinessProbe:httpGet:path: /readyport: 8181scheme: HTTPdnsPolicy: Defaultvolumes:- name: config-volumeconfigMap:name: corednsitems:- key: Corefilepath: Corefile
---
apiVersion: v1
kind: Service
metadata:name: kube-dnsnamespace: kube-systemannotations:prometheus.io/port: "9153"prometheus.io/scrape: "true"labels:k8s-app: kube-dnskubernetes.io/cluster-service: "true"kubernetes.io/name: "CoreDNS"
spec:selector:k8s-app: kube-dnsclusterIP: 10.96.0.10ports:- name: dnsport: 53protocol: UDP- name: dns-tcpport: 53protocol: TCP- name: metricsport: 9153protocol: TCP[root@ansible-server coredns-update]# vim templates/coredns.yaml.j2
...
data:Corefile: |.:53 {errorshealth {lameduck 5s}readykubernetes cluster.local in-addr.arpa ip6.arpa {fallthrough in-addr.arpa ip6.arpa}prometheus :9153forward . /etc/resolv.conf {max_concurrent 1000}cache 30loop ##将loop插件直接删除,避免内部循环reloadloadbalance}
...
spec:selector:k8s-app: kube-dnsclusterIP: {{ CLUSTERDNS }} #修改这里
...[root@ansible-server coredns-update]# vim tasks/coredns_file.yml
- name: copy coredns.yaml filetemplate:src: coredns.yaml.j2dest: /root/coredns.yamlwhen:- ansible_hostname=="k8s-master01"[root@ansible-server coredns-update]# vim tasks/config.yml
- name: Modify the "image:" linereplace:path: /root/coredns.yamlregexp: '(.*image:) coredns(/.*)'replace: '\1 {{ HARBOR_DOMAIN }}/google_containers\2'[root@ansible-server coredns-update]# vim tasks/download_images.yml
- name: get coredns versionshell:chdir: /rootcmd: awk -F "/"  '/image:/{print $NF}' coredns.yamlregister: COREDNS_VERSION
- name: download coredns imageshell: |{% for i in COREDNS_VERSION.stdout_lines %}docker pull registry.aliyuncs.com/google_containers/{{ i }}docker tag registry.aliyuncs.com/google_containers/{{ i }} {{ HARBOR_DOMAIN }}/google_containers/{{ i }}docker rmi registry.aliyuncs.com/google_containers/{{ i }}docker push {{ HARBOR_DOMAIN }}/google_containers/{{ i }}{% endfor %}[root@ansible-server coredns-update]# vim tasks/install_coredns.yml
- name: install corednsshell:chdir: /rootcmd: "kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig apply -f coredns.yaml"[root@ansible-server coredns-update]# vim tasks/main.yml
- include: coredns_file.yml
- include: config.yml
- include: download_images.yml
- include: install_coredns.yml[root@ansible-server coredns-update]# cd ../../
[root@ansible-server ansible]# tree roles/coredns/
roles/coredns/
├── tasks
│   ├── config.yml
│   ├── coredns_file.yml
│   ├── download_images.yml
│   ├── install_coredns.yml
│   └── main.yml
├── templates
│   └── coredns.yaml.j2
└── vars└── main.yml3 directories, 7 files[root@ansible-server ansible]# vim coredns_role.yml
---
- hosts: master01roles:- role: coredns-update[root@ansible-server ansible]# ansible-playbook coredns_update_role.yml

18.5.2 验证coredns

[root@k8s-master01 ~]# kubectl get po -n kube-system -l k8s-app=kube-dns
NAME                       READY   STATUS    RESTARTS   AGE
coredns-867b8c5ddf-2nnfd   1/1     Running   0          33s

18.6 metrics

18.6.1 升级metrics

[root@ansible-server ansible]# mkdir -p roles/metrics-update/{files,vars,tasks}
[root@ansible-server ansible]# cd roles/metrics-update/
[root@ansible-server metrics-update]# ls
files  tasks  vars[root@ansible-server metrics-update]# wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml -P files/#下面HARBOR_DOMAIN的地址设置成自己的harbor域名地址
[root@ansible-server metrics-update]# vim vars/main.yml
HARBOR_DOMAIN: harbor.raymonds.cc[root@ansible-server metrics-update]# wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml -P files/[root@ansible-server metrics-update]# vim files/components.yaml
...spec:containers:- args:- --cert-dir=/tmp- --secure-port=4443- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname- --kubelet-use-node-status-port- --metric-resolution=15s
#添加下面两行内容- --kubelet-insecure-tls- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.pem
...volumeMounts:- mountPath: /tmpname: tmp-dir
#添加下面两行内容- name: ca-sslmountPath: /etc/kubernetes/pki
...volumes:- emptyDir: {}name: tmp-dir
#添加下面三行内容- name: ca-sslhostPath:path: /etc/kubernetes/pki
...[root@ansible-server metrics-update]# vim tasks/metrics_file.yml
- name: copy components.yaml filecopy:src: components.yamldest: /root/components.yaml[root@ansible-server metrics-update]# vim tasks/config.yml
- name: Modify the "image:" linereplace:path: /root/components.yamlregexp: '(.*image:) k8s.gcr.io/metrics-server(/.*)'replace: '\1 {{ HARBOR_DOMAIN }}/google_containers\2'[root@ansible-server metrics-update]# vim tasks/download_images.yml
- name: get metrics versionshell:chdir: /rootcmd: awk -F "/"  '/image:/{print $NF}' components.yamlregister: METRICS_VERSION
- name: download metrics imageshell: |{% for i in METRICS_VERSION.stdout_lines %}docker pull registry.aliyuncs.com/google_containers/{{ i }}docker tag registry.aliyuncs.com/google_containers/{{ i }} {{ HARBOR_DOMAIN }}/google_containers/{{ i }}docker rmi registry.aliyuncs.com/google_containers/{{ i }}docker push {{ HARBOR_DOMAIN }}/google_containers/{{ i }}{% endfor %}[root@ansible-server metrics-update]# vim tasks/install_metrics.yml
- name: install metricsshell:chdir: /rootcmd: "kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig apply -f components.yaml"[root@ansible-server metrics-update]# vim tasks/main.yml
- include: metrics_file.yml
- include: config.yml
- include: download_images.yml
- include: install_metrics.yml[root@ansible-server metrics-update]# cd ../../
[root@ansible-server ansible]# tree roles/metrics-update/
roles/metrics-update/
├── files
│   └── components.yaml
├── tasks
│   ├── config.yml
│   ├── download_images.yml
│   ├── install_metrics.yml
│   ├── main.yml
│   └── metrics_file.yml
└── vars└── main.yml3 directories, 7 files[root@ansible-server ansible]# vim metrics_update_role.yml 
---
- hosts: master01roles:- role: metrics-update[root@ansible-server ansible]# ansible-playbook metrics_update_role.yml

18.6.2 验证metrics

[root@k8s-master01 ~]# kubectl get pod -A|grep metrics-server
kube-system            metrics-server-648f84647-2l5bk               1/1     Running   0          34s[root@k8s-master01 ~]# kubectl top node 
NAME                         CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
k8s-master01.example.local   143m         7%     1853Mi          48%       
k8s-master02.example.local   140m         7%     1561Mi          40%       
k8s-master03.example.local   129m         6%     1446Mi          37%       
k8s-node01.example.local     97m          4%     863Mi           22%       
k8s-node02.example.local     80m          4%     854Mi           22%       
k8s-node03.example.local     80m          4%     884Mi           23%

18.7 dashboard

18.7.1 升级dashboard

[root@ansible-server ansible]# mkdir -p roles/dashboard-update/{files,templates,vars,tasks}
[root@ansible-server ansible]# cd roles/dashboard-update/
[root@ansible-server dashboard-update]# ls
files  tasks  templates  vars[root@ansible-server dashboard-update]# vim files/admin.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:name: admin-usernamespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding 
metadata: name: admin-userannotations:rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-admin
subjects:
- kind: ServiceAccountname: admin-usernamespace: kube-system[root@ansible-server dashboard-update]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml -P templates/recommended.yaml.j2[root@ansible-server dashboard-update]# vim templates/recommended.yaml.j2
...
kind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:type: NodePort #添加这行ports:- port: 443targetPort: 8443nodePort: {{ NODEPORT }} #添加这行selector:k8s-app: kubernetes-dashboard
...#下面HARBOR_DOMAIN的地址设置成自己的harbor域名地址
[root@ansible-server dashboard-update]# vim vars/main.yml
HARBOR_DOMAIN: harbor.raymonds.cc
NODEPORT: 30005[root@ansible-server dashboard-update]# vim tasks/dashboard_file.yml
- name: copy recommended.yaml filetemplate:src: recommended.yaml.j2dest: /root/recommended.yaml
- name: copy admin.yaml filecopy:src: admin.yamldest: /root/admin.yaml[root@ansible-server dashboard-update]# vim tasks/config.yml
- name: Modify the "image:" linereplace:path: /root/recommended.yamlregexp: '(.*image:) kubernetesui(/.*)'replace: '\1 {{ HARBOR_DOMAIN }}/google_containers\2'[root@ansible-server dashboard-update]# vim tasks/download_images.yml
- name: get dashboard versionshell:chdir: /rootcmd: awk -F "/"  '/image:/{print $NF}' recommended.yamlregister: DASHBOARD_VERSION
- name: download dashboard imageshell: |{% for i in DASHBOARD_VERSION.stdout_lines %}docker pull kubernetesui/{{ i }}docker tag kubernetesui/{{ i }} {{ HARBOR_DOMAIN }}/google_containers/{{ i }}docker rmi kubernetesui/{{ i }}docker push {{ HARBOR_DOMAIN }}/google_containers/{{ i }}{% endfor %}[root@ansible-server dashboard-update]# vim tasks/install_dashboard.yml
- name: install dashboardshell:chdir: /rootcmd: "kubectl --kubeconfig=/etc/kubernetes/admin.kubeconfig apply -f recommended.yaml -f admin.yaml"[root@ansible-server dashboard-update]# vim tasks/main.yml
- include: dashboard_file.yml
- include: config.yml
- include: download_images.yml
- include: install_dashboard.yml[root@ansible-server dashboard-update]# cd ../../
[root@ansible-server ansible]# tree roles/dashboard-update/
roles/dashboard-update/
├── files
│   └── admin.yaml
├── tasks
│   ├── config.yml
│   ├── dashboard_file.yml
│   ├── download_images.yml
│   ├── install_dashboard.yml
│   └── main.yml
├── templates
│   └── recommended.yaml.j2
└── vars└── main.yml4 directories, 8 files[root@ansible-server ansible]# vim dashboard_update_role.yml 
---
- hosts: master01roles:- role: dashboard-update[root@ansible-server ansible]# ansible-playbook dashboard_update_role.yml

18.7.2 登录dashboard

https://172.31.3.101:30005

[root@k8s-master01 ~]#  kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-s426j
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-userkubernetes.io/service-account.uid: 1eb8f4ab-1ef8-46e0-ab60-bd8592da66b9Type:  kubernetes.io/service-account-tokenData
====
ca.crt:     1411 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InV4dHpkbGRoSGZnbEJHU0dLRnE4TmNzYzU5cTlLazN6SFpUdGFPYjczbXcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXM0MjZqIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIxZWI4ZjRhYi0xZWY4LTQ2ZTAtYWI2MC1iZDg1OTJkYTY2YjkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.Hde0T5KKcVOD4SBr44WMsGAX96jKLGywE9m3ML-J3bMeZzHmLbRgfSkFaJ_Gu_vR8gBbY_HoeoSdq136WlkJzr8hEjRPypoWoWNHiYL3Xl-9U-tZ4SKCmrFqGpYQV38rG4rzX086M2nSpLL880dZKc8i_PtuKeAtvVTqJ6V_-ozyuO7BWiU4vpvTk-U6tFNTegCjtfT3mavveAUcfYN3mTrFRr0E-KHkjxdCf6i-bsJk46xPC8ZvkaqY4VL3kGGJSkx2NwWlC9B_Eq0YsajGqdIr9gSJWQ2KFdHlsOWgT-um8sW7oBSYoTsZ4ZFjDfbEvAgFjbSaRfPGGQidXNvKmg

在这里插入图片描述

这篇关于a29.ansible 生产实战案例 -- 基于二进制包安装kubernetes v1.20 -- 集群升级(二)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!


http://www.chinasem.cn/article/334149

相关文章

Python使用国内镜像加速pip安装的方法讲解

Python使用国内镜像加速pip安装的方法讲解

《Python使用国内镜像加速pip安装的方法讲解》在Python开发中,pip是一个非常重要的工具,用于安装和管理Python的第三方库,然而,在国内使用pip安装依赖时,往往会因为网络问题而导致速... 目录一、pip 工具简介1. 什么是 pip?2. 什么是 -i 参数?二、国内镜像源的选择三、如何
阅读更多...
使用 sql-research-assistant进行 SQL 数据库研究的实战指南(代码实现演示)

使用 sql-research-assistant进行 SQL 数据库研究的实战指南(代码实现演示)

《使用sql-research-assistant进行SQL数据库研究的实战指南(代码实现演示)》本文介绍了sql-research-assistant工具,该工具基于LangChain框架,集... 目录技术背景介绍核心原理解析代码实现演示安装和配置项目集成LangSmith 配置(可选)启动服务应用场景
阅读更多...
Python安装时常见报错以及解决方案

Python安装时常见报错以及解决方案

《Python安装时常见报错以及解决方案》:本文主要介绍在安装Python、配置环境变量、使用pip以及运行Python脚本时常见的错误及其解决方案,文中介绍的非常详细,需要的朋友可以参考下... 目录一、安装 python 时常见报错及解决方案(一)安装包下载失败(二)权限不足二、配置环境变量时常见报错及
阅读更多...
使用Navicat工具比对两个数据库所有表结构的差异案例详解

使用Navicat工具比对两个数据库所有表结构的差异案例详解

《使用Navicat工具比对两个数据库所有表结构的差异案例详解》:本文主要介绍如何使用Navicat工具对比两个数据库test_old和test_new,并生成相应的DDLSQL语句,以便将te... 目录概要案例一、如图两个数据库test_old和test_new进行比较:二、开始比较总结概要公司存在多
阅读更多...
MySQL8.2.0安装教程分享

MySQL8.2.0安装教程分享

《MySQL8.2.0安装教程分享》这篇文章详细介绍了如何在Windows系统上安装MySQL数据库软件,包括下载、安装、配置和设置环境变量的步骤... 目录mysql的安装图文1.python访问网址2javascript.点击3.进入Downloads向下滑动4.选择Community Server5.
阅读更多...
在Java中使用ModelMapper简化Shapefile属性转JavaBean实战过程

在Java中使用ModelMapper简化Shapefile属性转JavaBean实战过程

《在Java中使用ModelMapper简化Shapefile属性转JavaBean实战过程》本文介绍了在Java中使用ModelMapper库简化Shapefile属性转JavaBean的过程,对比... 目录前言一、原始的处理办法1、使用Set方法来转换2、使用构造方法转换二、基于ModelMapper
阅读更多...
如何将二进制文件流转化为MockMultipartFile文件

如何将二进制文件流转化为MockMultipartFile文件

《如何将二进制文件流转化为MockMultipartFile文件》文章主要介绍了如何使用Spring框架中的MockMultipartFile类来模拟文件上传,并处理上传逻辑,包括获取二进制文件流、创... 目录一、名词解释及业务解释1.具体业务流程2.转换对象解释1. MockMultipartFile2
阅读更多...
CentOS系统Maven安装教程分享

CentOS系统Maven安装教程分享

《CentOS系统Maven安装教程分享》本文介绍了如何在CentOS系统中安装Maven,并提供了一个简单的实际应用案例,安装Maven需要先安装Java和设置环境变量,Maven可以自动管理项目的... 目录准备工作下载并安装Maven常见问题及解决方法实际应用案例总结Maven是一个流行的项目管理工具
阅读更多...
Java实战之自助进行多张图片合成拼接

Java实战之自助进行多张图片合成拼接

《Java实战之自助进行多张图片合成拼接》在当今数字化时代,图像处理技术在各个领域都发挥着至关重要的作用,本文为大家详细介绍了如何使用Java实现多张图片合成拼接,需要的可以了解下... 目录前言一、图片合成需求描述二、图片合成设计与实现1、编程语言2、基础数据准备3、图片合成流程4、图片合成实现三、总结前
阅读更多...
MySql9.1.0安装详细教程(最新推荐)

MySql9.1.0安装详细教程(最新推荐)

《MySql9.1.0安装详细教程(最新推荐)》MySQL是一个流行的关系型数据库管理系统,支持多线程和多种数据库连接途径,能够处理上千万条记录的大型数据库,本文介绍MySql9.1.0安装详细教程,... 目录mysql介绍:一、下载 Mysql 安装文件二、Mysql 安装教程三、环境配置1.右击此电脑
阅读更多...

Copyright China编程 23002807@qq.com

沪ICP备2023033072号-2