Kubernetes system upgrade

-

 Node upgrade

Node down > 5m: 

pod will be terminated  in it

Replicaset will be automatically recreate on other nodes

Single node will be terminated


If node down < 5m: directly do it


If node down > 5m: 

Before #kubectl drain <node name> --ignore-daemonsets

After #kubectl uncordon <node name>


Description:

#kubectl drain <node name>: recreated pods in other nods (only replicaset / no single pod) and mask node as unavailable for new pods

#kubectl cordon <node name>: mask node as unavailable for new pods

#kubectl uncordon <node name>: mask node as available for new pods


Best solution:

1. Check pod type: single pod / replicaset

2. If single pod try to create in other nodes (cordon the node plan for maintenance)

3. Drain the node for maintenance

4. After change finish

5. Uncordon the node for maintenance


K8S upgrade

Release: https://github.com/kubernetes/kubernetes/releases


Cluster upgrade


Master

1. kube-apiserver should have highest version 1.10

2. Controller-manager can be one version lower 1.9 / 1.10

3. Kube-scheduler can be one version lower 1.9 / 1.10

4. Kubelet can be two version lower 1.8/1.9/1.10

5. Kube-proxy can be two version lower 1.8/1.9/1.10


Work Node: kubectl can be one version higher: 1.9 / 1.10 / 1.11


K8S only support three version 

For example v1.12(latest) / v1.11 / v1.10


Upgrade one release by one release 1.10 --> 1.11 --> 1.12

Cluster upgrade: upgrade master node; upgrade work node one by one


Google cloud --> click "Upgrade" button


Kubeadm setup cluster 

1. Master node from v1.11.0

Check the upgrade target version #kubeadm upgrade plan

Drain the master node #kubectl drain master --ignore-daemonsets

Upgrade kubeadm #apt install kubeadm=1.12.0-00

Upgrade master node #kubeadm upgrade apply v1.12.0

Upgrade kubelet #apt install kubelet=1.12.0-00

Release the master node #kubectl uncordon master

2. Work node (one by one)

Drain work node #kubectl drain <work node> --ignore-daemonsets

Ssh to work node #ssh <work node>

Upgrade kubeadm #apt install kubeadm=1.12.0-00

Upgrade kubelet #apt install kubelet=1.12.0-00

Upgrade work node #kubeadm upgrade node config --kubelet-version $(kubelet --version | cut -d ' ' -f 2)


Backup & Restore

Declarative method: 

Make yaml file --> save in github --> create item in yaml file


Backup item #kubectl get all --all-namespaces -o yaml > all-deploy-services.yaml


Etcd backup #ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt \

     --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key \

     snapshot save /tmp/snapshot-pre-boot.db


Comments

Post a Comment

Popular posts from this blog

Nginx Proxy & Load Balance & LNMP

-
Nginx Proxy Service E-commerce website Server 1: provide image request response (  apache / nginx ) Server 2: provide dynamic request response ( php-fpm / apache-php ) Server 3: provide static request response ( apache / nginx ) Server 4: provide data request response ( mysql ) It need one additional nginx server 1. Install nginx 2. proxy to specific server Example location / {      proxy_pass http://192.168.199.187:80/; } location /bbs/ {      proxy_pass http://192.168.199.187:80/bbs/; } location ~* \.(jpg|png|gif)$  {      proxy_pass http://172.16.100.7; } Enhance the log information and specific the hostname location / {      proxy_pass  http://192.168.199.187:80/;      proxy_set_header <parameter name>  $host;  (client requst the hostname )      proxy_set_header <parameter name> $remote_addr; ...
Read more

Snort+barnyard2+Snorby CentOS 6.5_64 Installation

-
#download packages: daq-2.0.2.tar.gz ImageMagicK-6.8.9-8.tar.gz oinkmaster-2.0.tar.gz ruby-1.9.3-p547.tar.gz snort-2.9.6.2.tar.gz snortrules-snapshot-2962.tar.gz MySQL-server-5.5.40-1.rhel5.x86_64.rpm MySQL-client-5.6.21-1.rhel5.x86_64.rpm MySQL-devel-5.6.21-1.rhel5.x86_64.rpm MySQL-shared-5.6.21-1.rhel5.x86_64.rpm epel-release-6-8.noarch.rpm barnyard2-2.1.13.tar.gz #install yum package rpm -ivh epel-release-6-8.noarch.rpm yum install gcc-c++ patch readline readline-devel zlib zlib-devel flex git yum install libyaml-devel libffi-devel openssl-devel make  yum install bzip2 autoconf automake libtool bison iconv-devel libxml2-devel libxslt  yum install gcc g++ build-essential libssl-devel libreadline5-devel zlib1g-devel linux-headers-generic libsqlite3-devel libxslt-devel curl-devel sqlite-devel yum --enablerepo=epel install jasper jasper-libs jasper-devel #Mysql install yum remove mysql mysql-libs rpm -ivh MySQL-server-5.5.40-1.rh...
Read more

ORACLE Error

-
Image
oracle official error explanation  http://docs.oracle.com/cd/E11882_01/server.112/e17766/toc.htm 从服务器下载ALERT日志文件,传输方式需要选择"ASCII" ORA-01078: failure in processing system parameters 发生场景:新建数据库第一次启动时 SQL> startup ORA-01078: failure in processing system parameters LRM-00109: could not open parameter file ‘/home/oracle/oracle/product/10.2.0/db_1/dbs/initorcl.ora’ 原因:oracle_sid没有配置正确 解决方案: 1. 修改oracle用户.bash_profile文件中ORACLE_SID后的内容; 2. 重新已oracle用户登录; ORA-01157: cannot identify/lock data file string - see DBWR trace file  Cause: The background process was either unable to find one of the data files or failed to lock it because the file was already in use. The database will prohibit access to this file but other files will be unaffected. However the first instance to open the database will need to access all online data files. Accompanying error from the operating system describes why the file could not be identified. Action: Have operating system make file ...
Read more