kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #33246 from Sea-n/fixup-33172 

[zh] Resync kubeadm-upgrade.md
pull/34155/head
Kubernetes Prow Robot 2022-06-10 01:09:45 -07:00 committed by GitHub
parent 3df4dee135 33246abcb0
commit f3a9d4a01b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 152 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

303
content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md
View File

@ -9,7 +9,6 @@ reviewers:
title: Upgrading kubeadm clusters
content_type: task
weight: 20
min-kubernetes-server-version: 1.18
-->
<!-- overview -->
@ -44,13 +43,14 @@ please refer to following pages instead:
<!--
The upgrade workflow at high level is the following:
-->
升级工作的基本流程如下:
<!--
1. Upgrade a primary control plane node.
1. Upgrade additional control plane nodes.
1. Upgrade worker nodes.
-->
升级工作的基本流程如下:
1. 升级主控制平面节点
1. 升级其他控制平面节点
1. 升级工作节点
@ -62,6 +62,7 @@ The upgrade workflow at high level is the following:
- The cluster should use a static control plane and etcd pods or external etcd.
- Make sure to back up any important components, such as app-level state stored in a database.
`kubeadm upgrade` does not touch your workloads, only components internal to Kubernetes, but backups are always a best practice.
- [Swap must be disabled](https://serverfault.com/questions/684771/best-way-to-disable-swap-in-linux).
-->
- 务必仔细认真阅读[发行说明]({{< latest-release-notes >}})。
- 集群应使用静态的控制平面和 etcd Pod 或者外部 etcd。
@ -71,7 +72,10 @@ The upgrade workflow at high level is the following:
<!--
### Additional information
-->
### 附加信息 {#additional-information}
<!--
- The instructions below outline when to drain each node during the upgrade process.
If you are performing a **minor** version upgrade for any kubelet, you **must**
first drain the node (or nodes) that you are upgrading. In the case of control plane nodes,
@ -79,9 +83,6 @@ they could be running CoreDNS Pods or other critical workloads. For more informa
[Draining nodes](/docs/tasks/administer-cluster/safely-drain-node/).
- All containers are restarted after upgrade, because the container spec hash value is changed.
-->
### 附加信息
- 下述说明了在升级过程中何时腾空每个节点。如果你正在对任何 kubelet 进行小版本升级,
你需要先腾空待升级的节点(或多个节点)。对于控制面节点,其上可能运行着 CoreDNS Pods
或者其它非常重要的负载。更多信息见[腾空节点](/zh/docs/tasks/administer-cluster/safely-drain-node/)。
@ -89,16 +90,15 @@ they could be running CoreDNS Pods or other critical workloads. For more informa
<!--
- To verify that the kubelet service has successfully restarted after the kubelet has been upgraded,
you can execute `systemctl status kubelet` or view the service logs with `journalctl -xeu kubelet`.
you can execute `systemctl status kubelet` or view the service logs with `journalctl -xeu kubelet`.
- Usage of the `--config` flag of `kubeadm upgrade` with
[kubeadm configuration API types](/docs/reference/config-api/kubeadm-config.v1beta3)
with the purpose of reconfiguring the cluster is not recommended and can have unexpected results. Follow the steps in
[Reconfiguring a kubeadm cluster](/docs/tasks/administer-cluster/kubeadm/kubeadm-reconfigure) instead.
-->
- 要验证 kubelet 服务在升级后是否成功重启,可以执行 `systemctl status kubelet`
`journalctl -xeu kubelet` 查看服务日志。
- 不建议使用 `kubeadm upgrade` 的 `--config 参数和 [kubeadm 配置 API 类型](/zh/docs/reference/config-api/kubeadm-config.v1beta3)
- 不建议使用 `kubeadm upgrade``--config` 参数和 [kubeadm 配置 API 类型](/zh/docs/reference/config-api/kubeadm-config.v1beta3)
来重新配置集群,这样会产生意想不到的结果。请按照[重新配置 kubeadm 集群](/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-reconfigure)
中的步骤来进行。
@ -106,82 +106,77 @@ with the purpose of reconfiguring the cluster is not recommended and can have un
<!--
## Determine which version to upgrade to
-->
## 确定要升级到哪个版本 {#determine-which-version-to-upgrade-to}
<!--
Find the latest patch release for Kubernetes {{< skew currentVersion >}} using the OS package manager:
-->
## 确定要升级到哪个版本
使用操作系统的包管理器找到最新的补丁版本 Kubernetes {{< skew currentVersion >}}
{{< tabs name="k8s_install_versions" >}}
{{% tab name="Ubuntu、Debian 或 HypriotOS" %}}
```shell
apt update
apt-cache madison kubeadm
# 在列表中查找最新的 {{< skew currentVersion >}} 版本
# 它看起来应该是 {{< skew currentVersion >}}.x-00其中 x 是最新的补丁版本
```
{{% /tab %}}
{{% tab name="CentOS、RHEL 或 Fedora" %}}
```shell
yum list --showduplicates kubeadm --disableexcludes=kubernetes
# 在列表中查找最新的 {{< skew currentVersion >}} 版本
# 它看起来应该是 {{< skew currentVersion >}}.x-0其中 x 是最新的补丁版本
```
{{% /tab %}}
{{< /tabs >}}
<!--
## Upgrade the control plane node
## Upgrading control plane nodes
-->
## 升级控制平面节点 {#upgrading-control-plane-nodes}
<!--
The upgrade procedure on control plane nodes should be executed one node at a time.
Pick a control plane node that you wish to upgrade first. It must have the `/etc/kubernetes/admin.conf` file.
### Call "kubeadm upgrade"
-->
## 升级控制平面节点
控制面节点上的升级过程应该每次处理一个节点。
首先选择一个要先行升级的控制面节点。该节点上必须拥有
`/etc/kubernetes/admin.conf` 文件。
### 执行 "kubeadm upgrade"
<!--
### Call "kubeadm upgrade"
-->
### 执行 “kubeadm upgrade” {#call-kubeadm-upgrade}
<!--
**Upgrade the first control plane node**
**For the first control plane node**
-->
**升级第一个控制面节点**
**对于第一个控制面节点**
<!--
- Upgrade kubeadm:
-->
- 升级 kubeadm
{{< tabs name="k8s_install_kubeadm_first_cp" >}}
{{% tab name="Ubuntu、Debian 或 HypriotOS" %}}
```shell
# 用最新的补丁版本号替换 {{< skew currentVersion >}}.x-00 中的 x
apt-mark unhold kubeadm && \
apt-get update && apt-get install -y kubeadm={{< skew currentVersion >}}.x-00 && \
apt-mark hold kubeadm
-
{{% /tab %}}
{{% tab name="CentOS、RHEL 或 Fedora" %}}
```shell
# 用最新的补丁版本号替换 {{< skew currentVersion >}}.x-0 中的 x
yum install -y kubeadm-{{< skew currentVersion >}}.x-0 --disableexcludes=kubernetes
```
{{% /tab %}}
{{< /tabs >}}
<br />
{{< tabs name="k8s_install_kubeadm_first_cp" >}}
{{% tab name="Ubuntu、Debian 或 HypriotOS" %}}
```shell
# 用最新的补丁版本号替换 {{< skew currentVersion >}}.x-00 中的 x
apt-mark unhold kubeadm && \
apt-get update && apt-get install -y kubeadm={{< skew currentVersion >}}.x-00 && \
apt-mark hold kubeadm
```
{{% /tab %}}
{{% tab name="CentOS、RHEL 或 Fedora" %}}
```shell
# 用最新的补丁版本号替换 {{< skew currentVersion >}}.x-0 中的 x
yum install -y kubeadm-{{< skew currentVersion >}}.x-0 --disableexcludes=kubernetes
```
{{% /tab %}}
{{< /tabs >}}
<br />
<!--
- Verify that the download works and has the expected version:
@ -232,14 +227,15 @@ yum install -y kubeadm-{{< skew currentVersion >}}.x-0 --disableexcludes=kuberne
<!--
- Choose a version to upgrade to, and run the appropriate command. For example:
-->
- 选择要升级到的目标版本,运行合适的命令。例如:
<!--
```shell
# replace x with the patch version you picked for this upgrade
sudo kubeadm upgrade apply v{{< skew currentVersion >}}.x
```
-->
选择要升级到的目标版本,运行合适的命令。例如:
-->
```shell
# 将 x 替换为你为此次升级所选择的补丁版本号
sudo kubeadm upgrade apply v{{< skew currentVersion >}}.x
@ -258,19 +254,21 @@ yum install -y kubeadm-{{< skew currentVersion >}}.x-0 --disableexcludes=kuberne
<!--
- Manually upgrade your CNI provider plugin.
Your Container Network Interface (CNI) provider may have its own upgrade instructions to follow.
Check the [addons](/docs/concepts/cluster-administration/addons/) page to
find your CNI provider and see whether additional upgrade steps are required.
This step is not required on additional control plane nodes if the CNI provider runs as a DaemonSet.
-->
- 手动升级你的 CNI 驱动插件。
<!--
Your Container Network Interface (CNI) provider may have its own upgrade instructions to follow.
Check the [addons](/docs/concepts/cluster-administration/addons/) page to
find your CNI provider and see whether additional upgrade steps are required.
-->
你的容器网络接口CNI驱动应该提供了程序自身的升级说明。
参阅[插件](/zh/docs/concepts/cluster-administration/addons/)页面查找你的 CNI 驱动,
并查看是否需要其他升级步骤。
<!--
This step is not required on additional control plane nodes if the CNI provider runs as a DaemonSet.
-->
如果 CNI 驱动作为 DaemonSet 运行,则在其他控制平面节点上不需要此步骤。
<!--
@ -303,18 +301,20 @@ Also calling `kubeadm upgrade plan` and upgrading the CNI provider plugin is no
<!--
### Drain the node
- Prepare the node for maintenance by marking it unschedulable and evicting the workloads:
```shell
# replace <node-to-drain> with the name of your node you are draining
kubectl drain <node-to-drain> --ignore-daemonsets
```
-->
### 腾空节点
### 腾空节点 {#drain-the-node}
<!--
- Prepare the node for maintenance by marking it unschedulable and evicting the workloads:
-->
- 通过将节点标记为不可调度并腾空节点为节点作升级准备:
<!--
```shell
# replace <node-to-drain> with the name of your node you are draining
kubectl drain <node-to-drain> --ignore-daemonsets
```
-->
```shell
# 将 <node-to-drain> 替换为你要腾空的控制面节点名称
kubectl drain <node-to-drain> --ignore-daemonsets
@ -322,39 +322,36 @@ Also calling `kubeadm upgrade plan` and upgrading the CNI provider plugin is no
<!--
### Upgrade kubelet and kubectl
- Upgrade the kubelet and kubectl:
-->
### 升级 kubelet 和 kubectl
### 升级 kubelet 和 kubectl {#upgrade-kubelet-and-kubectl}
<!--
- Upgrade the kubelet and kubectl:
-->
- 升级 kubelet 和 kubectl
{{< tabs name="k8s_install_kubelet" >}}
{{% tab name="Ubuntu、Debian 或 HypriotOS" %}}
```shell
# 用最新的补丁版本替换 {{< skew currentVersion >}}.x-00 中的 x
apt-mark unhold kubelet kubectl && \
apt-get update && apt-get install -y kubelet={{< skew currentVersion >}}.x-00 kubectl={{< skew currentVersion >}}.x-00 && \
apt-mark hold kubelet kubectl
```
```shell
# 用最新的补丁版本替换 {{< skew currentVersion >}}.x-00 中的 x
apt-mark unhold kubelet kubectl && \
apt-get update && apt-get install -y kubelet={{< skew currentVersion >}}.x-00 kubectl={{< skew currentVersion >}}.x-00 && \
apt-mark hold kubelet kubectl
```
{{% /tab %}}
{{% tab name="CentOS、RHEL 或 Fedora" %}}
```shell
# 用最新的补丁版本号替换 {{< skew currentVersion >}}.x-00 中的 x
yum install -y kubelet-{{< skew currentVersion >}}.x-0 kubectl-{{< skew currentVersion >}}.x-0 --disableexcludes=kubernetes
```
```shell
# 用最新的补丁版本号替换 {{< skew currentVersion >}}.x-00 中的 x
yum install -y kubelet-{{< skew currentVersion >}}.x-0 kubectl-{{< skew currentVersion >}}.x-0 --disableexcludes=kubernetes
```
{{% /tab %}}
{{< /tabs >}}
<br />
<br />
<!--
- Restart the kubelet
- Restart the kubelet:
-->
- 重启 kubelet
- 重启 kubelet
```shell
sudo systemctl daemon-reload
@ -363,18 +360,20 @@ Also calling `kubeadm upgrade plan` and upgrading the CNI provider plugin is no
<!--
### Uncordon the node
-->
### 解除节点的保护 {#uncordon-the-node}
<!--
- Bring the node back online by marking it schedulable:
-->
- 通过将节点标记为可调度,让其重新上线:
<!--
```shell
# replace <node-to-drain> with the name of your node
kubectl uncordon <node-to-drain>
-->
### 解除节点的保护
- 通过将节点标记为可调度,让其重新上线:
```
-->
```shell
# 将 <node-to-drain> 替换为你的节点名称
kubectl uncordon <node-to-drain>
@ -382,19 +381,20 @@ Also calling `kubeadm upgrade plan` and upgrading the CNI provider plugin is no
<!--
## Upgrade worker nodes
-->
## 升级工作节点 {#upgrade-worker-nodes}
<!--
The upgrade procedure on worker nodes should be executed one node at a time or few nodes at a time,
without compromising the minimum required capacity for running your workloads.
-->
## 升级工作节点
工作节点上的升级过程应该一次执行一个节点,或者一次执行几个节点,
以不影响运行工作负载所需的最小容量。
<!--
### Upgrade kubeadm
-->
### 升级 kubeadm
### 升级 kubeadm {#upgrade-kubeadm}
<!--
- Upgrade kubeadm:
@ -403,32 +403,29 @@ without compromising the minimum required capacity for running your workloads.
{{< tabs name="k8s_install_kubeadm_worker_nodes" >}}
{{% tab name="Ubuntu、Debian 或 HypriotOS" %}}
```shell
# 将 {{< skew currentVersion >}}.x-00 中的 x 替换为最新的补丁版本号
apt-mark unhold kubeadm && \
apt-get update && apt-get install -y kubeadm={{< skew currentVersion >}}.x-00 && \
apt-mark hold kubeadm
```
{{% /tab %}}
{{% tab name="CentOS、RHEL 或 Fedora" %}}
```shell
# 用最新的补丁版本替换 {{< skew currentVersion >}}.x-00 中的 x
yum install -y kubeadm-{{< skew currentVersion >}}.x-0 --disableexcludes=kubernetes
```
{{% /tab %}}
{{< /tabs >}}
<!--
### Call "kubeadm upgrade"
- For worker nodes this upgrades the local kubelet configuration:
-->
### 执行 "kubeadm upgrade"
### 执行 "kubeadm upgrade" {#call-kubeadm-upgrade-1}
<!--
- For worker nodes this upgrades the local kubelet configuration:
-->
- 对于工作节点,下面的命令会升级本地的 kubelet 配置:
```shell
@ -437,18 +434,20 @@ without compromising the minimum required capacity for running your workloads.
<!--
### Drain the node
-->
### 腾空节点 {#drain-the-node-1}
<!--
- Prepare the node for maintenance by marking it unschedulable and evicting the workloads:
-->
- 将节点标记为不可调度并驱逐所有负载,准备节点的维护:
<!--
```shell
# replace <node-to-drain> with the name of your node you are draining
kubectl drain <node-to-drain> --ignore-daemonsets
```
-->
### 腾空节点
- 将节点标记为不可调度并驱逐所有负载,准备节点的维护:
-->
```shell
# 将 <node-to-drain> 替换为你正在腾空的节点的名称
kubectl drain <node-to-drain> --ignore-daemonsets
@ -457,10 +456,10 @@ without compromising the minimum required capacity for running your workloads.
<!--
### Upgrade kubelet and kubectl
-->
### 升级 kubelet 和 kubectl
### 升级 kubelet 和 kubectl {#upgrade-kubelet-and-kubectl-1}
<!--
- Upgrade the kubelet and kubectl:
- Upgrade the kubelet and kubectl:
-->
- 升级 kubelet 和 kubectl
@ -484,36 +483,34 @@ without compromising the minimum required capacity for running your workloads.
{{% /tab %}}
{{< /tabs >}}
<br />
<!--
- Restart the kubelet
```shell
sudo systemctl daemon-reload
sudo systemctl restart kubelet
```
- Restart the kubelet:
-->
- 重启 kubelet
- 重启 kubelet
```shell
sudo systemctl daemon-reload
sudo systemctl restart kubelet
```
<!--
### Uncordon the node
-->
### 取消对节点的保护
### 取消对节点的保护 {#uncordon-the-node-1}
<!--
- Bring the node back online by marking it schedulable:
```shell
# replace <node-to-drain> with the name of your node
kubectl uncordon <node-to-drain>
```
- Bring the node back online by marking it schedulable:
-->
- 通过将节点标记为可调度,让节点重新上线:
<!--
```shell
# replace <node-to-drain> with the name of your node
kubectl uncordon <node-to-drain>
```
-->
```shell
# 将 <node-to-drain> 替换为当前节点的名称
kubectl uncordon <node-to-drain>
@ -521,16 +518,13 @@ without compromising the minimum required capacity for running your workloads.
<!--
## Verify the status of the cluster
After the kubelet is upgraded on all nodes verify that all nodes are available again by running the following command
from anywhere kubectl can access the cluster:
```shell
kubectl get nodes
```
-->
## 验证集群的状态
## 验证集群的状态 {#verify-the-status-of-the-cluster}
<!--
After the kubelet is upgraded on all nodes verify that all nodes are available again by running
the following command from anywhere kubectl can access the cluster:
-->
在所有节点上升级 kubelet 后,通过从 kubectl 可以访问集群的任何位置运行以下命令,
验证所有节点是否再次可用:
@ -545,42 +539,45 @@ The `STATUS` column should show `Ready` for all your nodes, and the version numb
<!--
## Recovering from a failure state
-->
## 从故障状态恢复 {#recovering-from-a-failure-state}
<!--
If `kubeadm upgrade` fails and does not roll back, for example because of an unexpected shutdown during execution, you can run `kubeadm upgrade` again.
This command is idempotent and eventually makes sure that the actual state is the desired state you declare.
To recover from a bad state, you can also run `kubeadm upgrade--force` without changing the version that your cluster is running.
-->
## 从故障状态恢复
如果 `kubeadm upgrade` 失败并且没有回滚,例如由于执行期间节点意外关闭,
你可以再次运行 `kubeadm upgrade`
此命令是幂等的,并最终确保实际状态是你声明的期望状态。
要从故障状态恢复,你还可以运行 `kubeadm upgrade --force` 而无需更改集群正在运行的版本。
<!--
To recover from a bad state, you can also run `kubeadm upgrade apply --force` without changing the version that your cluster is running.
-->
要从故障状态恢复,你还可以运行 `kubeadm upgrade apply --force` 而无需更改集群正在运行的版本。
<!--
During upgrade kubeadm writes the following backup folders under `/etc/kubernetes/tmp`:
- `kubeadm-backup-etcd-<date>-<time>`
- `kubeadm-backup-manifests-<date>-<time>`
`kubeadm-backup-etcd` contains a backup of the local etcd member data for this control-plane Node.
In case of an etcd upgrade failure and if the automatic rollback does not work, the contents of this folder
can be manually restored in `/var/lib/etcd`. In case external etcd is used this backup folder will be empty.
`kubeadm-backup-manifests` contains a backup of the static Pod manifest files for this control-plane Node.
In case of a upgrade failure and if the automatic rollback does not work, the contents of this folder can be
manually restored in `/etc/kubernetes/manifests`. If for some reason there is no difference between a pre-upgrade
and post-upgrade manifest file for a certain component, a backup file for it will not be written.
-->
在升级期间kubeadm 向 `/etc/kubernetes/tmp` 目录下的如下备份文件夹写入数据:
- `kubeadm-backup-etcd-<date>-<time>`
- `kubeadm-backup-manifests-<date>-<time>`
<!--
`kubeadm-backup-etcd` contains a backup of the local etcd member data for this control plane Node.
In case of an etcd upgrade failure and if the automatic rollback does not work, the contents of this folder
can be manually restored in `/var/lib/etcd`. In case external etcd is used this backup folder will be empty.
-->
`kubeadm-backup-etcd` 包含当前控制面节点本地 etcd 成员数据的备份。
如果 etcd 升级失败并且自动回滚也无法修复,则可以将此文件夹中的内容复制到
`/var/lib/etcd` 进行手工修复。如果使用的是外部的 etcd则此备份文件夹为空。
<!--
`kubeadm-backup-manifests` contains a backup of the static Pod manifest files for this control plane Node.
In case of a upgrade failure and if the automatic rollback does not work, the contents of this folder can be
manually restored in `/etc/kubernetes/manifests`. If for some reason there is no difference between a pre-upgrade
and post-upgrade manifest file for a certain component, a backup file for it will not be written.
-->
`kubeadm-backup-manifests` 包含当前控制面节点的静态 Pod 清单文件的备份版本。
如果升级失败并且无法自动回滚,则此文件夹中的内容可以复制到
`/etc/kubernetes/manifests` 目录实现手工恢复。
@ -589,9 +586,15 @@ and post-upgrade manifest file for a certain component, a backup file for it wil
<!--
## How it works
-->
## 工作原理 {#how-it-works}
<!--
`kubeadm upgrade apply` does the following:
-->
`kubeadm upgrade apply` 做了以下工作:
<!--
- Checks that your cluster is in an upgradeable state:
- The API server is reachable
- All nodes are in the `Ready` state
@ -603,10 +606,6 @@ and post-upgrade manifest file for a certain component, a backup file for it wil
- Applies the new `CoreDNS` and `kube-proxy` manifests and makes sure that all necessary RBAC rules are created.
- Creates new certificate and key files of the API server and backs up old files if they're about to expire in 180 days.
-->
## 工作原理 {#how-it-works}
`kubeadm upgrade apply` 做了以下工作:
- 检查你的集群是否处于可升级状态:
- API 服务器是可访问的
- 所有节点处于 `Ready` 状态
@ -620,14 +619,15 @@ and post-upgrade manifest file for a certain component, a backup file for it wil
<!--
`kubeadm upgrade node` does the following on additional control plane nodes:
-->
`kubeadm upgrade node` 在其他控制平节点上执行以下操作:
<!--
- Fetches the kubeadm `ClusterConfiguration` from the cluster.
- Optionally backups the kube-apiserver certificate.
- Upgrades the static Pod manifests for the control plane components.
- Upgrades the kubelet configuration for this node.
-->
`kubeadm upgrade node` 在其他控制平节点上执行以下操作:
- 从集群中获取 kubeadm `ClusterConfiguration`
- (可选操作)备份 kube-apiserver 证书。
- 升级控制平面组件的静态 Pod 清单。
@ -635,11 +635,12 @@ and post-upgrade manifest file for a certain component, a backup file for it wil
<!--
`kubeadm upgrade node` does the following on worker nodes:
- Fetches the kubeadm `ClusterConfiguration` from the cluster.
- Upgrades the kubelet configuration for this node.
-->
`kubeadm upgrade node` 在工作节点上完成以下工作:
<!--
- Fetches the kubeadm `ClusterConfiguration` from the cluster.
- Upgrades the kubelet configuration for this node.
-->
- 从集群取回 kubeadm `ClusterConfiguration`
- 为本节点升级 kubelet 配置。