重新分配pod節(jié)點

1、軟件包下載

去github上下載較新的Kubernetes軟件包https://github.com/

2、升級說明

升級包括master節(jié)點升級和node節(jié)點的升級，本章升級至v1.15.12；

Master節(jié)點的服務(wù)包括：apiserver、controller-manager、kube-scheduler；

Node節(jié)點的服務(wù)包括：kubelet和kube-proxy；

由于apiserver被nginx代理，所以在升級的時候需要操作操作nginx注釋升級節(jié)點，避免帶來無法訪問的情況；

我們的master節(jié)點和node都是在同一個集群服務(wù)器上，所以一起進(jìn)行操作；

3、確定節(jié)點升級順序

查看節(jié)點信息

[root@hdss7-21 ~]# kubectl get node
NAME                STATUS   ROLES    AGE   VERSION
hdss7-21.host.com   Ready       14d   v1.14.10
hdss7-22.host.com   Ready       14d   v1.14.10

查看pod分布狀態(tài)，盡量選擇較少pod的節(jié)點先進(jìn)行遷移

[root@hdss7-21 ~]# kubectl get pod -o wide -n kube-system
NAME                                   READY   STATUS    RESTARTS   AGE   IP           NODE                NOMINATED NODE   READINESS GATES
coredns-64f49f5655-smzzz               1/1     Running   6          8d    172.7.21.4   hdss7-21.host.com              
kubernetes-dashboard-99ff79fcd-khl8z   1/1     Running   2          4d    172.7.22.4   hdss7-22.host.com              
traefik-ingress-2svq6                  1/1     Running   3          5d    172.7.21.5   hdss7-21.host.com              
traefik-ingress-rcd28                  1/1     Running   3          5d    172.7.22.3   hdss7-22.host.com              

由于分布差不多，我們選擇先升級10.4.7.21服務(wù)器上的節(jié)點

4、修改代理nginx配置

在10.4.7.21和22上都操作，以21為例
注釋apiserver升級節(jié)點的服務(wù)器

[root@hdss7-11 ~]# vim /etc/nginx/nginx.conf
    upstream kube-apiserver {
#        server 10.4.7.21:6443     max_fails=3 fail_timeout=30s;
        server 10.4.7.22:6443     max_fails=3 fail_timeout=30s;
    }
[root@hdss7-11 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@hdss7-11 ~]# nginx -s reload

5、刪除第一個節(jié)點

將節(jié)點調(diào)成不可調(diào)度狀態(tài)

[root@hdss7-21 ~]#  kubectl cordon hdss7-21.host.com
node/hdss7-21.host.com cordoned

當(dāng)節(jié)點設(shè)置成不可調(diào)度狀態(tài)之后，新啟動的 pod 不會調(diào)度到此節(jié)點上，但是該節(jié)點上正在運行的 Pod 將不會被影響。
驅(qū)逐節(jié)點上的pod

[root@hdss7-21 ~]# kubectl drain hdss7-21.host.com --delete-local-data --ignore-daemonsets --force
node/hdss7-21.host.com already cordoned
WARNING: ignoring DaemonSet-managed Pods: default/nginx-ds-2rj9d, kube-system/traefik-ingress-2svq6
evicting pod "coredns-64f49f5655-smzzz"
evicting pod "nginx-dp-86678bb55c-tklvc"
pod/nginx-dp-86678bb55c-tklvc evicted
pod/coredns-64f49f5655-smzzz evicted
node/hdss7-21.host.com evicted

注釋：
--delete-local-data 即使pod使用了emptyDir也刪除 --ignore-daemonsets 忽略deamonset控制器的pod，如果不忽略，daemonset控制器控制的pod被刪除后可能馬上又在此節(jié)點上啟動起來,會成為死循環(huán)；--force 不加force參數(shù)只會刪除該NODE上由ReplicationController, ReplicaSet, DaemonSet,StatefulSet or Job創(chuàng)建的Pod，加了后還會刪除'裸奔的pod'(沒有綁定到任何replication controller)

再次查看pod分布

[root@hdss7-21 ~]# kubectl get pod -o wide -n kube-system
NAME                                   READY   STATUS    RESTARTS   AGE   IP           NODE                NOMINATED NODE   READINESS GATES
coredns-64f49f5655-n2pl7               1/1     Running   0          39s   172.7.22.7   hdss7-22.host.com              
kubernetes-dashboard-99ff79fcd-khl8z   1/1     Running   2          4d    172.7.22.4   hdss7-22.host.com              
traefik-ingress-2svq6                  1/1     Running   3          5d    172.7.21.5   hdss7-21.host.com              
traefik-ingress-rcd28                  1/1     Running   3          5d    172.7.22.3   hdss7-22.host.com              

除了daemonset的pod已被移動到10.4.7.22接節(jié)點上

測試重新啟動的coredns是否生效

[root@hdss7-21 ~]# dig -t A nginx-dp.default.svc.cluster.local @192.168.0.2 +short
192.168.191.8

刪除節(jié)點

[root@hdss7-21 ~]# kubectl delete node hdss7-21.host.com
node "hdss7-21.host.com" deleted

6、升級第一個節(jié)點

配置新版本

[root@hdss7-21 ~]# cd /opt/src/
[root@hdss7-21 src]# tar -zxvf kubernetes-server-linux-amd64-v1.15.12.tar.gz
[root@hdss7-21 src]# mv kubernetes /opt/kubernetes-v1.15.12
[root@hdss7-21 src]# cd /opt/kubernetes-v1.15.12/
[root@hdss7-21 kubernetes-v1.15.12]# rm -f kubernetes-src.tar.gz
[root@hdss7-21 kubernetes-v1.15.12]# cd server/bin/
[root@hdss7-21 bin]# rm -f *.tar *_tag
[root@hdss7-21 bin]# ll
總用量 677292
-rwxr-xr-x 1 root root  50581504 6月  16 21:10 apiextensions-apiserver
-rwxr-xr-x 1 root root  44638208 6月  16 21:10 kubeadm
-rwxr-xr-x 1 root root  48525312 6月  16 21:10 kube-aggregator
-rwxr-xr-x 1 root root 122097664 6月  16 21:10 kube-apiserver
-rwxr-xr-x 1 root root 116301824 6月  16 21:10 kube-controller-manager
-rwxr-xr-x 1 root root  46419968 6月  16 21:10 kubectl
-rwxr-xr-x 1 root root  54980712 6月  16 21:10 kubectl-convert
-rwxr-xr-x 1 root root 118151728 6月  16 21:10 kubelet
-rwxr-xr-x 1 root root  43139072 6月  16 21:10 kube-proxy
-rwxr-xr-x 1 root root  47112192 6月  16 21:10 kube-scheduler
-rwxr-xr-x 1 root root   1593344 6月  16 21:10 mounter
[root@hdss7-21 bin]# mkdir certs
[root@hdss7-21 bin]# mkdir /opt/kubernetes-v1.15.12/conf

拷貝證書

[root@hdss7-21 bin]# cp /opt/kubernetes/server/bin/certs/* certs/
[root@hdss7-21 bin]# ls certs/
apiserver-key.pem  ca-key.pem  client-key.pem  kubelet-key.pem  kube-proxy-client-key.pem
apiserver.pem      ca.pem      client.pem      kubelet.pem      kube-proxy-client.pem

拷貝服務(wù)啟動腳本

[root@hdss7-21 bin]# cp /opt/kubernetes/server/bin/*.sh .
[root@hdss7-21 bin]# ls
apiextensions-apiserver  kube-apiserver                      kubectl             kube-proxy                 mounter
certs                    kube-apiserver-startup.sh           kubectl-convert     kube-proxy-startup.sh
kubeadm                  kube-controller-manager             kubelet             kube-scheduler
kube-aggregator          kube-controller-manager-startup.sh  kubelet-startup.sh  kube-scheduler-startup.sh

拷貝配置文件

[root@hdss7-21 bin]# cp /opt/kubernetes/conf/* /opt/kubernetes-v1.15.12/conf/
[root@hdss7-21 bin]# ls /opt/kubernetes-v1.15.12/conf/
audit.yaml  k8s-node.yaml  kubelet.kubeconfig  kube-proxy.kubeconfig  nginx-ds.yaml

重新創(chuàng)建軟連接

[root@hdss7-21 bin]# cd /opt/
[root@hdss7-21 opt]# ll
總用量 24
drwx--x--x 4 root root 4096 7月   2 21:50 containerd
lrwxrwxrwx 1 root root   16 6月   8 20:36 etcd -> /opt/etcd-v3.3.1
drwxr-xr-x 5 etcd etcd 4096 7月   9 21:25 etcd-v3.3.1
lrwxrwxrwx 1 root root   20 7月  17 19:40 flannel -> /opt/flannel-v0.11.0
drwxr-xr-x 3 root root 4096 7月  28 20:05 flannel-v0.11.0
lrwxrwxrwx 1 root root   23 7月  10 20:17 kubernetes -> /opt/kubernetes-v1.14.10
drwxr-xr-x 5 root root 4096 7月  10 20:36 kubernetes-v1.14.10
drwxr-xr-x 6 root root 4096 7月  28 22:18 kubernetes-v1.15.12
drwxr-xr-x 2 root root 4096 7月  28 22:10 src
[root@hdss7-21 opt]# rm -rf kubernetes
[root@hdss7-21 opt]# ln -s /opt/kubernetes-v1.15.12 /opt/kubernetes
[root@hdss7-21 opt]# ll
總用量 24
drwx--x--x 4 root root 4096 7月   2 21:50 containerd
lrwxrwxrwx 1 root root   16 6月   8 20:36 etcd -> /opt/etcd-v3.3.1
drwxr-xr-x 5 etcd etcd 4096 7月   9 21:25 etcd-v3.3.1
lrwxrwxrwx 1 root root   20 7月  17 19:40 flannel -> /opt/flannel-v0.11.0
drwxr-xr-x 3 root root 4096 7月  28 20:05 flannel-v0.11.0
lrwxrwxrwx 1 root root   23 7月  28 22:20 kubernetes -> /opt/kubernetes-v1.15.12
drwxr-xr-x 5 root root 4096 7月  10 20:36 kubernetes-v1.14.10
drwxr-xr-x 6 root root 4096 7月  28 22:18 kubernetes-v1.15.12
drwxr-xr-x 2 root root 4096 7月  28 22:10 src

7、重啟節(jié)點服務(wù)

[root@hdss7-21 opt]# supervisorctl status
etcd-server-7-21                 RUNNING   pid 6296, uptime 014
flanneld-7-21                    RUNNING   pid 7042, uptime 014
kube-apiserver-7-21              RUNNING   pid 7165, uptime 024
kube-controller-manager-7-21     RUNNING   pid 4675, uptime 003
kube-kubelet-7-21                RUNNING   pid 7184, uptime 016
kube-proxy-7-21                  RUNNING   pid 4678, uptime 003
kube-scheduler-7-21              RUNNING   pid 4673, uptime 003

重啟node節(jié)點服務(wù)

[root@hdss7-21 opt]# supervisorctl restart kube-kubelet-7-21
[root@hdss7-21 opt]# supervisorctl restart kube-proxy-7-21

查看版本

[root@hdss7-21 opt]# kubectl get node
NAME                STATUS   ROLES    AGE     VERSION
hdss7-21.host.com   Ready       4d22h   v1.15.12
hdss7-22.host.com   Ready       19d     v1.14.10

重啟master節(jié)點服務(wù)

[root@hdss7-21 opt]# supervisorctl restart kube-apiserver-7-21
[root@hdss7-21 opt]# supervisorctl restart kube-controller-manager-7-21
[root@hdss7-21 opt]# supervisorctl restart kube-scheduler-7-21

注意重啟過程中可以查看日志，確保啟動無問題。

8、修改代理nginx配置

修改11和12配置

[root@hdss7-11 ~]# vim /etc/nginx/nginx.conf
    upstream kube-apiserver {
        server 10.4.7.21:6443     max_fails=3 fail_timeout=30s;
#        server 10.4.7.22:6443     max_fails=3 fail_timeout=30s;
    }
[root@hdss7-11 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@hdss7-11 ~]# nginx -s reload

9、升級第二個節(jié)點

按照同樣的方法對其余節(jié)點進(jìn)行升級
在10.4.7.22上操作
最后檢查服務(wù)啟動狀態(tài)和node節(jié)點版本

[root@hdss7-22 ~]# supervisorctl status
etcd-server-7-22                 RUNNING   pid 1235, uptime 1:10:58
flanneld-7-22                    RUNNING   pid 1203, uptime 1:10:59
kube-apiserver-7-22              RUNNING   pid 25776, uptime 0:01:39
kube-controller-manager-7-22     RUNNING   pid 26009, uptime 0:01:09
kube-kubelet-7-22                RUNNING   pid 23925, uptime 0:06:08
kube-proxy-7-22                  RUNNING   pid 24142, uptime 0:05:38
kube-scheduler-7-22              RUNNING   pid 26190, uptime 0:00:38
[root@hdss7-22 ~]# kubectl get node
NAME                STATUS   ROLES    AGE     VERSION
hdss7-21.host.com   Ready       4d22h   v1.15.12
hdss7-22.host.com   Ready       6m12s   v1.15.12

10、修改nginx代理

將配置文件改為原來狀態(tài)

[root@hdss7-11 ~]# vim /etc/nginx/nginx.conf
    upstream kube-apiserver {
        server 10.4.7.21:6443     max_fails=3 fail_timeout=30s;
        server 10.4.7.22:6443     max_fails=3 fail_timeout=30s;
    }
[root@hdss7-11 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@hdss7-11 ~]# nginx -s reload

11、測試操作平臺

12、重新分配pod節(jié)點

查看pod信息得知目前大部分的pod在10.4.7.21上，這不符合性能最優(yōu)狀態(tài)，我們可以在dashbard面板上刪除一個pod，通過scheduler的計算，會在另外一個（22上）負(fù)載較少的node節(jié)點上重新啟動這個pod
如下，刪除coredns的pod

正在重啟狀態(tài)

啟動后的狀態(tài)

鏈接：https://www.cnblogs.com/wangyuanguang/p/15091863.html