轻松管理K3s集群服务:System Upgrade Controller 的超实用指南

本文最后更新于 44 天前, 如有失效请评论区留言.

K3s 作为轻量级 Kubernetes 发行版,以其高效、简洁的特性深受开发者与运维人员喜爱。但手动升级 K3s 集群可能是个繁琐的任务,幸好有 System Upgrade Controller!这个工具能让你的 K3s 集群实现自动化、无宕机升级,省时又省心。本文将带你了解 System Upgrade Controller 的魅力,并提供简洁的部署步骤,让你的集群管理更轻松!

主要用于升级 k3s 集群节点上的服务,不仅仅局限于 k3s 服务本身。

简介

System Upgrade Controller 是 Rancher 开发的一个自动化升级工具。它通过 Kubernetes 原生资源(如 Plan)管理节点和 K3s 版本的升级,核心优势包括:

  • 自动化:一键配置,自动完成 K3s 版本升级
  • 零宕机:逐节点升级,确保服务不中断
  • 灵活性:支持自定义升级策略,适配各种集群规模
  • 轻量高效:与 K3s 的低资源占用理念完美契合

如果你想让 K3s 集群保持最新或者减少运维负担,绝对值得一试!

项目地址:

在 K3s 上部署

以下是快速部署 System Upgrade Controller 的步骤,简单易上手

kubectl apply -f https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml

或者

kubectl apply -k github.com/rancher/system-upgrade-controller

服务控制器默认会部署到 system-upgrade 命名空间下

kubectl get deploy -n system-upgrade
NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
system-upgrade-controller   1/1     1            1           335d

使用场景

常见使用如下,由于权限极高,操作时需要确保重复执行没影响。

  • 升级 k3s 本身
  • 升级 k3s 集群节点服务

升级 k3s 服务

由于我现在的环境特殊,只有一个 master 节点,每次跨版本升级 master 节点都是先手动升级到最新版本,然后在使用下面的命令升级计算节点。(保障至少 1 个控制节点版本是最新的)

---
apiVersion: v1
kind: Secret
metadata:
  name: k3s1306
  namespace: system-upgrade
type: Opaque
stringData:
  upgrade.sh: |
    #!/bin/bash

    set -x

    binfile=$(command -v k3s)

    $binfile -v | grep "v1.30.6" && (
      echo "done"
      exit 0
    ) || (
      wget https://c.ysicing.net/oss/tiga/linux/amd64/k3s
      chmod +x k3s
      mv k3s $binfile && systemctl restart k3s
    )
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
  name: k3s1306
  namespace: system-upgrade
spec:
  concurrency: 3
  nodeSelector:
    matchExpressions:
      - {key: kubernetes.io/os, operator: Exists}
  tolerations:
  - {operator: Exists}
  serviceAccountName: system-upgrade
  secrets:
    - name: k3s1306
      path: /host/run/system-upgrade/secrets/k3s1306
  cordon: false
  version: latest
  upgrade:
    image: hub.ysicing.net/ysicing/debian-upgrade:20230909
    command: ["chroot", "/host"]
    args: ["sh", "/run/system-upgrade/secrets/k3s1306/upgrade.sh"]

想了解更多官方的姿势,可以参考

升级集群服务

  • 升级 tailscale 服务
---
apiVersion: v1
kind: Secret
metadata:
  name: ts-script
  namespace: system-upgrade
type: Opaque
stringData:
  upgrade.sh: |
    #!/bin/bash

    set -x
    if tailscale version 2>/dev/null | grep -q "1.82.5"; then
        echo "Tailscale 1.82.5 already installed"
        exit 0
    fi
    export DEBIAN_FRONTEND=noninteractive
    apt-get update -qq
    apt-get install -y --no-install-recommends tailscale
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
  name: ts1825
  namespace: system-upgrade
spec:
  concurrency: 1
  nodeSelector:
    matchExpressions:
      - {key: kubernetes.io/os, operator: Exists}
  tolerations:
  - {operator: Exists}
  serviceAccountName: system-upgrade
  secrets:
    - name: ts-script
      path: /host/run/system-upgrade/secrets/ts-script
  cordon: false
  version: latest
  upgrade:
    image: hub.ysicing.net/ysicing/debian-upgrade:20230909
    command: ["chroot", "/host"]
    args: ["sh", "/run/system-upgrade/secrets/ts-script/upgrade.sh"]
  • 升级 easytier
---
apiVersion: v1
kind: Secret
metadata:
  name: debian
  namespace: system-upgrade
type: Opaque
stringData:
  upgrade.sh: |
    #!/bin/sh
    set -e
    if easytier-core -V 2>/dev/null | grep -q "2.2.4"; then
        echo "easytier 2.2.4 already installed"
        exit 0
    fi
    apt-get --assume-yes update
    DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade --assume-yes
    curl https://c.ysicing.net/oss/scripts/easytier.sh | bash
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
  name: debian-25021514
  namespace: system-upgrade
spec:
  concurrency: 3
  nodeSelector:
    matchExpressions:
      - {key: kubernetes.io/os, operator: Exists}
  tolerations:
  - {operator: Exists}
  serviceAccountName: system-upgrade
  secrets:
    - name: debian
      path: /host/run/system-upgrade/secrets/debian
  cordon: false
  version: latest
  upgrade:
    image: ysicing/debian
    command: ["chroot", "/host"]
    args: ["sh", "/run/system-upgrade/secrets/debian/upgrade.sh"]

通过上面 3 个例子,其实就是帮你去每个节点执行相关脚本,如果你有大量类似的重复的工作,System Upgrade Controller 就是个绝佳的运维工具,它让版本管理变得简单、高效、无忧,显著提升你的运维体验。


欢迎关注,可以看看我郑再打工每天都在折腾什么。

Sponsor

Like this article? $1 reward

Comments