轻松管理K3s集群服务:System Upgrade Controller 的超实用指南
本文最后更新于 44 天前, 如有失效请评论区留言.
K3s 作为轻量级 Kubernetes 发行版,以其高效、简洁的特性深受开发者与运维人员喜爱。但手动升级 K3s 集群可能是个繁琐的任务,幸好有 System Upgrade Controller!这个工具能让你的 K3s 集群实现自动化、无宕机升级,省时又省心。本文将带你了解 System Upgrade Controller 的魅力,并提供简洁的部署步骤,让你的集群管理更轻松!
主要用于升级 k3s 集群节点上的服务,不仅仅局限于 k3s 服务本身。
简介
System Upgrade Controller 是 Rancher 开发的一个自动化升级工具。它通过 Kubernetes 原生资源(如 Plan)管理节点和 K3s 版本的升级,核心优势包括:
- 自动化:一键配置,自动完成 K3s 版本升级
- 零宕机:逐节点升级,确保服务不中断
- 灵活性:支持自定义升级策略,适配各种集群规模
- 轻量高效:与 K3s 的低资源占用理念完美契合
如果你想让 K3s 集群保持最新或者减少运维负担,绝对值得一试!
项目地址:
在 K3s 上部署
以下是快速部署 System Upgrade Controller 的步骤,简单易上手
kubectl apply -f https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml
或者
kubectl apply -k github.com/rancher/system-upgrade-controller
服务控制器默认会部署到 system-upgrade 命名空间下
kubectl get deploy -n system-upgrade
NAME READY UP-TO-DATE AVAILABLE AGE
system-upgrade-controller 1/1 1 1 335d
使用场景
常见使用如下,由于权限极高,操作时需要确保重复执行没影响。
- 升级 k3s 本身
- 升级 k3s 集群节点服务
升级 k3s 服务
由于我现在的环境特殊,只有一个 master 节点,每次跨版本升级 master 节点都是先手动升级到最新版本,然后在使用下面的命令升级计算节点。(保障至少 1 个控制节点版本是最新的)
---
apiVersion: v1
kind: Secret
metadata:
name: k3s1306
namespace: system-upgrade
type: Opaque
stringData:
upgrade.sh: |
#!/bin/bash
set -x
binfile=$(command -v k3s)
$binfile -v | grep "v1.30.6" && (
echo "done"
exit 0
) || (
wget https://c.ysicing.net/oss/tiga/linux/amd64/k3s
chmod +x k3s
mv k3s $binfile && systemctl restart k3s
)
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
name: k3s1306
namespace: system-upgrade
spec:
concurrency: 3
nodeSelector:
matchExpressions:
- {key: kubernetes.io/os, operator: Exists}
tolerations:
- {operator: Exists}
serviceAccountName: system-upgrade
secrets:
- name: k3s1306
path: /host/run/system-upgrade/secrets/k3s1306
cordon: false
version: latest
upgrade:
image: hub.ysicing.net/ysicing/debian-upgrade:20230909
command: ["chroot", "/host"]
args: ["sh", "/run/system-upgrade/secrets/k3s1306/upgrade.sh"]
想了解更多官方的姿势,可以参考
升级集群服务
- 升级 tailscale 服务
---
apiVersion: v1
kind: Secret
metadata:
name: ts-script
namespace: system-upgrade
type: Opaque
stringData:
upgrade.sh: |
#!/bin/bash
set -x
if tailscale version 2>/dev/null | grep -q "1.82.5"; then
echo "Tailscale 1.82.5 already installed"
exit 0
fi
export DEBIAN_FRONTEND=noninteractive
apt-get update -qq
apt-get install -y --no-install-recommends tailscale
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
name: ts1825
namespace: system-upgrade
spec:
concurrency: 1
nodeSelector:
matchExpressions:
- {key: kubernetes.io/os, operator: Exists}
tolerations:
- {operator: Exists}
serviceAccountName: system-upgrade
secrets:
- name: ts-script
path: /host/run/system-upgrade/secrets/ts-script
cordon: false
version: latest
upgrade:
image: hub.ysicing.net/ysicing/debian-upgrade:20230909
command: ["chroot", "/host"]
args: ["sh", "/run/system-upgrade/secrets/ts-script/upgrade.sh"]
- 升级 easytier
---
apiVersion: v1
kind: Secret
metadata:
name: debian
namespace: system-upgrade
type: Opaque
stringData:
upgrade.sh: |
#!/bin/sh
set -e
if easytier-core -V 2>/dev/null | grep -q "2.2.4"; then
echo "easytier 2.2.4 already installed"
exit 0
fi
apt-get --assume-yes update
DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade --assume-yes
curl https://c.ysicing.net/oss/scripts/easytier.sh | bash
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
name: debian-25021514
namespace: system-upgrade
spec:
concurrency: 3
nodeSelector:
matchExpressions:
- {key: kubernetes.io/os, operator: Exists}
tolerations:
- {operator: Exists}
serviceAccountName: system-upgrade
secrets:
- name: debian
path: /host/run/system-upgrade/secrets/debian
cordon: false
version: latest
upgrade:
image: ysicing/debian
command: ["chroot", "/host"]
args: ["sh", "/run/system-upgrade/secrets/debian/upgrade.sh"]
通过上面 3 个例子,其实就是帮你去每个节点执行相关脚本,如果你有大量类似的重复的工作,System Upgrade Controller 就是个绝佳的运维工具,它让版本管理变得简单、高效、无忧,显著提升你的运维体验。
欢迎关注,可以看看我郑再打工每天都在折腾什么。
