轻松管理K3s集群服务:System Upgrade Controller 的超实用指南

K3s 作为轻量级 Kubernetes 发行版,以其高效、简洁的特性深受开发者与运维人员喜爱。但手动升级 K3s 集群可能是个繁琐的任务,幸好有 System Upgrade Controller!这个工具能让你的 K3s 集群实现自动化、无宕机升级,省时又省心。本文将带你了解 System Upgrade Controller 的魅力,并提供简洁的部署步骤,让你的集群管理更轻松!

主要用于升级 k3s 集群节点上的服务,不仅仅局限于 k3s 服务本身。

简介

System Upgrade Controller 是 Rancher 开发的一个自动化升级工具。它通过 Kubernetes 原生资源(如 Plan)管理节点和 K3s 版本的升级,核心优势包括:

  • 自动化:一键配置,自动完成 K3s 版本升级
  • 零宕机:逐节点升级,确保服务不中断
  • 灵活性:支持自定义升级策略,适配各种集群规模
  • 轻量高效:与 K3s 的低资源占用理念完美契合

如果你想让 K3s 集群保持最新或者减少运维负担,绝对值得一试!

项目地址:

在 K3s 上部署

以下是快速部署 System Upgrade Controller 的步骤,简单易上手

kubectl apply -f https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml

或者

kubectl apply -k github.com/rancher/system-upgrade-controller

服务控制器默认会部署到 system-upgrade 命名空间下

kubectl get deploy -n system-upgrade
NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
system-upgrade-controller   1/1     1            1           335d

使用场景

常见使用如下,由于权限极高,操作时需要确保重复执行没影响。

  • 升级 k3s 本身
  • 升级 k3s 集群节点服务

升级 k3s 服务

由于我现在的环境特殊,只有一个 master 节点,每次跨版本升级 master 节点都是先手动升级到最新版本,然后在使用下面的命令升级计算节点。(保障至少 1 个控制节点版本是最新的)

---
apiVersion: v1
kind: Secret
metadata:
  name: k3s1306
  namespace: system-upgrade
type: Opaque
stringData:
  upgrade.sh: |
    #!/bin/bash

    set -x

    binfile=$(command -v k3s)

    $binfile -v | grep "v1.30.6" && (
      echo "done"
      exit 0
    ) || (
      wget https://c.ysicing.net/oss/tiga/linux/amd64/k3s
      chmod +x k3s
      mv k3s $binfile && systemctl restart k3s
    )
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
  name: k3s1306
  namespace: system-upgrade
spec:
  concurrency: 3
  nodeSelector:
    matchExpressions:
      - {key: kubernetes.io/os, operator: Exists}
  tolerations:
  - {operator: Exists}
  serviceAccountName: system-upgrade
  secrets:
    - name: k3s1306
      path: /host/run/system-upgrade/secrets/k3s1306
  cordon: false
  version: latest
  upgrade:
    image: hub.ysicing.net/ysicing/debian-upgrade:20230909
    command: ["chroot", "/host"]
    args: ["sh", "/run/system-upgrade/secrets/k3s1306/upgrade.sh"]

想了解更多官方的姿势,可以参考

升级集群服务

  • 升级 tailscale 服务
---
apiVersion: v1
kind: Secret
metadata:
  name: ts-script
  namespace: system-upgrade
type: Opaque
stringData:
  upgrade.sh: |
    #!/bin/bash

    set -x
    if tailscale version 2>/dev/null | grep -q "1.82.5"; then
        echo "Tailscale 1.82.5 already installed"
        exit 0
    fi
    export DEBIAN_FRONTEND=noninteractive
    apt-get update -qq
    apt-get install -y --no-install-recommends tailscale
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
  name: ts1825
  namespace: system-upgrade
spec:
  concurrency: 1
  nodeSelector:
    matchExpressions:
      - {key: kubernetes.io/os, operator: Exists}
  tolerations:
  - {operator: Exists}
  serviceAccountName: system-upgrade
  secrets:
    - name: ts-script
      path: /host/run/system-upgrade/secrets/ts-script
  cordon: false
  version: latest
  upgrade:
    image: hub.ysicing.net/ysicing/debian-upgrade:20230909
    command: ["chroot", "/host"]
    args: ["sh", "/run/system-upgrade/secrets/ts-script/upgrade.sh"]
  • 升级 easytier
---
apiVersion: v1
kind: Secret
metadata:
  name: debian
  namespace: system-upgrade
type: Opaque
stringData:
  upgrade.sh: |
    #!/bin/sh
    set -e
    if easytier-core -V 2>/dev/null | grep -q "2.2.4"; then
        echo "easytier 2.2.4 already installed"
        exit 0
    fi
    apt-get --assume-yes update
    DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade --assume-yes
    curl https://c.ysicing.net/oss/scripts/easytier.sh | bash
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
  name: debian-25021514
  namespace: system-upgrade
spec:
  concurrency: 3
  nodeSelector:
    matchExpressions:
      - {key: kubernetes.io/os, operator: Exists}
  tolerations:
  - {operator: Exists}
  serviceAccountName: system-upgrade
  secrets:
    - name: debian
      path: /host/run/system-upgrade/secrets/debian
  cordon: false
  version: latest
  upgrade:
    image: ysicing/debian
    command: ["chroot", "/host"]
    args: ["sh", "/run/system-upgrade/secrets/debian/upgrade.sh"]

通过上面 3 个例子,其实就是帮你去每个节点执行相关脚本,如果你有大量类似的重复的工作,System Upgrade Controller 就是个绝佳的运维工具,它让版本管理变得简单、高效、无忧,显著提升你的运维体验。


欢迎关注,可以看看我郑再打工每天都在折腾什么。

Sponsor

Like this article? $1 reward

Comments