如何升级kubernetes暂停容器
How to upgrade kubernetes pause container
当我将 kubernetes 版本 1.20.X 升级到 1.21.1 时,所有相关的容器都是最新的。但是pause container还在使用中,无法强制更新到最新版本
# docker ps
XXX/pause:3.2
# docker images
XXX/pause:3.2
XXX/pause:3.4.1
# docker rmi -f XXX/pause:3.2
Error response from daemon: conflict: unable to delete XXX/pause:3.2 (cannot be forced) - image is being used by running container
当您使用 kubeadm 升级集群时,您可能会收到有关 kubelet 手动升级要求的通知:
Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply':
COMPONENT CURRENT TARGET
kubelet 1 x v1.20.7 v1.21.1
我已成功创建 kubeadm 集群版本:1.20.7-00,然后将集群升级到当时可用的最新版本:1.21.1-00。升级完成后,即使升级了kubelet.
,pause容器仍然停留在3.2.0版本
更新 kubelet 以使用特定 pause 容器版本的方法之一是:
- 修改以下文件:
/var/lib/kubelet/kubeadm-flags.env(例如更改为 k8s.gcr.io/pause:3.3)
KUBELET_KUBEADM_ARGS="--network-plugin=cni --pod-infra-container-image=k8s.gcr.io/pause:3.2"
- 正在重启 kubelet(取决于 OS)
$ systemctl restart kubelet
执行此步骤后,您应该会看到 pause 容器的新版本已传递给 kubelet。
$ systemctl status kubelet
kruk@ubuntu:~$ systemctl status kubelet
● kubelet.service - kubelet: The Kubernetes Node Agent
Loaded: loaded (/lib/systemd/system/kubelet.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/kubelet.service.d
└─10-kubeadm.conf
Active: active (running) since Thu 2021-05-27 13:28:12 UTC; 7h ago
Docs: https://kubernetes.io/docs/home/
Main PID: 724 (kubelet)
Tasks: 18 (limit: 9442)
Memory: 128.6M
CGroup: /system.slice/kubelet.service
└─724 /usr/bin/kubelet <-SKIPPED-> --pod-infra-container-image=k8s.gcr.io/pause:3.3
May 27 13:29:12 ubuntu kubelet[724]: 2021-05-27 13:29:12.125 [INFO][5164] ipam.go 1068: Successfully claimed IPs: [172.16.243.205/26] block=172.16.243.192/26 handle="k8s-pod-network.1638a3ba44d1a46f6ad7eadb1519a42cdda98fafd0c94a7b67881f38213a5032" host="ubuntu"
May 27 13:29:12 ubuntu kubelet[724]: 2021-05-27 13:29:12.125 [INFO][5164] ipam.go 722: Auto-assigned 1 out of 1 IPv4s: [172.16.243.205/26] handle="k8s-pod-network.1638a3ba44d1a46f6ad7eadb1519a42cdda98fafd0c94a7b67881f38213a5032" host="ubuntu"
May 27 13:29:12 ubuntu kubelet[724]: time="2021-05-27T13:29:12Z" level=info msg="Released host-wide IPAM lock." source="ipam_plugin.go:369"
在我的测试中,存在的旧容器没有更新到新的 pause 容器。他们停留在 3.2 版本。每个产生的新工作负载,例如 nginx Deployment 使用新的 pause 容器版本:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1cc215019335 nginx "/docker-entrypoint.…" 7 hours ago Up 8 hours k8s_nginx_nginx-6799fc88d8-lhh48_default_58580cf2-ac6c-4d55-9c08-608ce2018fce_1
1638a3ba44d1 k8s.gcr.io/pause:3.3 "/pause" 7 hours ago Up 8 hours k8s_POD_nginx-6799fc88d8-lhh48_default_58580cf2-ac6c-4d55-9c08-608ce2018fce_1
关于主题的其他 resources/reference:
当我将 kubernetes 版本 1.20.X 升级到 1.21.1 时,所有相关的容器都是最新的。但是pause container还在使用中,无法强制更新到最新版本
# docker ps
XXX/pause:3.2
# docker images
XXX/pause:3.2
XXX/pause:3.4.1
# docker rmi -f XXX/pause:3.2
Error response from daemon: conflict: unable to delete XXX/pause:3.2 (cannot be forced) - image is being used by running container
当您使用 kubeadm 升级集群时,您可能会收到有关 kubelet 手动升级要求的通知:
Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply':
COMPONENT CURRENT TARGET
kubelet 1 x v1.20.7 v1.21.1
我已成功创建 kubeadm 集群版本:1.20.7-00,然后将集群升级到当时可用的最新版本:1.21.1-00。升级完成后,即使升级了kubelet.
3.2.0版本
更新 kubelet 以使用特定 pause 容器版本的方法之一是:
- 修改以下文件:
/var/lib/kubelet/kubeadm-flags.env(例如更改为k8s.gcr.io/pause:3.3)
KUBELET_KUBEADM_ARGS="--network-plugin=cni --pod-infra-container-image=k8s.gcr.io/pause:3.2"
- 正在重启 kubelet(取决于 OS)
$ systemctl restart kubelet
执行此步骤后,您应该会看到 pause 容器的新版本已传递给 kubelet。
$ systemctl status kubelet
kruk@ubuntu:~$ systemctl status kubelet
● kubelet.service - kubelet: The Kubernetes Node Agent
Loaded: loaded (/lib/systemd/system/kubelet.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/kubelet.service.d
└─10-kubeadm.conf
Active: active (running) since Thu 2021-05-27 13:28:12 UTC; 7h ago
Docs: https://kubernetes.io/docs/home/
Main PID: 724 (kubelet)
Tasks: 18 (limit: 9442)
Memory: 128.6M
CGroup: /system.slice/kubelet.service
└─724 /usr/bin/kubelet <-SKIPPED-> --pod-infra-container-image=k8s.gcr.io/pause:3.3
May 27 13:29:12 ubuntu kubelet[724]: 2021-05-27 13:29:12.125 [INFO][5164] ipam.go 1068: Successfully claimed IPs: [172.16.243.205/26] block=172.16.243.192/26 handle="k8s-pod-network.1638a3ba44d1a46f6ad7eadb1519a42cdda98fafd0c94a7b67881f38213a5032" host="ubuntu"
May 27 13:29:12 ubuntu kubelet[724]: 2021-05-27 13:29:12.125 [INFO][5164] ipam.go 722: Auto-assigned 1 out of 1 IPv4s: [172.16.243.205/26] handle="k8s-pod-network.1638a3ba44d1a46f6ad7eadb1519a42cdda98fafd0c94a7b67881f38213a5032" host="ubuntu"
May 27 13:29:12 ubuntu kubelet[724]: time="2021-05-27T13:29:12Z" level=info msg="Released host-wide IPAM lock." source="ipam_plugin.go:369"
在我的测试中,存在的旧容器没有更新到新的 pause 容器。他们停留在 3.2 版本。每个产生的新工作负载,例如 nginx Deployment 使用新的 pause 容器版本:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1cc215019335 nginx "/docker-entrypoint.…" 7 hours ago Up 8 hours k8s_nginx_nginx-6799fc88d8-lhh48_default_58580cf2-ac6c-4d55-9c08-608ce2018fce_1
1638a3ba44d1 k8s.gcr.io/pause:3.3 "/pause" 7 hours ago Up 8 hours k8s_POD_nginx-6799fc88d8-lhh48_default_58580cf2-ac6c-4d55-9c08-608ce2018fce_1
关于主题的其他 resources/reference: