Обновление версии кластера Kubernetes

Получить текущую версию кластера:

$ kubectl get nodes -o jsonpath='{.items[0].status.nodeInfo.kubeletVersion}'

Вывод:

v1.32.7

Обновить кэш:

# REPO=p11 && \
KUBELET_VERSION="v1.33.3" && \
KUBELETIMAGE="registry.altlinux.org/${REPO}/kubelet:${KUBELET_VERSION}" && \
APISERVERIMAGE="registry.altlinux.org/${REPO}/kube-apiserver:${KUBELET_VERSION}" && \
CONTROLMANAGERIMAGE="registry.altlinux.org/${REPO}/kube-controller-manager:${KUBELET_VERSION}" && \
SHEDULERIMAGE="registry.altlinux.org/${REPO}/kube-scheduler:${KUBELET_VERSION}"

for image in ${KUBELETIMAGE} ${APISERVERIMAGE} ${CONTROLMANAGERIMAGE} ${SHEDULERIMAGE} ${COREDNSIMAGE} ${ETCDIMAGE} ${PAUSEIMAGE}
do
    podman pull --tls-verify=false $image
done

Проверить их наличие в кэше:

$ podman images

Обновить кластер Kubernetes до версии 1.33.3:

$ talosctl --nodes 192.168.1.2 upgrade-k8s --to 1.33.3

Примерно обновление каждой машины:

. . . . .
 > "192.168.1.4": starting update
 > update kube-scheduler: v1.32.7 -> 1.33.3
 > "192.168.1.4": machine configuration patched
 > "192.168.1.4": waiting for kube-scheduler pod update
 > "192.168.1.4": kube-scheduler: waiting, config version mismatch: got "1", expected "2"
 > "192.168.1.4": kube-scheduler: waiting, config version mismatch: got "1", expected "2"
 > "192.168.1.4": kube-scheduler: waiting, config version mismatch: got "1", expected "2"
 > "192.168.1.4": kube-scheduler: waiting, config version mismatch: got "1", expected "2"
 > "192.168.1.4": kube-scheduler: pod is not ready, waiting
 > "192.168.1.4": kube-scheduler: pod is not ready, waiting
 > "192.168.1.4": kube-scheduler: pod is not ready, waiting
 < "192.168.1.4": successfully updated
. . . . .

Кластер успешно обновился:

. . . . .
 > processing manifest v1.Secret/kube-system/bootstrap-token-u8gr7g
 < no changes
 > processing manifest rbac.authorization.k8s.io/v1.ClusterRoleBinding/system-bootstrap-approve-node-client-csr
 < no changes
 > processing manifest rbac.authorization.k8s.io/v1.ClusterRoleBinding/system-bootstrap-node-bootstrapper
 < no changes
 > processing manifest rbac.authorization.k8s.io/v1.ClusterRoleBinding/system-bootstrap-node-renewal
 < no changes
. . . . .
 < applied successfully
 > processing manifest v1.ServiceAccount/kube-system/coredns
 < no changes
 > processing manifest rbac.authorization.k8s.io/v1.ClusterRoleBinding/system:coredns
 < no changes
 > processing manifest rbac.authorization.k8s.io/v1.ClusterRole/system:coredns
 < no changes
 > processing manifest v1.ConfigMap/kube-system/coredns
 < no changes
 > processing manifest apps/v1.Deployment/kube-system/coredns
 < no changes
 > processing manifest v1.Service/kube-system/kube-dns
 < no changes
 > processing manifest v1.ConfigMap/kube-system/kubeconfig-in-cluster
 < no changes
waiting for all manifests to be applied

Получить текущую версию кластера:

$ kubectl get nodes -o jsonpath='{.items[0].status.nodeInfo.kubeletVersion}'

Вывод:

v1.33.3

Убедиться, что все ноды обновлены до версии v1.33.3:

$ kubectl get nodes
NAME                    STATUS   ROLES           AGE    VERSION
alt-orchestra-4nl-pux   Ready    control-plane   139m   v1.33.3
alt-orchestra-8vo-85l   Ready    control-plane   139m   v1.33.3
alt-orchestra-hku-1uk   Ready    <none>          139m   v1.33.3
alt-orchestra-tab-x0d   Ready    <none>          139m   v1.33.3
alt-orchestra-y3q-ik2   Ready    control-plane   139m   v1.33.3

Вывести список всех ресурсов во всех пространствах имён кластера Kubernetes:

$ kubectl get all -A

Все поды в состоянии Running:

NAMESPACE     NAME                                                READY   STATUS    RESTARTS      AGE
kube-system   pod/cilium-2jvb4                                    1/1     Running   0             32m
kube-system   pod/cilium-4xrlg                                    1/1     Running   1 (31m ago)   32m
kube-system   pod/cilium-9nspx                                    1/1     Running   0             32m
kube-system   pod/cilium-9zb6v                                    1/1     Running   1 (24m ago)   32m
kube-system   pod/cilium-cp96k                                    1/1     Running   0             32m
kube-system   pod/cilium-envoy-2m8wp                              1/1     Running   0             32m
kube-system   pod/cilium-envoy-4mx5h                              1/1     Running   0             32m
kube-system   pod/cilium-envoy-g8qh5                              1/1     Running   0             32m
kube-system   pod/cilium-envoy-xffdn                              1/1     Running   0             32m
kube-system   pod/cilium-envoy-z8xw6                              1/1     Running   1 (24m ago)   32m
kube-system   pod/cilium-operator-67f4b4f5fd-9djtg                1/1     Running   3 (16m ago)   32m
kube-system   pod/cilium-operator-67f4b4f5fd-wkjdq                1/1     Running   2 (17m ago)   32m
kube-system   pod/coredns-5966c6bdcd-2gxvq                        1/1     Running   0             34m
kube-system   pod/coredns-5966c6bdcd-qfmn2                        1/1     Running   0             34m
kube-system   pod/kube-apiserver-alt-orchestra-27m-03d            1/1     Running   1 (17m ago)   17m
kube-system   pod/kube-apiserver-alt-orchestra-gpg-qkl            1/1     Running   0             16m
kube-system   pod/kube-apiserver-alt-orchestra-urk-gud            1/1     Running   1 (16m ago)   16m
kube-system   pod/kube-controller-manager-alt-orchestra-27m-03d   1/1     Running   2 (17m ago)   17m
kube-system   pod/kube-controller-manager-alt-orchestra-gpg-qkl   1/1     Running   0             16m
kube-system   pod/kube-controller-manager-alt-orchestra-urk-gud   1/1     Running   1 (16m ago)   16m
kube-system   pod/kube-scheduler-alt-orchestra-27m-03d            1/1     Running   2 (17m ago)   17m
kube-system   pod/kube-scheduler-alt-orchestra-gpg-qkl            1/1     Running   0             16m
kube-system   pod/kube-scheduler-alt-orchestra-urk-gud            1/1     Running   1 (16m ago)   16m

NAMESPACE     NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                  AGE
default       service/kubernetes     ClusterIP   10.96.0.1      <none>        443/TCP                  35m
kube-system   service/cilium-envoy   ClusterIP   None           <none>        9964/TCP                 32m
kube-system   service/hubble-peer    ClusterIP   10.110.143.8   <none>        443/TCP                  32m
kube-system   service/kube-dns       ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP   34m

NAMESPACE     NAME                          DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
kube-system   daemonset.apps/cilium         5         5         5       5            5           kubernetes.io/os=linux   32m
kube-system   daemonset.apps/cilium-envoy   5         5         5       5            5           kubernetes.io/os=linux   32m

NAMESPACE     NAME                              READY   UP-TO-DATE   AVAILABLE   AGE
kube-system   deployment.apps/cilium-operator   2/2     2            2           32m
kube-system   deployment.apps/coredns           2/2     2            2           34m

NAMESPACE     NAME                                         DESIRED   CURRENT   READY   AGE
kube-system   replicaset.apps/cilium-operator-67f4b4f5fd   2         2         2       32m
kube-system   replicaset.apps/coredns-5966c6bdcd           2         2         2       34m

Выполнить healhcheck для узлов Controlplane:

$ talosctl health -n 192.168.1.2
$ talosctl health -n 192.168.1.3
$ talosctl health -n 192.168.1.4

Healthcheck выполнен успешно:

discovered nodes: ["192.168.1.2" "192.168.1.3" "192.168.1.4" "192.168.1.5" "192.168.1.6"]
waiting for etcd to be healthy: ...
waiting for etcd to be healthy: OK
waiting for etcd members to be consistent across nodes: ...
waiting for etcd members to be consistent across nodes: OK
waiting for etcd members to be control plane nodes: ...
waiting for etcd members to be control plane nodes: OK
waiting for apid to be ready: ...
waiting for apid to be ready: OK
waiting for all nodes memory sizes: ...
waiting for all nodes memory sizes: OK
waiting for all nodes disk sizes: ...
waiting for all nodes disk sizes: OK
waiting for no diagnostics: ...
waiting for no diagnostics: OK
waiting for kubelet to be healthy: ...
waiting for kubelet to be healthy: OK
waiting for all nodes to finish boot sequence: ...
waiting for all nodes to finish boot sequence: OK
waiting for all k8s nodes to report: ...
waiting for all k8s nodes to report: OK
waiting for all control plane static pods to be running: ...
waiting for all control plane static pods to be running: OK
waiting for all control plane components to be ready: ...
waiting for all control plane components to be ready: OK
waiting for all k8s nodes to report ready: ...
waiting for all k8s nodes to report ready: OK
waiting for coredns to report ready: ...
waiting for coredns to report ready: OK
waiting for all k8s nodes to report schedulable: ...
waiting for all k8s nodes to report schedulable: OK