Rancher2.4.3更新2.5.8
Rancher 2.5.8 版本于 2021 年 5 月 6 日釋出。單擊這裡檢視英文版版本說明
安裝和更新說明#
- 更新前,請關閉是以配置的監控、日志和網格,新版本不再支援舊版本。更新完成後,需要手動啟動。不然新版本中的cluster explorer 無法進行安裝
- Rancher 的安裝或更新必須與 Helm 3.2.x+一起進行,因為最新的 cert-manager 版本有變化。具體參考
- 在安裝 Rancher 2.5 之前,Rancher Server 的本地 Kubernetes 叢集應更新到 Kubernetes 1.17 以上。
- 如果在離線環境的 Rancher 前面使用代理,你必須向 NO_PROXY 傳遞額外的參數。 具體參考
- **更新後預設本地叢集不能再被關閉,這意味着所有管理者都可以通路本地叢集。**如果你想限制本地叢集的權限,有一個新的限制性管理者角色,必須使用。現在可以通過在 v3/settings API 中設定 hide_local_cluster 為 true 來禁用對本地叢集的通路。具體參考
- **對于從 v2.4.4 以及之前的 Rancher 更新到 v2.5.x 并啟用了 ACI CNI 的叢集的使用者,請注意,更新 Rancher 将導緻叢集自動調節。**這适用于 Kubernetes 版本 v1.17.16-rancher1-1、v1.17.17-rancher1-1、v1.17.17-rancher2-1、v1.18.14-rancher1-1、v1.18.15-rancher1-1、v1.18.16-rancher1-1 以及 v1.18.17-rancher1-1。在更新到 v2.5.x 之前,請參考解決方法。
- 對于從 v2.4.8(<=RKE v1.1.6)以及之前的 Rancher 更新到 v2.4.12+(RKE v1.1.13+)/v2.5.0+(RKE v1.2.0+)的使用者,請注意,由于 kube-proxy 綁定的變化,編輯和儲存叢集(即使沒有變化或像叢集名稱這樣的瑣碎變化)将導緻叢集和解并在所有節點更新 kube-proxy。這隻發生在第一次編輯時,以後的編輯應該不會影響叢集。
- 對于在離線環境中安裝或更新 Rancher,請在 Helm 模闆指令中添加
--no-hooks
- 目前有一個設定允許使用者以 cron 格式配置重新整理時間的長度:eks-refresh-cron。該設定現在已被廢棄,并被遷移到一個新的設定中的标準秒格式:eks-refresh。如果以前設定過,遷移将自動發生。
- 更新後,如果您使用的 Kubernetes 版本為 1.19 或更新的版本,我們建議禁用 firewalld,因為它與各種 CNI 插件不相容。
[更新操作](更新高可用 Rancher - 高可用更新指南 - 《Rancher v2.4.4 中文文檔》 - 書棧網 · BookStack)
提前準備
1、預備鏡像
新版本鏡像提前準備到私有倉庫,增加替換版本速度。
1)新啟動一台虛拟主機,安裝docker(不要用生産環境,免得主機上的鏡像太多)
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce-19.03.9 docker-ce-cli-19.03.9 containerd.io
2)配置docker私有倉庫
cat >/etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://rfzmfq61.mirror.aliyuncs.com"],
"insecure-registries": ["https://mirror.nexus.wmqhealth.com"]
}
EOF
#重新開機
systemctl restart docker.service
systemctl status docker.service
3)準備檔案,結構如下
ls /opt/rancher
drwxr-xr-x 2 root root 4096 Feb 24 14:51 sync_images_script #目錄
-rwxr-xr-x 1 root root 1331 Feb 24 14:23 sync_images.sh
# 下載下傳上傳鏡像腳本檔案夾
ls sync_images_script
-rwxr-xr-x 1 root root 2762 Feb 24 10:37 rancher-push-images.sh
-rwxr-xr-x 1 root root 1433 Feb 24 10:37 rancher-save-images.sh
各檔案内容
#鏡像下載下傳腳本
vim /opt/rancher/sync_images_script/rancher-save-images.sh
#!/bin/bash
# 定義日志
workdir=`pwd`
log_file=${workdir}/sync_images_$(date +"%Y-%m-%d").log
logger()
{
log=$1
cur_time='['$(date +"%Y-%m-%d %H:%M:%S")']'
echo ${cur_time} ${log} | tee -a ${log_file}
}
list="rancher-images.txt"
#images="rancher-images.tar.gz"
POSITIONAL=()
while [[ $# -gt 0 ]]; do
key="$1"
case $key in
-i|--images)
images="$2"
shift # past argument
shift # past value
;;
-l|--image-list)
list="$2"
shift # past argument
shift # past value
;;
-h|--help)
help="true"
shift
;;
esac
done
usage () {
echo "USAGE: $0 [--image-list rancher-images.txt] [--images rancher-images.tar.gz]"
echo " [-l|--images-list path] text file with list of images. 1 per line."
echo " [-l|--images path] tar.gz generated by docker save."
echo " [-h|--help] Usage message"
}
if [[ $help ]]; then
usage
exit 0
fi
set -e -x
mkdir -p rancher-images-$(date +"%Y-%m-%d")
cd rancher-images-$(date +"%Y-%m-%d")
for i in $(cat ${list});
do
docker pull ${i}
if [ $? -ne 0 ]; then
logger "${i} pull failed."
else
logger "${i} pull successfully."
fi
docker save ${i} | gzip > $(echo $i | sed "s#/#-#g; s#:#-#g").tgz
if [ $? -ne 0 ]; then
logger "${i} save failed."
else
logger "${i} save successfully."
fi
done
#鏡像上傳私有倉庫腳本
vim /opt/rancher/sync_images_script/rancher-push-images.sh
#!/bin/bash
## 鏡像上傳說明
# 需要先在鏡像倉庫中建立 rancher 項目
# 根據實際情況更改以下私有倉庫位址
# 定義日志
workdir=`pwd`
log_file=${workdir}/sync_images_$(date +"%Y-%m-%d").log
logger()
{
log=$1
cur_time='['$(date +"%Y-%m-%d %H:%M:%S")']'
echo ${cur_time} ${log} | tee -a ${log_file}
}
images_hub() {
while true; do
read -p "輸入鏡像倉庫位址(不加http/https): " registry
read -p "輸入鏡像倉庫使用者名: " registry_user
read -p "輸入鏡像倉庫使用者密碼: " registry_password
echo "您設定的倉庫位址為: ${registry},使用者名: ${registry_user},密碼: xxx"
read -p "是否确認(Y/N): " confirm
if [ $confirm != Y ] && [ $confirm != y ] && [ $confirm == '' ]; then
echo "輸入不能為空,重新輸入"
else
break
fi
done
}
images_hub
echo "鏡像倉庫 $(docker login -u ${registry_user} -p ${registry_password} ${registry})"
images=$(cat ./rancher-images.txt)
namespace=rancher
docker_push() {
for imgs in $(echo ${images}); do
n=$(echo ${imgs} | awk -F"/" '{print NF-1}')
#如果鏡像名中沒有/,那麼此鏡像一定是library倉庫的鏡像;
if [ ${n} -eq 0 ]; then
img_tag=${imgs}
#namespace=rancher
#重命名鏡像
docker tag ${imgs} ${registry}/${namespace}/${img_tag}
#删除原始鏡像
#docker rmi ${imgs}
#上傳鏡像
docker push ${registry}/${namespace}/${img_tag}
#如果鏡像名中有一個/,那麼/左側為項目名,右側為鏡像名和tag
elif [ ${n} -eq 1 ]; then
img_tag=$(echo ${imgs} | awk -F"/" '{print $2}')
#namespace=$(echo ${imgs} | awk -F"/" '{print $1}')
#重命名鏡像
docker tag ${imgs} ${registry}/${namespace}/${img_tag}
#删除舊鏡像
#docker rmi ${imgs}
#上傳鏡像
docker push ${registry}/${namespace}/${img_tag}
#如果鏡像名中有兩個/,
elif [ ${n} -eq 2 ]; then
img_tag=$(echo ${imgs} | awk -F"/" '{print $3}')
#namespace=$(echo ${imgs} | awk -F"/" '{print $2}')
#重命名鏡像
docker tag ${imgs} ${registry}/${namespace}/${img_tag}
#删除舊鏡像
#docker rmi ${imgs}
#上傳鏡像
docker push ${registry}/${namespace}/${img_tag}
else
#标準鏡像為四層結構,即:倉庫位址/項目名/鏡像名:tag,如不符合此标準,即為非有效鏡像。
echo "No available images"
fi
done
}
docker_push
#下載下傳鏡像及上傳到私庫
vim /opt/rancher/sync_images.sh
#! /bin/bash
# 此腳本是一鍵同步更新 rancher 所需鏡像到 neuxs 鏡像倉庫。
# 不要将此腳本運作在 rancher 叢集主機中,以免生産環境主機的鏡像太多。
# 此腳本需配合 sync_images_script 目錄使用。
# 鏡像倉庫
reg="reg.nexus.wmqhealth.com"
user="admin"
passwd="xxxxxx" #私有倉庫使用者密碼
# 主程式
main(){
read -p "輸入需要更新到rancher的版本号,( 如:2.3.5 ) : " v
rancher_version=$v
echo "您輸入的rancher的版本号為:$rancher_version "
read -p "是否确認(Y/N): " a
if [ $a == "Y" ] || [ $a == "y" ]
then
copy_script
else
exit
fi
}
copy_script(){
dir="/opt/rancher/upgrade$rancher_version"
if [ -d $dir ]
then
echo "$dir 目錄已經存在。"
else
echo "建立 $dir 目錄,并複制腳本"
mkdir -p $dir && cd $dir
cp -a /opt/rancher/sync_images_script/*.sh ./
pull_images
fi
}
pull_images(){
echo "開始下載下傳鏡像"
wget https://github.com/rancher/rancher/releases/download/v$rancher_version/rancher-images.txt
./rancher-save-images.sh --image-list $dir/rancher-images.txt
push_images
}
push_images(){
echo "開始上傳鏡像到倉庫"
echo -e "$reg\n$user\n$passwd\ny\n" | ./rancher-push-images.sh
}
main
執行腳本
chmod +x /opt/rancher/*.sh && chmod +x /opt/rancher/sync_images_script/*.sh
cd /opt/rancher
./sync_images.sh
2、備份叢集
更新前做全量備份,并拷貝到無關主機上,如果更新過程中出現問題,則可以使用快照用作為還原點,復原至更新前的狀态。
備份:
目前環境已設定自動建立快照,每小時建立一次快照,保留30份
j建議立即建立一次性快照:
rke etcd snapshot-save --name 20210609.etcd --config rancher-cluster.yml
結果: RKE 為在每個節點上運作的
etcd
拍攝快照。該檔案将儲存到
/opt/rke/etcd-snapshots
。
**還原:**還原指定備份檔案
rke etcd snapshot-restore --name 20210609.etcd --config ./rancher-cluster.yml
3、更新本地local叢集到1.19
2.4更新2.5,要求local叢集需要是1.17版本以上
1)檢視目前rke版本
rke -v
2)檢視 rke v0.2.4 最新支援的 k8s 版本**
[[email protected] deploy]# rke config --system-images --all |grep hyperkube
rancher/hyperkube:v1.12.7-rancher1
rancher/hyperkube:v1.13.5-rancher1
rancher/hyperkube:v1.14.1-rancher1
rancher/hyperkube:v1.11.9-rancher1
上面列出是所有支援 k8s 的版本,最新為
v1.14.1
版本。需要下載下傳更新的rke工具
下載下傳新版rke
因現在最新的 k8s 版本已經為 v1.17.x,是以先下載下傳 rke 版本到最新版本 v1.0.4 ,支援到最新的 k8s 版本為v1.17.2
1)下載下傳 rke v1.2.1
wget http://rancher-mirror.cnrancher.com/rke/v1.2.1/rke_linux-amd64
2)重命名并移動到之前的存放路徑
mv rke_linux-amd64 /opt/rancher/cli/rke
chmod +x /opt/rancher/cli/rke
rke -v
3)檢視 rke v1.2.1 最新支援的 k8s 版本
[[email protected] deploy]# rke config --system-images --all |grep hyperkube
rancher/hyperkube:v1.18.10-rancher1
rancher/hyperkube:v1.19.3-rancher1
rancher/hyperkube:v1.16.15-rancher1
rancher/hyperkube:v1.17.13-rancher1
支援最新的 k8s 版本是
v1.19.3
版本。
開始更新K8S
4)修改叢集YAML檔案
RKE通過更改系統鏡像的鏡像版本來支援版本更新。
在rancher-cluster.yml中新增字段:
system-images:
kubernetes: rancher/hyperkube:v1.19.3-rancher1
例如,要改變已部署 k8s 版本,隻需在部署 k8s 叢集的
racher-cluster.yml
中添加
system-images
部分,并把
kubernetes
系統鏡像
rancher/hyperkube
标簽設定為查到的最新
v1.17.2-rancher1
即可。
[[email protected]-rancher-server-01 ~]# cd /opt/rancher/deploy/
[[email protected]-rancher-server-01 deploy]# vim rancher-cluster.yml
nodes:
- address: 172.16.3.241
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_path: ~/.ssh/id_rsa
- address: 172.16.3.242
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_path: ~/.ssh/id_rsa
- address: 172.16.3.243
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_path: ~/.ssh/id_rsa
private_registries:
- url: reg.nexus.wmq.com
user: admin
password: "*******"
is_default: true
system-images:
kubernetes: rancher/hyperkube:v1.19.3-rancher1
services:
etcd:
backup_config:
enabled: true
interval_hours: 1
retention: 30
5)更新叢集
rke up --config ./rancher-cluster.yml
完成後,顯示:Finished building Kubernetes cluster successful
Helm2方式更新
1、新增檔案
新增腳本upgrade_rancher.sh
ls /opt/rancher
drwxr-xr-x 2 root root 4096 Feb 24 14:51 sync_images_script #目錄
-rwxr-xr-x 1 root root 1331 Feb 24 14:23 sync_images.sh
-rwxr-xr-x 1 root root 1819 Feb 24 14:53 upgrade_rancher.sh
# 下載下傳上傳鏡像腳本檔案夾
ls sync_images_script
-rwxr-xr-x 1 root root 2762 Feb 24 10:37 rancher-push-images.sh
-rwxr-xr-x 1 root root 1433 Feb 24 10:37 rancher-save-images.sh
2、編輯腳本
#更新腳本
vim /opt/rancher/upgrade_rancher.sh
#! /bin/bash
# 執行此腳本之前,需要确認已經上傳鏡像到倉庫中。
# 該腳本需要在 prod-rancher-server-01 主機中執行。
stty erase ^H
main(){
read -p "輸入需要更新到rancher的版本号,( 如:2.3.5 ) : " v
rancher_version=$v
echo "您輸入的rancher的版本号為:$rancher_version "
read -p "是否确認(Y/N): " a
if [ $a == "Y" ] || [ $a == "y" ]
then
download_rancher
else
exit
fi
}
download_rancher(){
dir="/opt/rancher/upgrade$rancher_version"
if [ -d $dir ]
then
echo "$dir 目錄已經存在,删除後再繼續。"
else
echo "建立 $dir 目錄"
mkdir -p $dir && cd $dir
echo "更新本地helm repo緩存"
helm repo update
echo "檢視rancher最新版本"
helm search rancher
echo "下載下傳rancher v$rancher_version 離線包"
helm fetch rancher-stable/rancher --version v$rancher_version
echo "解壓離線包"
tar zxvf rancher-$rancher_version.tgz
upgrade_rancher
fi
}
upgrade_rancher(){
echo "指定配置檔案"
kubeconfig=/root/.kube/config
echo "開始更新前确認,是否繼續更新"
read -p "是否确認(Y/N): " a
if [ $a == "Y" ] || [ $a == "y" ]
then
helm --kubeconfig=$kubeconfig upgrade rancher ./rancher \
--set hostname=rancher.wmqhealth.com \
--set ingress.tls.source=secret \
--set auditLog.level=3 \
--set auditLog.destination=hostPath \
--set auditLog.hostPath=/opt/rancher/auditlogs/ \
--set auditLog.maxAge=20 \
--set auditLog.maxBackups=20 \
--set auditLog.maxSize=100 \
# --set privateCA=true 自簽證書需要把注釋打開
--set rancherImage=reg.nexus.wmqhealth.com/rancher/rancher
else
exit
fi
}
main
3、執行腳本
chmod +x /opt/rancher/upgrade_rancher.sh
cd /opt/rancher/
./upgrade_rancher.sh
等待自動更新完成即可。
Helm3方式更新
1、(可選)安裝cert-manager
截至2021.06.11叢集未安裝cert-manager,故可忽略本小節
檢查cert-manager版本
提示:
如果使用自己的證書檔案
ingress.tls.source=secret
或者使用外部 TLS 負載均衡器可以跳過此步驟。
僅在使用 Rancher 生成的證書
ingress.tls.source=rancher
或 Let’s Encrypt 頒發的證書
ingress.tls.source=letsEncrypt
時才需要 cert-manager。
重要提示 如果目前正在運作版本低于 v0.11 的 cert-manger,并且想要将 Rancher 和 cert-manager 都更新到新版本,則需要重新安裝它們:
- 對運作 Rancher Server 的 Kubernetes 叢集進行一次性快照
- 解除安裝 Rancher,cert-manager 和 cert-manager 的 CustomResourceDefinition
- 安裝更新版本的 Rancher 和 cert-manager
原因是當 Helm 更新 Rancher 時,如果運作的 Rancher 應用程式與用于安裝它的 chart 模闆不比對,它将拒絕更新并顯示錯誤消息。因為 cert-manager 更改了它的 API 組,并且我們不能修改 Rancher 的已釋出的 chart,是以 cert-manager 的 API 版本始終不比對,是以更新将被拒絕。
添加 cert-manager helm 倉庫:
helm3 repo add jetstack https://charts.jetstack.io
為 cert-manager 建立命名空間:
kubectl create namespace cert-manager
安裝 cert-manager 的 CustomResourceDefinitions:
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.2/cert-manager.crds.yaml
然後使用 Helm 安裝 cert-manager。需要注意的是,cert-manager 還需要配置你的代理,以防它需要與 Let’s Encrypt 或其他外部證書發行商進行通信。
helm3 upgrade --install cert-manager jetstack/cert-manager --namespace cert-manager --version v0.15.2 --set http_proxy=http://${proxy_host} --set https_proxy=http://${proxy_host} --set no_proxy=127.0.0.0/8\\,10.0.0.0/8\\,cattle-system.svc\\,172.16.0.0/12\\,192.168.0.0/16
2、更新helm2到helm3
安裝helm3
helm下載下傳位址:https://get.helm.sh/helm-v3.6.0-linux-amd64.tar.gz
解壓完成後,重命名為helm3
安裝更新工具
helm3 plugin install https://github.com/helm/helm-2to3
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/configDownloading and installing helm-2to3 v0.8.2 ...https://github.com/helm/helm-2to3/releases/download/v0.8.2/helm-2to3_0.8.2_linux_amd64.tar.gzInstalled plugin: 2to3
檢視插件
helm3 plugin list
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/configNAME VERSION DESCRIPTION 2to3 0.8.2 migrate and cleanup Helm v2 configuration and releases in-place to Helm v3
開始遷移
先測試下遷移配置檔案是否會報錯
helm3 2to3 move config --dry-run
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config2021/06/09 15:44:34 NOTE: This is in dry-run mode, the following actions will not be executed.2021/06/09 15:44:34 Run without --dry-run to take the actions described below:2021/06/09 15:44:34 2021/06/09 15:44:34 WARNING: Helm v3 configuration may be overwritten during this operation.2021/06/09 15:44:34 [Move config/confirm] Are you sure you want to move the v2 configuration? [y/N]: y2021/06/09 15:44:41 Helm v2 configuration will be moved to Helm v3 configuration.2021/06/09 15:44:41 [Helm 2] Home directory: /root/.helm2021/06/09 15:44:41 [Helm 3] Config directory: /root/.config/helm2021/06/09 15:44:41 [Helm 3] Data directory: /root/.local/share/helm2021/06/09 15:44:41 [Helm 3] Cache directory: /root/.cache/helm2021/06/09 15:44:41 [Helm 3] Create config folder "/root/.config/helm" .2021/06/09 15:44:41 [Helm 2] repositories file "/root/.helm/repository/repositories.yaml" will copy to [Helm 3] config folder "/root/.config/helm/repositories.yaml" .2021/06/09 15:44:41 [Helm 3] Create cache folder "/root/.cache/helm" .2021/06/09 15:44:41 [Helm 3] Create data folder "/root/.local/share/helm" .2021/06/09 15:44:41 [Helm 2] starters "/root/.helm/starters" will copy to [Helm 3] data folder "/root/.local/share/helm/starters" .
無報錯,開始正式遷移
helm3 2to3 move config
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config2021/06/09 15:45:11 WARNING: Helm v3 configuration may be overwritten during this operation.2021/06/09 15:45:11 [Move config/confirm] Are you sure you want to move the v2 configuration? [y/N]: y2021/06/09 15:45:12 Helm v2 configuration will be moved to Helm v3 configuration.2021/06/09 15:45:12 [Helm 2] Home directory: /root/.helm2021/06/09 15:45:12 [Helm 3] Config directory: /root/.config/helm2021/06/09 15:45:12 [Helm 3] Data directory: /root/.local/share/helm2021/06/09 15:45:12 [Helm 3] Cache directory: /root/.cache/helm2021/06/09 15:45:12 [Helm 3] Create config folder "/root/.config/helm" .2021/06/09 15:45:12 [Helm 3] Config folder "/root/.config/helm" created.2021/06/09 15:45:12 [Helm 2] repositories file "/root/.helm/repository/repositories.yaml" will copy to [Helm 3] config folder "/root/.config/helm/repositories.yaml" .2021/06/09 15:45:12 [Helm 2] repositories file "/root/.helm/repository/repositories.yaml" copied successfully to [Helm 3] config folder "/root/.config/helm/repositories.yaml" .2021/06/09 15:45:12 [Helm 3] Create cache folder "/root/.cache/helm" .2021/06/09 15:45:12 [Helm 3] cache folder "/root/.cache/helm" created.2021/06/09 15:45:12 [Helm 3] Create data folder "/root/.local/share/helm" .2021/06/09 15:45:12 [Helm 3] data folder "/root/.local/share/helm" created.2021/06/09 15:45:12 [Helm 2] starters "/root/.helm/starters" will copy to [Helm 3] data folder "/root/.local/share/helm/starters" .2021/06/09 15:45:12 [Helm 2] starters "/root/.helm/starters" copied successfully to [Helm 3] data folder "/root/.local/share/helm/starters" .2021/06/09 15:45:12 Helm v2 configuration was moved successfully to Helm v3 configuration.
檢視helm倉庫遷移情況
helm3 repo list
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/configNAME URL stable https://charts.helm.sh/stable local http://127.0.0.1:8879/charts rancher-stable https://releases.rancher.com/server-charts/stable
開始遷移helm安裝的服務
檢視舊helm安裝的服務,隻有一個rancher
helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE rancher 1 Wed Jun 9 10:52:11 2021 DEPLOYED rancher-2.4.3 v2.4.3 cattle-system
開始遷移rancher服務
同樣先測試下是否報錯
helm3 2to3 convert --dry-run rancher
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config2021/06/09 15:49:46 NOTE: This is in dry-run mode, the following actions will not be executed.2021/06/09 15:49:46 Run without --dry-run to take the actions described below:2021/06/09 15:49:46 2021/06/09 15:49:46 Release "rancher" will be converted from Helm v2 to Helm v3.2021/06/09 15:49:46 [Helm 3] Release "rancher" will be created.2021/06/09 15:49:46 [Helm 3] ReleaseVersion "rancher.v1" will be created.
正式開始遷移rancher服務
helm3 2to3 convert rancher
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config2021/06/09 15:50:00 Release "rancher" will be converted from Helm v2 to Helm v3.2021/06/09 15:50:00 [Helm 3] Release "rancher" will be created.2021/06/09 15:50:00 [Helm 3] ReleaseVersion "rancher.v1" will be created.2021/06/09 15:50:00 [Helm 3] ReleaseVersion "rancher.v1" created.2021/06/09 15:50:00 [Helm 3] Release "rancher" created.2021/06/09 15:50:00 Release "rancher" was converted successfully from Helm v2 to Helm v3.2021/06/09 15:50:00 Note: The v2 release information still remains and should be removed to avoid conflicts with the migrated v3 release.2021/06/09 15:50:00 v2 release information should only be removed using `helm 2to3` cleanup and when all releases have been migrated over.
檢視遷移服務情況
在helm3中需要添加命名空間檢視
helm3 list -n cattle-system
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/configNAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSIONrancher cattle-system 1 2021-06-09 02:52:11.625515705 +0000 UTC deployed rancher-2.4.3 v2.4.3
清理資料
最後清理helm2資料
helm3 2to3 cleanup --tiller-ns kube-system
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/configWARNING: "Helm v2 Configuration" "Release Data" "Tiller" will be removed. This will clean up all releases managed by Helm v2. It will not be possible to restore them if you haven't made a backup of the releases.Helm v2 may not be usable afterwards.[Cleanup/confirm] Are you sure you want to cleanup Helm v2 data? [y/N]: y2021/06/09 15:54:22 Helm v2 data will be cleaned up.2021/06/09 15:54:22 [Helm 2] Releases will be deleted.2021/06/09 15:54:23 [Helm 2] no deployed releases for namespace: kube-system, owner: OWNER=TILLER2021/06/09 15:54:23 [Helm 2] Releases deleted.2021/06/09 15:54:23 [Helm 2] Tiller in "kube-system" namespace will be removed.2021/06/09 15:54:23 [Helm 2] Tiller "deploy" in "kube-system" namespace will be removed.2021/06/09 15:54:23 [Helm 2] Tiller "deploy" in "kube-system" namespace was removed successfully.2021/06/09 15:54:23 [Helm 2] Tiller "service" in "kube-system" namespace will be removed.2021/06/09 15:54:23 [Helm 2] Tiller "service" in "kube-system" namespace was removed successfully.2021/06/09 15:54:23 [Helm 2] Tiller in "kube-system" namespace was removed.2021/06/09 15:54:23 [Helm 2] Home folder "/root/.helm" will be deleted.2021/06/09 15:54:23 [Helm 2] Home folder "/root/.helm" deleted.2021/06/09 15:54:23 Helm v2 data was cleaned up successfully.
3、更新helm chart倉庫
helm3 repo update
4、安裝rancher的倉庫名稱
mkdir -p /opt/rancher/upgrade2.5.8 && cd /opt/rancher/upgrade2.5.8helm3 fetch rancher-stable/rancher --version v2.5.8
-
latest
-
stable
-
alpha
5、更新rancher(自簽證書需加–set privateCA=true )
helm3 template rancher ./rancher-2.5.8.tgz --output-dir . --namespace cattle-system --no-hooks --set hostname=rancher.wmqhealth.com --set ingress.tls.source=secret --set auditLog.level=3 --set auditLog.destination=hostPath --set auditLog.hostPath=/opt/rancher/auditlogs/ --set auditLog.maxAge=20 --set auditLog.maxBackups=20 --set auditLog.maxSize=100 --set useBundledSystemChart=true --set rancherImage=reg.nexus.wmqhealth.com/rancher/rancher
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/configwrote ./rancher/templates/serviceAccount.yamlwrote ./rancher/templates/clusterRoleBinding.yamlwrote ./rancher/templates/service.yamlwrote ./rancher/templates/deployment.yamlwrote ./rancher/templates/ingress.yaml
導入渲染模闆
kubectl -n cattle-system apply -R -f ./rancher
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl applyclusterrolebinding.rbac.authorization.k8s.io/rancher configuredWarning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl applydeployment.apps/rancher configuredWarning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl applyingress.networking.k8s.io/rancher configuredWarning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl applyservice/rancher configuredWarning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl applyserviceaccount/rancher configured
等待自動更新完成即可
![Ansible-Playbook一、YAML語言二、Ansible的腳本—playbook劇本三、編寫playbook劇本四、handlers介紹及劇本編寫五、變量設定六、條件測試七、疊代八、Templates模闆子產品九、tags标簽子產品十、role子產品[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)