richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5211 Commits
29 Branches
81 Tags
147 MiB
Tree: a78e861a89
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a78e861a89'
${ noResults }
kubespray/docs/upgrades.md

357 lines
13 KiB
Raw Normal View History

Add markdown CI (#5380)
4 years ago
Add document outlining upgrade process
8 years ago
rename almost all mentions of kargo
7 years ago
Clarify process for upgrading more than one version (#5264) Since it is unsupported to skip upgrades, I've detailed the steps for upgrading a step at a time and removed some language that indicated it should work
5 years ago
Add document outlining upgrade process
8 years ago
Clarify process for upgrading more than one version (#5264) Since it is unsupported to skip upgrades, I've detailed the steps for upgrading a step at a time and removed some language that indicated it should work
5 years ago
Add markdown CI (#5380)
4 years ago
Add document outlining upgrade process
8 years ago
Add markdown CI (#5380)
4 years ago
UPdate docs to match actuall required settings to perform an unsafe upgrade using cluster.yml playbook. Relates to https://github.com/kubernetes-sigs/kubespray/issues/4736 and https://github.com/kubernetes-sigs/kubespray/issues/4139 (#5609)
4 years ago
Add document outlining upgrade process
8 years ago
Add markdown CI (#5380)
4 years ago
UPdate docs to match actuall required settings to perform an unsafe upgrade using cluster.yml playbook. Relates to https://github.com/kubernetes-sigs/kubespray/issues/4736 and https://github.com/kubernetes-sigs/kubespray/issues/4139 (#5609)
4 years ago
Add document outlining upgrade process
8 years ago
UPdate docs to match actuall required settings to perform an unsafe upgrade using cluster.yml playbook. Relates to https://github.com/kubernetes-sigs/kubespray/issues/4736 and https://github.com/kubernetes-sigs/kubespray/issues/4139 (#5609)
4 years ago
Add markdown CI (#5380)
4 years ago
Add graceful upgrade process Based on #718 introduced by rsmitty. Includes all roles and all options to support deployment of new hosts in case they were added to inventory. Main difference here is that master role is evaluated first so that master components get upgraded first. Fixes #694
7 years ago
Instead of doc update, change the verify step
6 years ago
Add graceful upgrade process Based on #718 introduced by rsmitty. Includes all roles and all options to support deployment of new hosts in case they were added to inventory. Main difference here is that master role is evaluated first so that master components get upgraded first. Fixes #694
7 years ago
Add markdown CI (#5380)
4 years ago
Support multiple inventory files under individual inventory directory
6 years ago
Update upgrades.md Clarify that the `kube_version` environment variable is needed for the CLI "graceful upgrade". Also add and example to check that the upgrade was successful.
7 years ago
fix-up some spelling mistakes (#5202)
5 years ago
Update upgrades.md Clarify that the `kube_version` environment variable is needed for the CLI "graceful upgrade". Also add and example to check that the upgrade was successful.
7 years ago
Add markdown CI (#5380)
4 years ago
Update upgrades.md Clarify that the `kube_version` environment variable is needed for the CLI "graceful upgrade". Also add and example to check that the upgrade was successful.
7 years ago
Add graceful upgrade process Based on #718 introduced by rsmitty. Includes all roles and all options to support deployment of new hosts in case they were added to inventory. Main difference here is that master role is evaluated first so that master components get upgraded first. Fixes #694
7 years ago
Add markdown CI (#5380)
4 years ago
Clarify process for upgrading more than one version (#5264) Since it is unsupported to skip upgrades, I've detailed the steps for upgrading a step at a time and removed some language that indicated it should work
5 years ago
UPdate docs to match actuall required settings to perform an unsafe upgrade using cluster.yml playbook. Relates to https://github.com/kubernetes-sigs/kubespray/issues/4736 and https://github.com/kubernetes-sigs/kubespray/issues/4139 (#5609)
4 years ago
Clarify process for upgrading more than one version (#5264) Since it is unsupported to skip upgrades, I've detailed the steps for upgrading a step at a time and removed some language that indicated it should work
5 years ago
Add markdown CI (#5380)
4 years ago
Clarify process for upgrading more than one version (#5264) Since it is unsupported to skip upgrades, I've detailed the steps for upgrading a step at a time and removed some language that indicated it should work
5 years ago
Add markdown CI (#5380)
4 years ago
Clarify process for upgrading more than one version (#5264) Since it is unsupported to skip upgrades, I've detailed the steps for upgrading a step at a time and removed some language that indicated it should work
5 years ago
Add markdown CI (#5380)
4 years ago
Clarify process for upgrading more than one version (#5264) Since it is unsupported to skip upgrades, I've detailed the steps for upgrading a step at a time and removed some language that indicated it should work
5 years ago
Add markdown CI (#5380)
4 years ago
Clarify process for upgrading more than one version (#5264) Since it is unsupported to skip upgrades, I've detailed the steps for upgrading a step at a time and removed some language that indicated it should work
5 years ago
Add markdown CI (#5380)
4 years ago
Clarify process for upgrading more than one version (#5264) Since it is unsupported to skip upgrades, I've detailed the steps for upgrading a step at a time and removed some language that indicated it should work
5 years ago
Add markdown CI (#5380)
4 years ago
Add document outlining upgrade process
8 years ago
Fixed Formatting / Ansbile-Playbook Command - added -b and fixed typo in ansible-playbook command - fixed formatting issue
7 years ago
Upgrade to kubeadm (#1667) * Enable upgrade to kubeadm * fix kubedns upgrade * try upgrade route * use init/upgrade strategy for kubeadm and ignore kubedns svc * Use bin_dir for kubeadm * delete more secrets * fix waiting for terminating pods * Manually enforce kube-proxy for kubeadm deploy * remove proxy. update to kubeadm 1.8.0rc1
7 years ago
Add markdown CI (#5380)
4 years ago
Upgrade to kubeadm (#1667) * Enable upgrade to kubeadm * fix kubedns upgrade * try upgrade route * use init/upgrade strategy for kubeadm and ignore kubedns svc * Use bin_dir for kubeadm * delete more secrets * fix waiting for terminating pods * Manually enforce kube-proxy for kubeadm deploy * remove proxy. update to kubeadm 1.8.0rc1
7 years ago
Add tags to deploy components by --tags option (#2960) * Add tags for cert serial tasks This will help facilitate tag-based deployment of specific components. * fixup kubernetes node
6 years ago
Update upgrades.md
6 years ago
Add tags to deploy components by --tags option (#2960) * Add tags for cert serial tasks This will help facilitate tag-based deployment of specific components. * fixup kubernetes node
6 years ago
add docker upgrade tag doc
6 years ago
Add markdown CI (#5380)
4 years ago
add docker upgrade tag doc
6 years ago
Add tags to deploy components by --tags option (#2960) * Add tags for cert serial tasks This will help facilitate tag-based deployment of specific components. * fixup kubernetes node
6 years ago
Add markdown CI (#5380)
4 years ago
Add tags to deploy components by --tags option (#2960) * Add tags for cert serial tasks This will help facilitate tag-based deployment of specific components. * fixup kubernetes node
6 years ago
Add markdown CI (#5380)
4 years ago
Add tags to deploy components by --tags option (#2960) * Add tags for cert serial tasks This will help facilitate tag-based deployment of specific components. * fixup kubernetes node
6 years ago
Add markdown CI (#5380)
4 years ago
Add tags to deploy components by --tags option (#2960) * Add tags for cert serial tasks This will help facilitate tag-based deployment of specific components. * fixup kubernetes node
6 years ago
Add markdown CI (#5380)
4 years ago
Add tags to deploy components by --tags option (#2960) * Add tags for cert serial tasks This will help facilitate tag-based deployment of specific components. * fixup kubernetes node
6 years ago
Add markdown CI (#5380)
4 years ago
Add tags to deploy components by --tags option (#2960) * Add tags for cert serial tasks This will help facilitate tag-based deployment of specific components. * fixup kubernetes node
6 years ago
Add markdown CI (#5380)
4 years ago
Add tags to deploy components by --tags option (#2960) * Add tags for cert serial tasks This will help facilitate tag-based deployment of specific components. * fixup kubernetes node
6 years ago
Add markdown CI (#5380)
4 years ago
Add tags to deploy components by --tags option (#2960) * Add tags for cert serial tasks This will help facilitate tag-based deployment of specific components. * fixup kubernetes node
6 years ago
  1. # Upgrading Kubernetes in Kubespray
  3. Kubespray handles upgrades the same way it handles initial deployment. That is to
  4. say that each component is laid down in a fixed order.
  6. You can also individually control versions of components by explicitly defining their
  7. versions. Here are all version vars for each component:
  9. * docker_version
  10. * kube_version
  11. * etcd_version
  12. * calico_version
  13. * calico_cni_version
  14. * weave_version
  15. * flannel_version
  16. * kubedns_version
  18. :warning: [Attempting to upgrade from an older release straight to the latest release is unsupported and likely to break something](https://github.com/kubernetes-sigs/kubespray/issues/3849#issuecomment-451386515) :warning:
  20. See [Multiple Upgrades](#multiple-upgrades) for how to upgrade from older releases to the latest release
  22. ## Unsafe upgrade example
  24. If you wanted to upgrade just kube_version from v1.4.3 to v1.4.6, you could
  25. deploy the following way:
  27. ```ShellSession
  28. ansible-playbook cluster.yml -i inventory/sample/hosts.ini -e kube_version=v1.4.3 -e upgrade_cluster_setup=true
  29. ```
  31. And then repeat with v1.4.6 as kube_version:
  33. ```ShellSession
  34. ansible-playbook cluster.yml -i inventory/sample/hosts.ini -e kube_version=v1.4.6 -e upgrade_cluster_setup=true
  35. ```
  37. The var ```-e upgrade_cluster_setup=true``` is needed to be set in order to migrate the deploys of e.g kube-apiserver inside the cluster immediately which is usually only done in the graceful upgrade. (Refer to [#4139](https://github.com/kubernetes-sigs/kubespray/issues/4139) and [#4736](https://github.com/kubernetes-sigs/kubespray/issues/4736))
  39. ## Graceful upgrade
  41. Kubespray also supports cordon, drain and uncordoning of nodes when performing
  42. a cluster upgrade. There is a separate playbook used for this purpose. It is
  43. important to note that upgrade-cluster.yml can only be used for upgrading an
  44. existing cluster. That means there must be at least 1 kube-master already
  45. deployed.
  47. ```ShellSession
  48. ansible-playbook upgrade-cluster.yml -b -i inventory/sample/hosts.ini -e kube_version=v1.6.0
  49. ```
  51. After a successful upgrade, the Server Version should be updated:
  53. ```ShellSession
  54. $ kubectl version
  55. Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.0", GitCommit:"fff5156092b56e6bd60fff75aad4dc9de6b6ef37", GitTreeState:"clean", BuildDate:"2017-03-28T19:15:41Z", GoVersion:"go1.8", Compiler:"gc", Platform:"darwin/amd64"}
  56. Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.0+coreos.0", GitCommit:"8031716957d697332f9234ddf85febb07ac6c3e3", GitTreeState:"clean", BuildDate:"2017-03-29T04:33:09Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
  57. ```
  59. ## Multiple upgrades
  61. :warning: [Do not skip releases when upgrading--upgrade by one tag at a time.](https://github.com/kubernetes-sigs/kubespray/issues/3849#issuecomment-451386515) :warning:
  63. For instance, if you're on v2.6.0, then check out v2.7.0, run the upgrade, check out the next tag, and run the next upgrade, etc.
  65. Assuming you don't explicitly define a kubernetes version in your k8s-cluster.yml, you simply check out the next tag and run the upgrade-cluster.yml playbook
  67. * If you do define kubernetes version in your inventory (e.g. group_vars/k8s-cluster.yml) then either make sure to update it before running upgrade-cluster, or specify the new version you're upgrading to: `ansible-playbook -i inventory/mycluster/hosts.ini -b upgrade-cluster.yml -e kube_version=v1.11.3`
  69. Otherwise, the upgrade will leave your cluster at the same k8s version defined in your inventory vars.
  71. The below example shows taking a cluster that was set up for v2.6.0 up to v2.10.0
  73. ```ShellSession
  74. $ kubectl get node
  75. NAME STATUS ROLES AGE VERSION
  76. apollo Ready master,node 1h v1.10.4
  77. boomer Ready master,node 42m v1.10.4
  78. caprica Ready master,node 42m v1.10.4
  80. $ git describe --tags
  81. v2.6.0
  83. $ git tag
  84. ...
  85. v2.6.0
  86. v2.7.0
  87. v2.8.0
  88. v2.8.1
  89. v2.8.2
  90. ...
  92. $ git checkout v2.7.0
  93. Previous HEAD position was 8b3ce6e4 bump upgrade tests to v2.5.0 commit (#3087)
  94. HEAD is now at 05dabb7e Fix Bionic networking restart error #3430 (#3431)
  96. # NOTE: May need to sudo pip3 install -r requirements.txt when upgrading.
  98. ansible-playbook -i inventory/mycluster/hosts.ini -b upgrade-cluster.yml
  100. ...
  102. $ kubectl get node
  103. NAME STATUS ROLES AGE VERSION
  104. apollo Ready master,node 1h v1.11.3
  105. boomer Ready master,node 1h v1.11.3
  106. caprica Ready master,node 1h v1.11.3
  108. $ git checkout v2.8.0
  109. Previous HEAD position was 05dabb7e Fix Bionic networking restart error #3430 (#3431)
  110. HEAD is now at 9051aa52 Fix ubuntu-contiv test failed (#3808)
  111. ```
  113. :info: NOTE: Review changes between the sample inventory and your inventory when upgrading versions. :info:
  115. Some deprecations between versions that mean you can't just upgrade straight from 2.7.0 to 2.8.0 if you started with the sample inventory.
  117. In this case, I set "kubeadm_enabled" to false, knowing that it is deprecated and removed by 2.9.0, to delay converting the cluster to kubeadm as long as I could.
  119. ```ShellSession
  120. $ ansible-playbook -i inventory/mycluster/hosts.ini -b upgrade-cluster.yml
  121. ...
  122. "msg": "DEPRECATION: non-kubeadm deployment is deprecated from v2.9. Will be removed in next release."
  123. ...
  124. Are you sure you want to deploy cluster using the deprecated non-kubeadm mode. (output is hidden):
  125. yes
  126. ...
  128. $ kubectl get node
  129. NAME STATUS ROLES AGE VERSION
  130. apollo Ready master,node 114m v1.12.3
  131. boomer Ready master,node 114m v1.12.3
  132. caprica Ready master,node 114m v1.12.3
  134. $ git checkout v2.8.1
  135. Previous HEAD position was 9051aa52 Fix ubuntu-contiv test failed (#3808)
  136. HEAD is now at 2ac1c756 More Feature/2.8 backports for 2.8.1 (#3911)
  138. $ ansible-playbook -i inventory/mycluster/hosts.ini -b upgrade-cluster.yml
  139. ...
  140. "msg": "DEPRECATION: non-kubeadm deployment is deprecated from v2.9. Will be removed in next release."
  141. ...
  142. Are you sure you want to deploy cluster using the deprecated non-kubeadm mode. (output is hidden):
  143. yes
  144. ...
  146. $ kubectl get node
  147. NAME STATUS ROLES AGE VERSION
  148. apollo Ready master,node 2h36m v1.12.4
  149. boomer Ready master,node 2h36m v1.12.4
  150. caprica Ready master,node 2h36m v1.12.4
  152. $ git checkout v2.8.2
  153. Previous HEAD position was 2ac1c756 More Feature/2.8 backports for 2.8.1 (#3911)
  154. HEAD is now at 4167807f Upgrade to 1.12.5 (#4066)
  156. $ ansible-playbook -i inventory/mycluster/hosts.ini -b upgrade-cluster.yml
  157. ...
  158. "msg": "DEPRECATION: non-kubeadm deployment is deprecated from v2.9. Will be removed in next release."
  159. ...
  160. Are you sure you want to deploy cluster using the deprecated non-kubeadm mode. (output is hidden):
  161. yes
  162. ...
  164. $ kubectl get node
  165. NAME STATUS ROLES AGE VERSION
  166. apollo Ready master,node 3h3m v1.12.5
  167. boomer Ready master,node 3h3m v1.12.5
  168. caprica Ready master,node 3h3m v1.12.5
  170. $ git checkout v2.8.3
  171. Previous HEAD position was 4167807f Upgrade to 1.12.5 (#4066)
  172. HEAD is now at ea41fc5e backport cve-2019-5736 to release-2.8 (#4234)
  174. $ ansible-playbook -i inventory/mycluster/hosts.ini -b upgrade-cluster.yml
  175. ...
  176. "msg": "DEPRECATION: non-kubeadm deployment is deprecated from v2.9. Will be removed in next release."
  177. ...
  178. Are you sure you want to deploy cluster using the deprecated non-kubeadm mode. (output is hidden):
  179. yes
  180. ...
  182. $ kubectl get node
  183. NAME STATUS ROLES AGE VERSION
  184. apollo Ready master,node 5h18m v1.12.5
  185. boomer Ready master,node 5h18m v1.12.5
  186. caprica Ready master,node 5h18m v1.12.5
  188. $ git checkout v2.8.4
  189. Previous HEAD position was ea41fc5e backport cve-2019-5736 to release-2.8 (#4234)
  190. HEAD is now at 3901480b go to k8s 1.12.7 (#4400)
  192. $ ansible-playbook -i inventory/mycluster/hosts.ini -b upgrade-cluster.yml
  193. ...
  194. "msg": "DEPRECATION: non-kubeadm deployment is deprecated from v2.9. Will be removed in next release."
  195. ...
  196. Are you sure you want to deploy cluster using the deprecated non-kubeadm mode. (output is hidden):
  197. yes
  198. ...
  200. $ kubectl get node
  201. NAME STATUS ROLES AGE VERSION
  202. apollo Ready master,node 5h37m v1.12.7
  203. boomer Ready master,node 5h37m v1.12.7
  204. caprica Ready master,node 5h37m v1.12.7
  206. $ git checkout v2.8.5
  207. Previous HEAD position was 3901480b go to k8s 1.12.7 (#4400)
  208. HEAD is now at 6f97687d Release 2.8 robust san handling (#4478)
  210. $ ansible-playbook -i inventory/mycluster/hosts.ini -b upgrade-cluster.yml
  211. ...
  212. "msg": "DEPRECATION: non-kubeadm deployment is deprecated from v2.9. Will be removed in next release."
  213. ...
  214. Are you sure you want to deploy cluster using the deprecated non-kubeadm mode. (output is hidden):
  215. yes
  216. ...
  218. $ kubectl get node
  219. NAME STATUS ROLES AGE VERSION
  220. apollo Ready master,node 5h45m v1.12.7
  221. boomer Ready master,node 5h45m v1.12.7
  222. caprica Ready master,node 5h45m v1.12.7
  224. $ git checkout v2.9.0
  225. Previous HEAD position was 6f97687d Release 2.8 robust san handling (#4478)
  226. HEAD is now at a4e65c7c Upgrade to Ansible >2.7.0 (#4471)
  227. ```
  229. :warning: IMPORTANT: Some of the variable formats changed in the k8s-cluster.yml between 2.8.5 and 2.9.0 :warning:
  231. If you do not keep your inventory copy up to date, **your upgrade will fail** and your first master will be left non-functional until fixed and re-run.
  233. It is at this point the cluster was upgraded from non-kubeadm to kubeadm as per the deprecation warning.
  235. ```ShellSession
  236. ansible-playbook -i inventory/mycluster/hosts.ini -b upgrade-cluster.yml
  238. ...
  240. $ kubectl get node
  241. NAME STATUS ROLES AGE VERSION
  242. apollo Ready master,node 6h54m v1.13.5
  243. boomer Ready master,node 6h55m v1.13.5
  244. caprica Ready master,node 6h54m v1.13.5
  246. # Watch out: 2.10.0 is hiding between 2.1.2 and 2.2.0
  248. $ git tag
  249. ...
  250. v2.1.0
  251. v2.1.1
  252. v2.1.2
  253. v2.10.0
  254. v2.2.0
  255. ...
  257. $ git checkout v2.10.0
  258. Previous HEAD position was a4e65c7c Upgrade to Ansible >2.7.0 (#4471)
  259. HEAD is now at dcd9c950 Add etcd role dependency on kube user to avoid etcd role failure when running scale.yml with a fresh node. (#3240) (#4479)
  261. ansible-playbook -i inventory/mycluster/hosts.ini -b upgrade-cluster.yml
  263. ...
  265. $ kubectl get node
  266. NAME STATUS ROLES AGE VERSION
  267. apollo Ready master,node 7h40m v1.14.1
  268. boomer Ready master,node 7h40m v1.14.1
  269. caprica Ready master,node 7h40m v1.14.1
  272. ```
  274. ## Upgrade order
  276. As mentioned above, components are upgraded in the order in which they were
  277. installed in the Ansible playbook. The order of component installation is as
  278. follows:
  280. * Docker
  281. * etcd
  282. * kubelet and kube-proxy
  283. * network_plugin (such as Calico or Weave)
  284. * kube-apiserver, kube-scheduler, and kube-controller-manager
  285. * Add-ons (such as KubeDNS)
  287. ## Upgrade considerations
  289. Kubespray supports rotating certificates used for etcd and Kubernetes
  290. components, but some manual steps may be required. If you have a pod that
  291. requires use of a service token and is deployed in a namespace other than
  292. `kube-system`, you will need to manually delete the affected pods after
  293. rotating certificates. This is because all service account tokens are dependent
  294. on the apiserver token that is used to generate them. When the certificate
  295. rotates, all service account tokens must be rotated as well. During the
  296. kubernetes-apps/rotate_tokens role, only pods in kube-system are destroyed and
  297. recreated. All other invalidated service account tokens are cleaned up
  298. automatically, but other pods are not deleted out of an abundance of caution
  299. for impact to user deployed pods.
  301. ### Component-based upgrades
  303. A deployer may want to upgrade specific components in order to minimize risk
  304. or save time. This strategy is not covered by CI as of this writing, so it is
  305. not guaranteed to work.
  307. These commands are useful only for upgrading fully-deployed, healthy, existing
  308. hosts. This will definitely not work for undeployed or partially deployed
  309. hosts.
  311. Upgrade docker:
  313. ```ShellSession
  314. ansible-playbook -b -i inventory/sample/hosts.ini cluster.yml --tags=docker
  315. ```
  317. Upgrade etcd:
  319. ```ShellSession
  320. ansible-playbook -b -i inventory/sample/hosts.ini cluster.yml --tags=etcd
  321. ```
  323. Upgrade vault:
  325. ```ShellSession
  326. ansible-playbook -b -i inventory/sample/hosts.ini cluster.yml --tags=vault
  327. ```
  329. Upgrade kubelet:
  331. ```ShellSession
  332. ansible-playbook -b -i inventory/sample/hosts.ini cluster.yml --tags=node --skip-tags=k8s-gen-certs,k8s-gen-tokens
  333. ```
  335. Upgrade Kubernetes master components:
  337. ```ShellSession
  338. ansible-playbook -b -i inventory/sample/hosts.ini cluster.yml --tags=master
  339. ```
  341. Upgrade network plugins:
  343. ```ShellSession
  344. ansible-playbook -b -i inventory/sample/hosts.ini cluster.yml --tags=network
  345. ```
  347. Upgrade all add-ons:
  349. ```ShellSession
  350. ansible-playbook -b -i inventory/sample/hosts.ini cluster.yml --tags=apps
  351. ```
  353. Upgrade just helm (assuming `helm_enabled` is true):
  355. ```ShellSession
  356. ansible-playbook -b -i inventory/sample/hosts.ini cluster.yml --tags=helm
  357. ```