轻松管理K3s集群服务:System Upgrade Controller 的超实用指南
ysicing (i@ysicing.me)发表于 2025-05-30 21:20:34
K3s 作为轻量级 Kubernetes 发行版,以其高效、简洁的特性深受开发者与运维人员喜爱。但手动升级 K3s 集群可能是个繁琐的任务,幸好有 System Upgrade Controller!这个工具能让你的 K3s 集群实现自动化、无宕机升级,省时又省心。本文将带你了解 System Upgrade Controller 的魅力,并提供简洁的部署步骤,让你的集群管理更轻松!
主要用于升级 k3s 集群节点上的服务,不仅仅局限于 k3s 服务本身。
简介
System Upgrade Controller 是 Rancher 开发的一个自动化升级工具。它通过 Kubernetes 原生资源(如 Plan)管理节点和 K3s 版本的升级,核心优势包括:
- 自动化:一键配置,自动完成 K3s 版本升级
- 零宕机:逐节点升级,确保服务不中断
- 灵活性:支持自定义升级策略,适配各种集群规模
- 轻量高效:与 K3s 的低资源占用理念完美契合
如果你想让 K3s 集群保持最新或者减少运维负担,绝对值得一试!
项目地址:
在 K3s 上部署
以下是快速部署 System Upgrade Controller 的步骤,简单易上手
kubectl apply -f https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml
或者
kubectl apply -k github.com/rancher/system-upgrade-controller
服务控制器默认会部署到 system-upgrade 命名空间下
kubectl get deploy -n system-upgrade
NAME READY UP-TO-DATE AVAILABLE AGE
system-upgrade-controller 1/1 1 1 335d
使用场景
常见使用如下,由于权限极高,操作时需要确保重复执行没影响。
- 升级 k3s 本身
- 升级 k3s 集群节点服务
升级 k3s 服务
由于我现在的环境特殊,只有一个 master 节点,每次跨版本升级 master 节点都是先手动升级到最新版本,然后在使用下面的命令升级计算节点。(保障至少 1 个控制节点版本是最新的)
---
apiVersion: v1
kind: Secret
metadata:
name: k3s1306
namespace: system-upgrade
type: Opaque
stringData:
upgrade.sh: |
#!/bin/bash
set -x
binfile=$(command -v k3s)
$binfile -v | grep "v1.30.6" && (
echo "done"
exit 0
) || (
wget https://c.ysicing.net/oss/tiga/linux/amd64/k3s
chmod +x k3s
mv k3s $binfile && systemctl restart k3s
)
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
name: k3s1306
namespace: system-upgrade
spec:
concurrency: 3
nodeSelector:
matchExpressions:
- {key: kubernetes.io/os, operator: Exists}
tolerations:
- {operator: Exists}
serviceAccountName: system-upgrade
secrets:
- name: k3s1306
path: /host/run/system-upgrade/secrets/k3s1306
cordon: false
version: latest
upgrade:
image: hub.ysicing.net/ysicing/debian-upgrade:20230909
command: ["chroot", "/host"]
args: ["sh", "/run/system-upgrade/secrets/k3s1306/upgrade.sh"]
想了解更多官方的姿势,可以参考
升级集群服务
- 升级 tailscale 服务
---
apiVersion: v1
kind: Secret
metadata:
name: ts-script
namespace: system-upgrade
type: Opaque
stringData:
upgrade.sh: |
#!/bin/bash
set -x
if tailscale version 2>/dev/null | grep -q "1.82.5"; then
echo "Tailscale 1.82.5 already installed"
exit 0
fi
export DEBIAN_FRONTEND=noninteractive
apt-get update -qq
apt-get install -y --no-install-recommends tailscale
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
name: ts1825
namespace: system-upgrade
spec:
concurrency: 1
nodeSelector:
matchExpressions:
- {key: kubernetes.io/os, operator: Exists}
tolerations:
- {operator: Exists}
serviceAccountName: system-upgrade
secrets:
- name: ts-script
path: /host/run/system-upgrade/secrets/ts-script
cordon: false
version: latest
upgrade:
image: hub.ysicing.net/ysicing/debian-upgrade:20230909
command: ["chroot", "/host"]
args: ["sh", "/run/system-upgrade/secrets/ts-script/upgrade.sh"]
- 升级 easytier
---
apiVersion: v1
kind: Secret
metadata:
name: debian
namespace: system-upgrade
type: Opaque
stringData:
upgrade.sh: |
#!/bin/sh
set -e
if easytier-core -V 2>/dev/null | grep -q "2.2.4"; then
echo "easytier 2.2.4 already installed"
exit 0
fi
apt-get --assume-yes update
DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade --assume-yes
curl https://c.ysicing.net/oss/scripts/easytier.sh | bash
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
name: debian-25021514
namespace: system-upgrade
spec:
concurrency: 3
nodeSelector:
matchExpressions:
- {key: kubernetes.io/os, operator: Exists}
tolerations:
- {operator: Exists}
serviceAccountName: system-upgrade
secrets:
- name: debian
path: /host/run/system-upgrade/secrets/debian
cordon: false
version: latest
upgrade:
image: ysicing/debian
command: ["chroot", "/host"]
args: ["sh", "/run/system-upgrade/secrets/debian/upgrade.sh"]
通过上面 3 个例子,其实就是帮你去每个节点执行相关脚本,如果你有大量类似的重复的工作,System Upgrade Controller 就是个绝佳的运维工具,它让版本管理变得简单、高效、无忧,显著提升你的运维体验。
欢迎关注,可以看看我郑再打工每天都在折腾什么。
