IT博客汇
  • 首页
  • 精华
  • 技术
  • 设计
  • 资讯
  • 扯淡
  • 权利声明
  • 登录 注册

    轻松管理K3s集群服务:System Upgrade Controller 的超实用指南

    ysicing (i@ysicing.me)发表于 2025-05-30 21:20:34
    love 0

    K3s 作为轻量级 Kubernetes 发行版,以其高效、简洁的特性深受开发者与运维人员喜爱。但手动升级 K3s 集群可能是个繁琐的任务,幸好有 System Upgrade Controller!这个工具能让你的 K3s 集群实现自动化、无宕机升级,省时又省心。本文将带你了解 System Upgrade Controller 的魅力,并提供简洁的部署步骤,让你的集群管理更轻松!

    主要用于升级 k3s 集群节点上的服务,不仅仅局限于 k3s 服务本身。

    简介

    System Upgrade Controller 是 Rancher 开发的一个自动化升级工具。它通过 Kubernetes 原生资源(如 Plan)管理节点和 K3s 版本的升级,核心优势包括:

    • 自动化:一键配置,自动完成 K3s 版本升级
    • 零宕机:逐节点升级,确保服务不中断
    • 灵活性:支持自定义升级策略,适配各种集群规模
    • 轻量高效:与 K3s 的低资源占用理念完美契合

    如果你想让 K3s 集群保持最新或者减少运维负担,绝对值得一试!

    项目地址:

    • https://github.com/rancher/system-upgrade-controller

    在 K3s 上部署

    以下是快速部署 System Upgrade Controller 的步骤,简单易上手

    kubectl apply -f https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml
    

    或者

    kubectl apply -k github.com/rancher/system-upgrade-controller
    

    服务控制器默认会部署到 system-upgrade 命名空间下

    kubectl get deploy -n system-upgrade
    NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
    system-upgrade-controller   1/1     1            1           335d
    

    使用场景

    常见使用如下,由于权限极高,操作时需要确保重复执行没影响。

    • 升级 k3s 本身
    • 升级 k3s 集群节点服务

    升级 k3s 服务

    由于我现在的环境特殊,只有一个 master 节点,每次跨版本升级 master 节点都是先手动升级到最新版本,然后在使用下面的命令升级计算节点。(保障至少 1 个控制节点版本是最新的)

    ---
    apiVersion: v1
    kind: Secret
    metadata:
      name: k3s1306
      namespace: system-upgrade
    type: Opaque
    stringData:
      upgrade.sh: |
        #!/bin/bash
    
        set -x
    
        binfile=$(command -v k3s)
    
        $binfile -v | grep "v1.30.6" && (
          echo "done"
          exit 0
        ) || (
          wget https://c.ysicing.net/oss/tiga/linux/amd64/k3s
          chmod +x k3s
          mv k3s $binfile && systemctl restart k3s
        )
    ---
    apiVersion: upgrade.cattle.io/v1
    kind: Plan
    metadata:
      name: k3s1306
      namespace: system-upgrade
    spec:
      concurrency: 3
      nodeSelector:
        matchExpressions:
          - {key: kubernetes.io/os, operator: Exists}
      tolerations:
      - {operator: Exists}
      serviceAccountName: system-upgrade
      secrets:
        - name: k3s1306
          path: /host/run/system-upgrade/secrets/k3s1306
      cordon: false
      version: latest
      upgrade:
        image: hub.ysicing.net/ysicing/debian-upgrade:20230909
        command: ["chroot", "/host"]
        args: ["sh", "/run/system-upgrade/secrets/k3s1306/upgrade.sh"]
    

    想了解更多官方的姿势,可以参考

    • k3s-io/k3s-upgrade
    • examples/k3s-upgrade.yaml

    升级集群服务

    • 升级 tailscale 服务
    ---
    apiVersion: v1
    kind: Secret
    metadata:
      name: ts-script
      namespace: system-upgrade
    type: Opaque
    stringData:
      upgrade.sh: |
        #!/bin/bash
    
        set -x
        if tailscale version 2>/dev/null | grep -q "1.82.5"; then
            echo "Tailscale 1.82.5 already installed"
            exit 0
        fi
        export DEBIAN_FRONTEND=noninteractive
        apt-get update -qq
        apt-get install -y --no-install-recommends tailscale
    ---
    apiVersion: upgrade.cattle.io/v1
    kind: Plan
    metadata:
      name: ts1825
      namespace: system-upgrade
    spec:
      concurrency: 1
      nodeSelector:
        matchExpressions:
          - {key: kubernetes.io/os, operator: Exists}
      tolerations:
      - {operator: Exists}
      serviceAccountName: system-upgrade
      secrets:
        - name: ts-script
          path: /host/run/system-upgrade/secrets/ts-script
      cordon: false
      version: latest
      upgrade:
        image: hub.ysicing.net/ysicing/debian-upgrade:20230909
        command: ["chroot", "/host"]
        args: ["sh", "/run/system-upgrade/secrets/ts-script/upgrade.sh"]
    
    • 升级 easytier
    ---
    apiVersion: v1
    kind: Secret
    metadata:
      name: debian
      namespace: system-upgrade
    type: Opaque
    stringData:
      upgrade.sh: |
        #!/bin/sh
        set -e
        if easytier-core -V 2>/dev/null | grep -q "2.2.4"; then
            echo "easytier 2.2.4 already installed"
            exit 0
        fi
        apt-get --assume-yes update
        DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade --assume-yes
        curl https://c.ysicing.net/oss/scripts/easytier.sh | bash
    ---
    apiVersion: upgrade.cattle.io/v1
    kind: Plan
    metadata:
      name: debian-25021514
      namespace: system-upgrade
    spec:
      concurrency: 3
      nodeSelector:
        matchExpressions:
          - {key: kubernetes.io/os, operator: Exists}
      tolerations:
      - {operator: Exists}
      serviceAccountName: system-upgrade
      secrets:
        - name: debian
          path: /host/run/system-upgrade/secrets/debian
      cordon: false
      version: latest
      upgrade:
        image: ysicing/debian
        command: ["chroot", "/host"]
        args: ["sh", "/run/system-upgrade/secrets/debian/upgrade.sh"]
    

    通过上面 3 个例子,其实就是帮你去每个节点执行相关脚本,如果你有大量类似的重复的工作,System Upgrade Controller 就是个绝佳的运维工具,它让版本管理变得简单、高效、无忧,显著提升你的运维体验。


    欢迎关注,可以看看我郑再打工每天都在折腾什么。



沪ICP备19023445号-2号
友情链接