cka06 cluster maintenance 정리한 것

이 글은 udemy의 <Certified Kubernetes Administrator (CKA) with Practice Tests > 강의를 들으며 자격증 공부 목적으로 내용을 정리한 글입니다. 

https://www.udemy.com/course/certified-kubernetes-administrator-with-practice-tests

Certified Kubernetes Administrator (CKA) Practice Exam Tests

 

[OS Upgrade]

-if the node was down for more than 5 minutes, then the pods are terminated from that node

-if the pods where part of a replicaset then they are recreated on other nodes

-pod eviction timeout: the time it waits for  a pod to come back online 

-when the node comes back online after the pod eviction timeout, it comes up blank without any pods scheduled on it. Since the blue pod was part of a replicaset, it had a new pod created on another node

kubectl drain node-1

-you can purposefully drain the node of all the workloads so that the workloads are moved to other nodes in the cluster

-when you drain the node, the pods are gracefully terminated from the node that they're on and recreated on another

-the node is also cordoned or marked as unschedulable, meaning no pods can be scheduled on this node until you specifically remove the restriction

-now that the pods are safe on the other nodes, you can reboot the first node

-when it comes back online, it is still unschedulable

kubectl uncordon node-1

-you then need to uncordon it, so that pods can be schdules on it again

kubectl cordon node-2

-cordon marks a node unschedulable. Unlike drain, it does not terminate or move the pods on an existing node

-It simply makes sure that new pods  are not scheduled on that node

 

[K8s software versions]

v1.11.3

1	Major version
11	Minor version	-Features -Functionalities
3	Patch version	bug fixes

-Every few months, It comes out with new features and functionalities though a minor release

 

[Cluster Upgrade Process]

-None of  the other components should be at a version higher than Kube APIServer

<Upgrading a cluster involves two major steps>

1)you upgrade you master

2)and then upgrade the worker node

-while the master is being upgraded, the control plane components such as the API server, Scheduler, Controller managers go down briefly

-The master going down does not mean work or nodes and applications on the cluster are impacted

-All workloads hosted on the worker nodes continue to serve users as normal

-However, you cannot deploy new applications or delete or modify it. 

-If a power was to fail, a new pod won't be automatically created

-Once the upgrade is complete and cluster is back up, it should function normally

upgrade worker node

**first strategy

-One is to upgrade all of them at once, but then your pods are down and users are no longer able to

access the applications

-Once the upgrade is complete, the notes are back up, new pods are scheduled and users can resume access

**second strategy

-Once the first node is upgraded and back up with an update, the second node where the workloads move

to the first and third node.

-And finally, the third node where the workloads are shared between the first two, until we have all

nodes upgraded to a newer version

**third strategy

-to add new nodes to the cluster nodes with newer software version

 

<kubeadm>

kubeadm upgrade plan

- cluster upgrade using above command

-  it will give you a lot of good information. The current cluster version, the be tooele version, the latest table version of commonalties.

-Then it lists all the control plane components and their versions and what version these can be upgraded

to

-It also tells you that after we upgrade the control plane components, you must manually upgrade the Kubelet version on each node

- Finally, it gives you the command to upgrade the cluster.

 

apt-get upgrade -y kubeadm=1.12.0-00
kubeadm upgrade apply v1.12.0

-If you run the cube control get nodes command, you will still see the master node at one point eleven.

-This is because in the output of this command  is showing the versions of Kubelet on each of these

nodes registered with the API server and not the version of the API server itself.

-so you also have to upgrade kubelet

kubectl drain node-1

-The control drain command lets you safely terminate all the pods from a node and reschedules them on the other nodes.

-It also corden's the node and marks it unredeemable. That way, no new ports are scheduled on it

kubectl uncordon node-1

-However, when we drain the node, we actually marked it on schedule, so we need to unmask it by running

the command control

 

[Backup and Restore methods]

-ECTD

ETCDCTL_API=3 etcdctl \
   snapshot save snapshot.db

status

ETCD_API=3 etcdctl \
    snapshot status snapshot.db

restore

ETCDCTL_API=3 etcdctl \
   sanpshot restore snapshot.db \
   --data-dir /var/lib/etcd-from-backup
   
service kube-apiserver stop

#etcd.service
--data-dir=/var/lib/etcd-from-backup

systemctl daemon-reload
service etcd restart

all etcd file need 

• endpoints
• cacert
• cert
• key