发行说明
本产品推出了新版本。
简体中文版经机器翻译而成,仅供参考。如与英语版出现任何冲突,应以英语版为准。
升级 Astra 控制中心
贡献者
建议更改
PDF
要升级 Astra 控制中心,请从 NetApp 支持站点下载安装包,然后按照以下说明升级环境中的 Astra 控制中心组件。您可以使用此操作步骤在互联网连接或通风环境中升级 Astra 控制中心。
您需要的内容
-
确保所有集群操作员均处于运行状况良好且可用。
OpenShift 示例:
oc get clusteroperators
-
确保所有 API 服务均处于运行状况良好且可用。
OpenShift 示例:
oc get apiservices
-
从 Astra 控制中心注销。
关于此任务
Astra 控制中心升级过程将指导您完成以下高级步骤:
|
请勿在整个升级过程中执行以下命令以避免删除所有 Astra 控制中心 Pod : kubectl delete -f Astra_control_center_operator_deploy.yaml
|
|
如果计划,备份和快照未运行,请在维护窗口中执行升级。 |
|
如果您使用的是 Red Hat 的 Podman 而不是 Docker 引擎,则可以使用 Podman 命令代替 Docker 命令。 |
下载 Astra Control Center 捆绑包
-
从下载 Astra Control Center 升级包(
Astra-control-center-[version].tar.gz) "NetApp 支持站点"。 -
(可选)使用以下命令验证捆绑包的签名:
openssl dgst -sha256 -verify astra-control-center[version].pub -signature <astra-control-center[version].sig astra-control-center[version].tar.gz
打开软件包的包装并更改目录
-
提取映像:
tar -vxzf astra-control-center-[version].tar.gz
-
更改为 Astra 目录。
cd astra-control-center-[version]
将映像添加到本地注册表
-
将 Astra Control Center 映像目录中的文件添加到本地注册表中。
有关自动加载映像的信息,请参见下面的示例脚本。 -
登录到 Docker 注册表:
docker login [your_registry_path]
-
将映像加载到 Docker 中。
-
标记图像。
-
[substep_image_local_registry_push]] 将映像推送到本地注册表。
export REGISTRY=[your_registry_path] for astraImageFile in $(ls images/*.tar) # Load to local cache. And store the name of the loaded image trimming the 'Loaded images: ' do astraImage=$(docker load --input ${astraImageFile} | sed 's/Loaded image: //') astraImage=$(echo ${astraImage} | sed 's!localhost/!!') # Tag with local image repo. docker tag ${astraImage} ${REGISTRY}/${astraImage} # Push to the local repo. docker push ${REGISTRY}/${astraImage} done
-
安装更新后的 Astra 控制中心操作员
-
编辑 Astra 控制中心操作员部署 YAML (
Astra_control_center_operator_deploy.yaml)以参考您的本地注册表和机密。vim astra_control_center_operator_deploy.yaml
apiVersion: apps/v1 kind: Deployment metadata: labels: control-plane: controller-manager name: acc-operator-controller-manager namespace: netapp-acc-operator spec: replicas: 1 selector: matchLabels: control-plane: controller-manager template: metadata: labels: control-plane: controller-manager spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=10 image: [your_registry_path]/kube-rbac-proxy:v4.8.0 name: kube-rbac-proxy ports: - containerPort: 8443 name: https - args: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 - --leader-elect command: - /manager env: - name: ACCOP_LOG_LEVEL value: "2" image: [your_registry_path]/acc-operator:[version x.y.z] imagePullPolicy: IfNotPresent imagePullSecrets: [] -
安装更新后的 Astra 控制中心操作员:
kubectl apply -f astra_control_center_operator_deploy.yaml
响应示例:
namespace/netapp-acc-operator unchanged customresourcedefinition.apiextensions.k8s.io/astracontrolcenters.astra.netapp.io configured role.rbac.authorization.k8s.io/acc-operator-leader-election-role unchanged clusterrole.rbac.authorization.k8s.io/acc-operator-manager-role configured clusterrole.rbac.authorization.k8s.io/acc-operator-metrics-reader unchanged clusterrole.rbac.authorization.k8s.io/acc-operator-proxy-role unchanged rolebinding.rbac.authorization.k8s.io/acc-operator-leader-election-rolebinding unchanged clusterrolebinding.rbac.authorization.k8s.io/acc-operator-manager-rolebinding configured clusterrolebinding.rbac.authorization.k8s.io/acc-operator-proxy-rolebinding unchanged configmap/acc-operator-manager-config unchanged service/acc-operator-controller-manager-metrics-service unchanged deployment.apps/acc-operator-controller-manager configured
升级 Astra 控制中心
-
编辑 Astra Control Center 自定义资源( CR )并将 Astra 版本(
AstraVersionInsideofSPec)号更改为最新版本:kubectl edit acc -n [netapp-acc or custom namespace]
只有在升级 Astra 控制中心时才需要更改 Astra 版本。注册表路径必须与中推送映像的注册表路径匹配 上一步。 -
验证 Pod 是否终止并重新可用:
watch kubectl get pods -n [netapp-acc or custom namespace]
-
验证是否已成功升级所有系统组件。
kubectl get pods -n [netapp-acc or custom namespace]
每个 POD 的状态应为
running和age,这是最新的。部署系统 Pod 可能需要几分钟的时间。响应示例:
NAME READY STATUS RESTARTS AGE acc-helm-repo-5f75c5f564-bzqmt 1/1 Running 0 11m activity-6b8f7cccb9-mlrn4 1/1 Running 0 9m2s api-token-authentication-6hznt 1/1 Running 0 8m50s api-token-authentication-qpfgb 1/1 Running 0 8m50s api-token-authentication-sqnb7 1/1 Running 0 8m50s asup-5578bbdd57-dxkbp 1/1 Running 0 9m3s authentication-56bff4f95d-mspmq 1/1 Running 0 7m31s bucketservice-6f7968b95d-9rrrl 1/1 Running 0 8m36s cert-manager-5f6cf4bc4b-82khn 1/1 Running 0 6m19s cert-manager-cainjector-76cf976458-sdrbc 1/1 Running 0 6m19s cert-manager-webhook-5b7896bfd8-2n45j 1/1 Running 0 6m19s cloud-extension-749d9f684c-8bdhq 1/1 Running 0 9m6s cloud-insights-service-7d58687d9-h5tzw 1/1 Running 2 8m56s composite-compute-968c79cb5-nv7l4 1/1 Running 0 9m11s composite-volume-7687569985-jg9gg 1/1 Running 0 8m33s credentials-5c9b75f4d6-nx9cz 1/1 Running 0 8m42s entitlement-6c96fd8b78-zt7f8 1/1 Running 0 8m28s features-5f7bfc9f68-gsjnl 1/1 Running 0 8m57s fluent-bit-ds-h88p7 1/1 Running 0 7m22s fluent-bit-ds-krhnj 1/1 Running 0 7m23s fluent-bit-ds-l5bjj 1/1 Running 0 7m22s fluent-bit-ds-lrclb 1/1 Running 0 7m23s fluent-bit-ds-s5t4n 1/1 Running 0 7m23s fluent-bit-ds-zpr6v 1/1 Running 0 7m22s graphql-server-5f5976f4bd-vbb4z 1/1 Running 0 7m13s identity-56f78b8f9f-8h9p9 1/1 Running 0 8m29s influxdb2-0 1/1 Running 0 11m krakend-6f8d995b4d-5khkl 1/1 Running 0 7m7s license-5b5db87c97-jmxzc 1/1 Running 0 9m login-ui-57b57c74b8-6xtv7 1/1 Running 0 7m10s loki-0 1/1 Running 0 11m monitoring-operator-9dbc9c76d-8znck 2/2 Running 0 7m33s nats-0 1/1 Running 0 11m nats-1 1/1 Running 0 10m nats-2 1/1 Running 0 10m nautilus-6b9d88bc86-h8kfb 1/1 Running 0 8m6s nautilus-6b9d88bc86-vn68r 1/1 Running 0 8m35s openapi-b87d77dd8-5dz9h 1/1 Running 0 9m7s polaris-consul-consul-5ljfb 1/1 Running 0 11m polaris-consul-consul-s5d5z 1/1 Running 0 11m polaris-consul-consul-server-0 1/1 Running 0 11m polaris-consul-consul-server-1 1/1 Running 0 11m polaris-consul-consul-server-2 1/1 Running 0 11m polaris-consul-consul-twmpq 1/1 Running 0 11m polaris-mongodb-0 2/2 Running 0 11m polaris-mongodb-1 2/2 Running 0 10m polaris-mongodb-2 2/2 Running 0 10m polaris-ui-84dc87847f-zrg8w 1/1 Running 0 7m12s polaris-vault-0 1/1 Running 0 11m polaris-vault-1 1/1 Running 0 11m polaris-vault-2 1/1 Running 0 11m public-metrics-657698b66f-67pgt 1/1 Running 0 8m47s storage-backend-metrics-6848b9fd87-w7x8r 1/1 Running 0 8m39s storage-provider-5ff5868cd5-r9hj7 1/1 Running 0 8m45s telegraf-ds-dw4hg 1/1 Running 0 7m23s telegraf-ds-k92gn 1/1 Running 0 7m23s telegraf-ds-mmxjl 1/1 Running 0 7m23s telegraf-ds-nhs8s 1/1 Running 0 7m23s telegraf-ds-rj7lw 1/1 Running 0 7m23s telegraf-ds-tqrkb 1/1 Running 0 7m23s telegraf-rs-9mwgj 1/1 Running 0 7m23s telemetry-service-56c49d689b-ffrzx 1/1 Running 0 8m42s tenancy-767c77fb9d-g9ctv 1/1 Running 0 8m52s traefik-5857d87f85-7pmx8 1/1 Running 0 6m49s traefik-5857d87f85-cpxgv 1/1 Running 0 5m34s traefik-5857d87f85-lvmlb 1/1 Running 0 4m33s traefik-5857d87f85-t2xlk 1/1 Running 0 4m33s traefik-5857d87f85-v9wpf 1/1 Running 0 7m3s trident-svc-595f84dd78-zb8l6 1/1 Running 0 8m54s vault-controller-86c94fbf4f-krttq 1/1 Running 0 9m24s
-
验证 Astra 状态条件是否指示升级已完成且已准备就绪:
kubectl get -o yaml -n [netapp-acc or custom namespace] astracontrolcenters.astra.netapp.io astra
响应:
conditions: - lastTransitionTime: "2021-10-25T18:49:26Z" message: Astra is deployed reason: Complete status: "True" type: Ready - lastTransitionTime: "2021-10-25T18:49:26Z" message: Upgrading succeeded. reason: Complete status: "False" type: Upgrading
升级第三方服务
在先前的升级步骤中,不会升级第三方服务 Traefik 和 Cert-manager 。您可以选择使用此处所述的操作步骤对其进行升级,也可以在系统需要时保留现有服务版本。以下是建议的 Traefik 和 Cert-manager 升级顺序:
设置 Acc-hel-repo 以升级 Traefik 和 Cert-manager
-
找到加载到本地 Docker 缓存的
enterprise-hel-repo:docker images enterprise-helm-repo
响应:
REPOSITORY TAG IMAGE ID CREATED SIZE enterprise-helm-repo 21.10.218 7a182d6b30f3 20 hours ago 464MB
-
使用上一步中的标记启动容器:
docker run -dp 8082:8080 enterprise-helm-repo:21.10.218
响应:
940436e67fa86d2c4559ac4987b96bb35588313c2c9ddc9cec195651963f08d8
-
将 Helm repo 添加到本地主机存储库:
helm repo add acc-helm-repo http://localhost:8082/
响应:
"acc-helm-repo" has been added to your repositories
-
将以下 Python 脚本另存为文件,例如
set_previous values:
此 Python 脚本会创建两个文件,供后续升级步骤使用,以保留 Helm 值。 #!/usr/bin/env python3 import json import os NAMESPACE = "netapp-acc" os.system(f"helm get values traefik -n {NAMESPACE} -o json > traefik_values.json") os.system(f"helm get values cert-manager -n {NAMESPACE} -o json > cert_manager_values.json") # reformat traefik values f = open("traefik_values.json", "r") traefik_values = {'traefik': json.load(f)} f.close() with open('traefik_values.json', 'w') as output_file: json.dump(traefik_values, output_file) # reformat cert-manager values f = open("cert_manager_values.json", "r") cm_values = {'cert-manager': json.load(f)} f.close() cm_values['global'] = cm_values['cert-manager']['global'] del cm_values['cert-manager']['global'] with open('cert_manager_values.json', 'w') as output_file: json.dump(cm_values, output_file) print('Done') -
运行脚本:
python3.7 ./set_previous_values.py
使用 Acc-hel-repo 更新 Traefik 服务
|
|
您必须已拥有 设置 ac-hel-repo 完成以下操作步骤之前。 |
-
使用安全的文件传输工具下载 Traefik 捆绑包,例如 GNU wget :
wget http://localhost:8082/traefik-0.2.0.tgz
-
提取映像:
tar -vxzf traefik-0.2.0.tgz
-
应用 Traefik CRD :
kubectl apply -f ./traefik/charts/traefik/crds/
-
查找要用于升级后的 Traefik 的 Helm 图表版本:
helm search repo acc-helm-repo/traefik
响应:
NAME CHART VERSION APP VERSION DESCRIPTION acc-helm-repo/traefik 0.2.0 2.5.3 Helm chart for Traefik Ingress controller acc-helm-repo/traefik-ingressroutes 0.2.0 2.5.3 A Helm chart for Kubernetes
-
验证要升级的 traefik_values.json 文件:
-
打开 traefik_values.json 文件。
-
检查
imagePullSecret字段是否有值。如果为空,请从文件中删除以下文本:"imagePullSecrets": [{"name": ""}], -
确保已将 traefik 映像定向到正确的位置并具有正确的名称:
image: [your_registry_path]/traefik
-
-
升级 Traefik 配置:
helm upgrade --version 0.2.0 --namespace netapp-acc -f traefik_values.json traefik acc-helm-repo/traefik
响应:
Release "traefik" has been upgraded. Happy Helming! NAME: traefik LAST DEPLOYED: Mon Oct 25 22:53:19 2021 NAMESPACE: netapp-acc STATUS: deployed REVISION: 2 TEST SUITE: None
更新证书管理器服务
|
|
您必须已完成 Traefik 更新 和 在 Helm 中添加了 act-helm-repo 完成以下操作步骤之前。 |
-
查找要与升级后的证书管理器结合使用的 Helm 图表版本:
helm search repo acc-helm-repo/cert-manager
响应:
NAME CHART VERSION APP VERSION DESCRIPTION acc-helm-repo/cert-manager 0.3.0 v1.5.4 A Helm chart for cert-manager acc-helm-repo/cert-manager-certificates 0.1.0 1.16.0 A Helm chart for Kubernetes
-
验证用于升级的 cert_manager_values.json 文件:
-
打开 cert_manager_values.json 文件。
-
检查
imagePullSecret字段是否有值。如果为空,请从文件中删除以下文本:"imagePullSecrets": [{"name": ""}], -
确保三个证书管理器映像定向到正确的位置并具有正确的名称。
-
-
升级证书管理器配置:
helm upgrade --version 0.3.0 --namespace netapp-acc -f cert_manager_values.json cert-manager acc-helm-repo/cert-manager
响应:
Release "cert-manager" has been upgraded. Happy Helming! NAME: cert-manager LAST DEPLOYED: Tue Nov 23 11:20:05 2021 NAMESPACE: netapp-acc STATUS: deployed REVISION: 2 TEST SUITE: None
验证系统状态
-
登录到 Astra 控制中心。
-
验证所有受管集群和应用程序是否仍存在并受到保护。