karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
karmada/docs/upgrading/v0.10-v1.0.md

3.0 KiB
Raw Blame History

v0.10 to v1.0

Follow the Regular Upgrading Process.

Upgrading Notable Changes

APIChanges

Previously, we used CRD to extend the Cluster API, however, in the version v1.0, we change to use API Aggregation(AA) to extend the Cluster API.

Based on the above change, perform the following operations during the upgrade:

  1. Chang the replicas of karmada-apiserver to 0.

  2. Operate etcd to delete cluster crd data.

    etcdctl --cert="/etc/kubernetes/pki/etcd/karmada.crt" --key="/etc/kubernetes/pki/etcd/karmada.key" --cacert="/etc/kubernetes/pki/etcd/server-ca.crt" del /registry/apiextensions.k8s.io/customresourcedefinitions/clusters.cluster.karmada.io

  3. To avoid CA Reusage and Conflicts, create CA signer and sign a certificate to enable the aggregation layer.

    Update karmada-cert-secret secret in karmada-system namespace:

    apiVersion: v1
kind: Secret
metadata:
  name: karmada-cert-secret
  namespace: karmada-system
type: Opaque
data:
  ...
+  front-proxy-ca.crt: |
+    {{front_proxy_ca_crt}}
+  front-proxy-client.crt: |
+    {{front_proxy_client_crt}}
+  front-proxy-client.key: |
+    {{front_proxy_client_key}}

    And update karmada-apiserver deployment's container commend:

    -            - --proxy-client-cert-file=/etc/kubernetes/pki/karmada.crt
-            - --proxy-client-key-file=/etc/kubernetes/pki/karmada.key
+            - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
+            - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
-            - --requestheader-client-ca-file=/etc/kubernetes/pki/server-ca.crt
+            - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt

    After the updation, restore the replicas of karmada-apiserver instances.

  4. Deploy karmada-aggregated-apiserver:

    make image-karmada-aggregated-apiserver

kubectl --kubeconfig /root/.kube/karmada.config --context karmada-host apply -f artifacts/deploy/karmada-aggregated-apiserver.yaml

kubectl --kubeconfig /root/.kube/karmada.config --context karmada-apiserver apply -f artifacts/deploy/apiservice.yaml

###karmada-agent

Due to add unfied auth controller, we need to apply karmada-agent ClusterRole:

kubectl apply -f artifacts/agent/clusterrole.yaml

Other

If you need to use MCS feature, we need to upgrade the version of member cluster's kube-apiserver to v1.21.x. For details about the upgrade reasons, see comment.