Kubernetes版本不断迭代中,Kubernetes API 也一直在变化。随着这些更改的出现,API 的某些部分被弃用并最终被删除。为了能够保持最新的 Kubernetes 集群版本,我们必须识别不推荐使用的 API 并更新它们。在实际环境中,我们已经将资源部署到Kubernetes集群中,并希望API版本保持为最新,以便我们可以安全的升级Kubernetes版本到最新稳定版。然而问题来了?我们如何发现已弃用和即将删除的API版本资源呢?该问题的一个答案是查看官方弃用文档,并检查在即将到来的Kubernetes更新中将删除的API资源版本。然后,最重要的是如果我们跳过多个版本,我们将不得不对当前Kubernetes版本和目标版本之间的所有版本重复此检查。在具有数十种资源类型和版本的大型集群中,这可能变得乏味且容易出错。幸运的是,FairwindOps 的pluto等工具可帮助我们发现已弃用和即将删除的资源 API 版本。
Kubernetes指定了一个弃用策略,它定义了如果API的某些部分被弃用意味着什么?本质上意味着Kubernetes API服务器的相关端点被标记为删除并最后被删除,由于API服务器管理资源生命周期,因此使用已删除API版本的资源将组织该资源的部署。因此,如果我们未能更新我们的资源API版本,我们要么会被一个过时的Kubernetes版本卡住;要么更新到新的Kubernetes版本将阻止某些资源的部署。两者都是不受欢迎的状态,因此我们要么:
# 案例采用的系统版本是Centos 7.4
$ cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
$ wget https://github.com/FairwindsOps/pluto/releases/download/v5.18.1/pluto_5.18.1_linux_amd64.tar.gz
$ tar zxf pluto_5.18.1_linux_amd64.tar.gz
$ mv pluto /usr/local/bin/
$ wget https://github.com/FairwindsOps/pluto/archive/refs/heads/master.zip
$ unzip master.zip
$ pluto detect-files -d pluto-master/pkg/finder/testdata/
NAME KIND VERSION REPLACEMENT REMOVED DEPRECATED REPL AVAIL
utilities Deployment extensions/v1beta1 apps/v1 true true true
utilities Deployment extensions/v1beta1 apps/v1 true true true
Want more? Automate Pluto for free with Fairwinds Insights!
🚀 https://fairwinds.com/insights-signup/pluto 🚀
说明:我们的目录中有两个文件已弃用 apiVersions。这需要在 1.16 升级之前修复。
$ pluto detect-helm -owide
NAME NAMESPACE KIND VERSION REPLACEMENT DEPRECATED DEPRECATED IN REMOVED REMOVED IN
cert-manager/cert-manager-webhook cert-manager MutatingWebhookConfiguration admissionregistration.k8s.io/v1beta1 admissionregistration.k8s.io/v1 true v1.16.0 false v1.19.0
说明:StatefulSetaudit-dashboard-prod-rabbitmq-ha 是与 apps/v1beta1 一起部署的,该版本在 1.16 中已弃用 如果您想查看单个命名空间的信息,可以传递 --namespace 或 -n 标志来限制输出。
$ pluto detect-helm -n cert-manager -owide
NAME NAMESPACE KIND VERSION REPLACEMENT DEPRECATED DEPRECATED IN REMOVED REMOVED IN
cert-manager/cert-manager-webhook cert-manager MutatingWebhookConfiguration admissionregistration.k8s.io/v1beta1 admissionregistration.k8s.io/v1 true v1.16.0 false v1.19.0
helm template e2e/tests/assets/helm3chart | pluto detect -
KIND VERSION DEPRECATED DEPRECATED IN RESOURCE NAME
Deployment extensions/v1beta1 true v1.16.0 RELEASE-NAME-helm3chart-v1beta1
$ pluto detect-api-resources -owide
NAME NAMESPACE KIND VERSION REPLACEMENT DEPRECATED DEPRECATED IN REMOVED REMOVED IN REPL AVAIL REPL AVAIL IN
alicloud-monitor-controller kube-system Deployment extensions/v1beta1 apps/v1 true v1.9.0 true v1.16.0 true v1.9.0
aliyun-acr-credential-helper kube-system Deployment apps/v1beta2 apps/v1 true v1.9.0 true v1.16.0 true v1.9.0
heapster kube-system Deployment extensions/v1beta1 apps/v1 true v1.9.0 true v1.16.0 true v1.9.0
$ pluto detect-all-in-cluster -o wide 2>/dev/null
NAME NAMESPACE KIND VERSION REPLACEMENT DEPRECATED DEPRECATED IN REMOVED REMOVED IN
testing/viahelm viahelm Ingress networking.k8s.io/v1beta1 networking.k8s.io/v1 true v1.19.0 true v1.22.0
webapp default Ingress networking.k8s.io/v1beta1 networking.k8s.io/v1 true v1.19.0 true v1.22.0
eks.privileged <UNKNOWN> PodSecurityPolicy policy/v1beta1 true v1.21.0 false v1.25.0
wide输出提供了有关 apiVersion 何时被删除或弃用的更多信息。
$ pluto detect-helm -owide
NAME NAMESPACE KIND VERSION REPLACEMENT DEPRECATED DEPRECATED IN REMOVED REMOVED IN
cert-manager/cert-manager-webhook cert-manager MutatingWebhookConfiguration admissionregistration.k8s.io/v1beta1 admissionregistration.k8s.io/v1 true v1.16.0 false v1.19.0
$ pluto detect-helm -ojson | jq .
{
"items": [
{
"name": "cert-manager/cert-manager-webhook",
"namespace": "cert-manager",
"api": {
"version": "admissionregistration.k8s.io/v1beta1",
"kind": "MutatingWebhookConfiguration",
"deprecated-in": "v1.16.0",
"removed-in": "v1.19.0",
"replacement-api": "admissionregistration.k8s.io/v1",
"component": "k8s"
},
"deprecated": true,
"removed": false
}
],
"target-versions": {
"cert-manager": "v0.15.1",
"istio": "v1.6.0",
"k8s": "v1.16.0"
}
}
items:
- name: cert-manager/cert-manager-webhook
namespace: cert-manager
api:
version: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
deprecated-in: v1.16.0
removed-in: v1.19.0
replacement-api: admissionregistration.k8s.io/v1
component: k8s
deprecated: true
removed: false
target-versions:
cert-manager: v0.15.1
istio: v1.6.0
k8s: v1.16.0
$ pluto detect-helm -ocustom --columns NAMESPACE,NAME
NAME NAMESPACE
cert-manager/cert-manager-webhook cert-manager
$ pluto detect-files -o markdown
| NAME | NAMESPACE | KIND | VERSION | REPLACEMENT | DEPRECATED | DEPRECATED IN | REMOVED | REMOVED IN |
|-----------|----------------|------------|--------------------|-------------|------------|---------------|---------|------------|
| utilities | <UNKNOWN> | Deployment | extensions/v1beta1 | apps/v1 | true | v1.9.0 | true | v1.16.0 |
| utilities | json-namespace | Deployment | extensions/v1beta1 | apps/v1 | true | v1.9.0 | true | v1.16.0 |
| utilities | yaml-namespace | Deployment | extensions/v1beta1 | apps/v1 | true | v1.9.0 | true | v1.16.0 |
$ pluto detect-helm -o csv
NAME,NAMESPACE,KIND,VERSION,REPLACEMENT,DEPRECATED,DEPRECATED IN,REMOVED,REMOVED IN
deploy1,pluto-namespace,Deployment,extensions/v1beta1,apps/v1,true,v1.9.0,true,v1.16.0
deploy1,other-namespace,Deployment,extensions/v1beta1,apps/v1,true,v1.9.0,true,v1.16.0