LTS

    Innovation Version

      Usage Instructions

      Precautions

      1. KubeOS upgrades the container OS in an atomic manner, where all software packages are upgraded at the same time. By default, single-package upgrade is not supported.
      2. KubeOS supports container OSs with two partitions. Partitions more than two are not supported.
      3. You can view the upgrade logs of a single node in the /var/log/messages file on the node.
      4. Strictly follow the upgrade and rollback procedures described in this document. If the steps are performed in a wrong sequence, the system may fail to be upgraded or rolled back.
      5. Upgrade using a Docker image and mTLS two-way authentication are supported only in openEuler 22.09 or later.
      6. Cross-major version upgrade is not supported.

      Upgrade

      Create a custom object of the OS type in the cluster and set the corresponding fields. The OS type comes from the CRD object created in the installation and deployment sections. The following table describes the fields.

      ParameterTypeDescriptionHow to UseMandatory (Yes/No)
      imagetypestringType of the upgrade imageThe value must be docker or disk. Other values are invalid. This parameter is valid only in upgrade scenarios.Yes
      opstypestringOperation, that is, upgrade or rollbackThe value must be upgrade or rollback. Other values are invalid.Yes
      osversionstringOS version of the image used for upgrade or rollbackThe value must be a KubeOS version, for example, KubeOS 1.0.0.Yes
      maxunavailableintNumber of nodes to be upgraded or rolled back at the same timeIf the value of maxunavailable is greater than the actual number of nodes in the cluster, the deployment can be performed. The upgrade or rollback is performed based on the actual number of nodes in the cluster.Yes
      dockerimagestringDocker image used for upgradeThe value must be in the repository/name:tag format. This parameter is valid only when the Docker image is used for upgrade.Yes
      imageurlstringAddress of the disk image used for the upgradeimageurl contains the protocol and only HTTP or HTTPS is supported. For example, https://192.168.122.15/update.img is valid only when a disk image is used for upgrade.Yes
      checksumstringChecksum (SHA-256) value for disk image verification during the upgrade.This parameter is valid only when a disk image is used for upgrade.Yes
      flagSafeboolWhether imageurl specifies a secure HTTP addressThe value must be true or false. This parameter is valid only when imageurl specifies an HTTP address.Yes
      mtlsboolWhether HTTPS two-way authentication is used for the connection to the imageurl address.The value must be true or false. This parameter is valid only when imageurl specifies an HTTPS address.Yes
      cacertstringRoot certificate file used for HTTPS or HTTPS two-way authenticationThis parameter is valid only when imageurl specifies an HTTPS address.This parameter is mandatory when imageurl specifies an HTTPS address.
      clientcertstringClient certificate file used for HTTPS two-way authenticationThis parameter is valid only when HTTPS two-way authentication is used.This parameter is mandatory when mtls is set to true.
      clientkeystringClient public key used for HTTPS two-way authenticationThis parameter is valid only when HTTPS two-way authentication is used.This parameter is mandatory when mtls is set to true.

      The address specified by imageurl contains the protocol. Only the HTTP or HTTPS protocol is supported. If imageurl is set to an HTTPS address, secure transmission is used. If imageurl is set to an HTTP address, set flagSafe to true, because the image can be downloaded only when the address is secure. If imageurl is set to an HTTP address but flagSafe is not set to true, the address is insecure by default. The image will not be downloaded, and a message is written to the log of the node to be upgraded indicating that the address is insecure.

      You are advised to set imageurl to an HTTPS address. In this case, ensure that the required certificate has been installed on the node to be upgraded. If the image server is maintained by yourself, you need to sign the certificate and ensure that the certificate has been installed on the node to be upgraded. Place the certificate in the /etc/KubeOS/certs directory of KubeOS. The administrator specifies the address and must ensure the security of the address. An intranet address is recommended.

      The container OS image provider must check the validity of the image to ensure that the downloaded container OS image is from a reliable source.

      Compile the YAML file for deploying the OS as a custom resource (CR) instance in the cluster. The following is an example YAML file for deploying the CR instance:

      • Upgrade using a disk image

        apiVersion: upgrade.openeuler.org/v1alpha1
        kind: OS
        metadata:
          name: os-sample
        spec:
          imagetype: disk
          opstype: upgrade
          osversion: edit.os.version
          maxunavailable: edit.node.upgrade.number
          dockerimage: ""
          imageurl: edit.image.url
          checksum: image.checksum
          flagSafe: imageurl.safety
          mtls: imageurl use mtls or not
          cacert:  ca certificate 
          clientcert:  client certificate 
          clientkey:  client certificate key 
        
      • Upgrade using a Docker image

        apiVersion: upgrade.openeuler.org/v1alpha1
        kind: OS
        metadata:
          name: os-sample
        spec:
          imagetype: docker
          opstype: upgrade
          osversion: edit.os.version
          maxunavailable: edit.node.upgrade.number
          dockerimage: dockerimage like repository/name:tag
          imageurl: ""
          checksum: ""
          flagSafe: false
          mtls: true
        

        Before using a Docker image to perform the upgrade, create the image first. For details about how to create a Docker image, see KubeOS Image Creation.

      Assume that the YAML file is upgrade_v1alpha1_os.yaml.

      Check the OS version of the node that is not upgraded.

      kubectl get nodes -o custom-columns='NAME:.metadata.name,OS:.status.nodeInfo.osImage'
      

      Run the following command to deploy the CR instance in the cluster. The node is upgraded based on the configured parameters.

      kubectl apply -f upgrade_v1alpha1_os.yaml
      

      Check the node OS version again to determine whether the node upgrade is complete.

      kubectl get nodes -o custom-columns='NAME:.metadata.name,OS:.status.nodeInfo.osImage'
      

      NOTE:

      If you need to perform the upgrade again, modify the imageurl, osversion, checksum, maxunavailable, flagSafe, or dockerimage parameters in upgrade_v1alpha1_os.yaml.

      Rollback

      Application Scenarios

      • If a node cannot be started, you can only manually roll back the container OS to the previous version that can be properly started.
      • If a node can be started and run the system, you can manually or use KubeOS (similar to the upgrade) to roll back the container OS. You are advised to use KubeOS.

      Manual Rollback

      Manually restart the node and select the second boot option to roll back the container OS. Manual rollback can only roll back the container OS to the version before the upgrade.

      KubeOS-based Rollback

      • Roll back to any version.

        • Modify the YAML configuration file (for example, upgrade_v1alpha1_os.yaml) of the CR instance of the OS and set the corresponding fields to the image information of the target source version. The OS type comes from the CRD object created in the installation and deployment sections. For details about the fields and examples, see the previous section.

        • After the YAML is modified, run the update command. After the custom object is updated in the cluster, the node performs rollback based on the configured field information.

        kubectl apply -f upgrade_v1alpha1_os.yaml
        
      • Roll back to the previous version.

        • Modify the upgrade_v1alpha1_os.yaml file. Set osversion to the previous version and opstype to rollback to roll back to the previous version (that is, switch to the previous partition). Example YAML:
        apiVersion: upgrade.openeuler.org/v1alpha1
        kind: OS
        metadata:
          name: os-sample
        spec:
          imagetype: ""
          opstype: rollback
          osversion: KubeOS pervious version
          maxunavailable: 2
          dockerimage: ""
          imageurl: ""
          checksum: ""
          flagSafe: false
          mtls:true
        
        • After the YAML is modified, run the update command. After the custom object is updated in the cluster, the node performs rollback based on the configured field information.
        kubectl apply -f upgrade_v1alpha1_os.yaml
        

        After the update is complete, the node rolls back the container OS based on the configuration information.

      • Check the OS version of the container on the node to determine whether the rollback is successful.

        kubectl get nodes -o custom-columns='NAME:.metadata.name,OS:.status.nodeInfo.osImage'
        

      Bug Catching

      Buggy Content

      Bug Description

      Submit As Issue

      It's a little complicated....

      I'd like to ask someone.

      PR

      Just a small problem.

      I can fix it online!

      Bug Type
      Specifications and Common Mistakes

      ● Misspellings or punctuation mistakes;

      ● Incorrect links, empty cells, or wrong formats;

      ● Chinese characters in English context;

      ● Minor inconsistencies between the UI and descriptions;

      ● Low writing fluency that does not affect understanding;

      ● Incorrect version numbers, including software package names and version numbers on the UI.

      Usability

      ● Incorrect or missing key steps;

      ● Missing prerequisites or precautions;

      ● Ambiguous figures, tables, or texts;

      ● Unclear logic, such as missing classifications, items, and steps.

      Correctness

      ● Technical principles, function descriptions, or specifications inconsistent with those of the software;

      ● Incorrect schematic or architecture diagrams;

      ● Incorrect commands or command parameters;

      ● Incorrect code;

      ● Commands inconsistent with the functions;

      ● Wrong screenshots.

      Risk Warnings

      ● Lack of risk warnings for operations that may damage the system or important data.

      Content Compliance

      ● Contents that may violate applicable laws and regulations or geo-cultural context-sensitive words and expressions;

      ● Copyright infringement.

      How satisfied are you with this document

      Not satisfied at all
      Very satisfied
      Submit
      Click to create an issue. An issue template will be automatically generated based on your feedback.
      Bug Catching
      编组 3备份