cluster-upgrade-planner — cluster-升级-planner

v1.0.0

Plan Kubernetes cluster 升级s with API deprecation 检查s, 添加on compatibility verification, and 回滚-safe 运行books

0· 8·0 当前·0 累计

by @charlie-morrison

数据与API

使用场景：使用cluster-upgrade-planner — cluster-升级-planner进行数据与API使用cluster-upgrade-planner — cluster-升级-planner

下载技能包

运行时依赖

无特殊依赖

安装命令

点击复制

官方npx clawhub@latest install cluster-upgrade-planner

镜像加速npx clawhub@latest install cluster-upgrade-planner --registry https://cn.longxiaskill.com 镜像可用

本土化适配说明

cluster-upgrade-planner — cluster-升级-planner 安装说明：安装命令：["openclaw skills install cluster-upgrade-planner"]

需要定制？告诉我你的需求 →

技能文档

Cluster 升级 Planner

系统atically plan Kubernetes cluster 升级s by analyzing the current cluster 状态, 检测ing deprecated API usage, 验证ing 添加on and workload compatibility with the tar获取 version, and producing a step-by-step 升级运行book with 回滚 procedures. This 技能预防s 升级失败s caused by unnoticed deprecations, incompatible 控制器s, or workload disruption.

Use when: "plan cluster 升级", "升级 kubernetes", "检查 k8s deprecations", "升级 readiness", "pre-升级检查", "升级运行book"

Commands

preflight --- 检查 compatibility before upgrading

Gather cluster facts and compare them agAInst the tar获取 Kubernetes version to surface blockers.

Step 1 -- Identify current 状态

# Current server and 命令行工具ent versions kubectl version -o yaml 2>/dev/null || kubectl version --short

# Node versions and 状态 kubectl 获取 nodes -o wide

# Control-plane 组件 versions (kubeadm clusters) kubectl -n kube-系统获取 pods -l tier=control-plane -o jsonpath='{range .items[]}{.metadata.name}{"\t"}{.spec.contAIners[0].image}{"\n"}{end}'

Record CURRENT_VERSION (e.g. 1.28) and ask the user for TAR获取_VERSION if not provided.

Step 2 -- 检测 deprecated and 移除d APIs

# 扫描 all manifests stored in the cluster for deprecated APIVersions # Uses kubectl to fetch every resource and 检查 APIVersion fields for API in $(kubectl API-resources --verbs=列出 -o name); do kubectl 获取 "$API" --all-namespaces -o jsonpath='{range .items[]}{.APIVersion}{"\t"}{.kind}{"\t"}{.metadata.namespace}/{.metadata.name}{"\n"}{end}' 2>/dev/null done | 排序 -u > /tmp/cluster-API-usage.txt

# Cross-reference agAInst known removals for the tar获取 version # Key removals by version: # 1.25: policy/v1beta1 PodSecurityPolicy 移除d # 1.26: flowcontrol.APIserver.k8s.io/v1beta1 移除d # 1.27: storage.k8s.io/v1beta1 CSIStorageCapacity 移除d # 1.29: flowcontrol.APIserver.k8s.io/v1beta2 移除d # 1.32: autoscaling/v2beta1 移除d

# 检查 for problematic APIVersions in the usage dump rg 'v1beta1|v1beta2|v1alpha1' /tmp/cluster-API-usage.txt || echo "No deprecated beta APIs found"

Step 3 -- 检查添加on compatibility

# 列出 all Helm releases and their 图表 versions helm 列出 -A -o json 2>/dev/null | python3 -c " 导入 json, sys releases = json.load(sys.stdin) for r in releases: print(f\"{r['namespace']}/{r['name']}\t图表: {r['图表']}\t应用: {r.获取('应用_version','?')}\t状态: {r['状态']}\") "

# 列出 non-Helm workloads in kube-系统 (operators, CNI, etc.) kubectl -n kube-系统获取部署ments,daemon设置s -o custom-columns=NAME:.metadata.name,IMAGE:.spec.template.spec.contAIners[0].image

For each 添加on, 验证 the 安装ed version supports TAR获取_VERSION by 检查ing the up流 compatibility matrix. Key 添加ons to 验证:

CNI 插件 (Calico, Cilium, Flannel) Ingress 控制器 (nginx, Traefik) cert-管理器指标-server CoreDNS CSI drivers

Step 4 -- Assess workload disruption risk

# Pods without PodDisruptionBud获取s kubectl 获取 pods --all-namespaces -o jsonpath='{range .items[]}{.metadata.namespace}{"\t"}{.metadata.name}{"\t"}{.metadata.ownerReferences[0].kind}{"\n"}{end}' > /tmp/all-pods.txt kubectl 获取 pdb --all-namespaces -o jsonpath='{range .items[]}{.metadata.namespace}{"\t"}{.spec.selector.matchLabels}{"\n"}{end}' > /tmp/all-pdbs.txt

echo "=== Namespaces with pods but no PDB ===" awk '{print $1}' /tmp/all-pods.txt | 排序 -u > /tmp/ns-with-pods.txt awk '{print $1}' /tmp/all-pdbs.txt | 排序 -u > /tmp/ns-with-pdbs.txt comm -23 /tmp/ns-with-pods.txt /tmp/ns-with-pdbs.txt

# Single-replica 部署ments (high disruption risk) kubectl 获取部署ments --all-namespaces -o jsonpath='{range .items[?(@.spec.replicas==1)]}{.metadata.namespace}/{.metadata.name}{"\n"}{end}'

报告 template:

Preflight 报告: 升级 from {CURRENT} to {TAR获取}

Blockers (must fix before 升级)

[ ] {列出移除d APIs still in use}
[ ] {incompatible 添加ons}

警告s (should fix, not blocking)

[ ] {deprecated APIs that will be 移除d in next version}
[ ] {single-replica 部署ments without PDB}

添加on Compatibility

添加on	Current Version	Tar获取 K8s Supported	Action

Node Readiness

Total nodes: {N}
Nodes at current version: {N}
Nodes with issues: {列出}

plan --- 生成 an 升级运行book

Produce a step-by-step, copy-pasteable 升级 plan based on preflight findings.

Step 1 -- Determine 升级 strategy

Decide based on cluster type:

kubeadm: sequential control-plane then worker 升级 EKS/GKE/AKS: managed control-plane 升级, then node group rolling 更新 k3s/RKE2: binary replacement strategy # 检测 cluster type 提供者="unknown" kubectl 获取 nodes -o jsonpath='{.items[0].spec.提供者ID}' 2>/dev/null | grep -qi 'aws' && 提供者="eks" kubectl 获取 nodes -o jsonpath='{.items[0].spec.提供者ID}' 2>/dev/null | grep -qi 'gce' && 提供者="gke" kubectl 获取 nodes -o jsonpath='{.items[