This topic describes the frequently asked questions about application management.

How do I manually upgrade Helm?

  1. Log on to a master node in the Kubernetes cluster. For more information, see Connect to Kubernetes clusters through kubectl.
  2. Run the following commands:
    For the image address, enter the address of the image in the VPC network in the target region. For example, if your server is deployed in the China (Hangzhou) region, the image address is registry-vpc.cn-hangzhou.aliyuncs.com/acs/tiller:v2.11.0. 
    helm init --tiller-image registry.cn-hangzhou.aliyuncs.com/acs/tiller:v2.11.0 --upgrade
  3. After the tiller health check succeeds, you can run the helm version command to view the upgrade results.
    Note The preceding command only upgrades Tiller, the server side component of Helm. To upgrade the client side component, download the corresponding client binary.
    Helm client 2.11.0 can be downloaded here. Currently, the latest Helm version supported by Alibaba Cloud is 2.11.0.
  4. After the client and server side components of Helm are both upgraded, run the helm version command and the following information appears: 
    $ helm version
Client: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}

How do I use private images in Kubernetes clusters?

Run the following command: 
kubectl create secret docker-registry regsecret --docker-server=registry-internal.cn-hangzhou.aliyuncs.com --docker-username=abc@aliyun.com --docker-password=xxxxxx --docker-email=abc@aliyun.com
Note
  • regsecret: The name of the secret.
  • --docker-server: The address of the Docker registry.
  • --docker-username: The username of the Docker registry.
  • --docker-password: The logon password of the Docker registry.
  • --docker-email: Optional. The email address.

You can perform the following operations.

  • Manually configure the private image
    Add the secret to the YAML configuration file. 
    containers:
    - name: foo
      image: registry-internal.cn-hangzhou.aliyuncs.com/abc/test:1.0
imagePullSecrets:
    - name: regsecret
    Note
    • imagePullSecrets specifies that a secret is required when pulling images.
    • regsecret must be the same as the previous configured secret name.
    • The Docker registry address in image must be the same as one specified in --docker-server.

    For more information, see Use a private registry.

  • Implement an orchestration without the secret
    Note To avoid referencing the secret each time you use private images to deploy applications, you can add the secret to the default service account of the namespace. For more information, see Add ImagePullSecrets to a service account.
    1. Run the following command to view the secret that is required to pull private images. 
      # kubectl get secret regsecret
NAME        TYPE                             DATA      AGE
regsecret   kubernetes.io/dockerconfigjson   1         13m
      In this example, manually configure the default service account of the namespace to use this secret as the imagePullSecret.
    2. Create an sa.yaml file and add the configuration of the default service account to this file. 
      kubectl get serviceaccounts default -o yaml > ./sa.yaml

cat  sa.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: 2015-08-07T22:02:39Z
  name: default
  namespace: default
  resourceVersion: "243024"             ## Note this parameter
  selfLink: /api/v1/namespaces/default/serviceaccounts/default
  uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6
secrets:
- name: default-token-uudgeoken-uudge
    3. Run the vim sa.yaml command to open the sa.yaml file, delete the resourceVersion parameter, and add the imagePullSecrets parameter to specify the secret for pulling images. The modified configuration is as follows: 
      
apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: 2015-08-07T22:02:39Z
  name: default
  namespace: default
  selfLink: /api/v1/namespaces/default/serviceaccounts/default
  uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6
secrets:
- name: default-token-uudge
imagePullSecrets:                 ## New parameter
- name: regsecret
    4. Use the configuration in the sa.yaml file to replace the configuration of the default service account. 
      kubectl replace serviceaccount default -f ./sa.yaml
serviceaccount "default" replaced
    5. Run the kubectl create -f command to create a Tomcat application. 
      apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1
kind: Deployment
metadata:
  name: tomcat-deployment
  labels:
    app: tomcat
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tomcat
  template:
    metadata:
      labels:
        app: tomcat
    spec:
      containers:
      - name: tomcat
        image: registry-internal.cn-hangzhou.aliyuncs.com/abc/test:1.0              # Replace the value with the address of your private image
        ports:
        - containerPort: 8080
    6. If the configuration is correct, the Pod is started. Run the kubectl get pod tomcat-xxx -o yaml command. You can find the following configuration in the command output: 
      spec:
  imagePullSecrets:
- nameregsecretey