This topic describes the frequently asked questions about application management.

How do I manually upgrade Helm?

  1. Log on to a master node in the Kubernetes cluster. For more information, see Connect to Kubernetes clusters through kubectl.
  2. Run the following commands:
    For the image address, enter the address of the image in the VPC network in the target region. For example, if your server is deployed in the China (Hangzhou) region, the image address is registry-vpc.cn-hangzhou.aliyuncs.com/acs/tiller:v2.11.0.
    helm init --tiller-image registry.cn-hangzhou.aliyuncs.com/acs/tiller:v2.11.0 --upgrade
  3. After the tiller health check succeeds, you can run the helm version command to view the upgrade results.
    Note The preceding command only upgrades Tiller, the server side component of Helm. To upgrade the client side component, download the corresponding client binary.
    Helm client 2.11.0 can be downloaded here. Currently, the latest Helm version supported by Alibaba Cloud is 2.11.0.
  4. After the client and server side components of Helm are both upgraded, run the helm version command and the following information appears:
    $ helm version
    Client: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}
    Server: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}

How do I use private images in Kubernetes clusters?

Run the following command:
kubectl create secret docker-registry regsecret --docker-server=registry-internal.cn-hangzhou.aliyuncs.com --docker-username=abc@aliyun.com --docker-password=xxxxxx --docker-email=abc@aliyun.com
Note
  • regsecret: The name of the secret.
  • --docker-server: The address of the Docker registry.
  • --docker-username: The username of the Docker registry.
  • --docker-password: The logon password of the Docker registry.
  • --docker-email: Optional. The email address.

You can perform the following operations.

  • Manually configure the private image
    Add the secret to the YAML configuration file.
    containers:
        - name: foo
          image: registry-internal.cn-hangzhou.aliyuncs.com/abc/test:1.0
    imagePullSecrets:
        - name: regsecret
    Note
    • imagePullSecrets specifies that a secret is required when pulling images.
    • regsecret must be the same as the previous configured secret name.
    • The Docker registry address in image must be the same as one specified in --docker-server.

    For more information, see Use a private registry.

  • Implement an orchestration without the secret
    Note To avoid referencing the secret each time you use private images to deploy applications, you can add the secret to the default service account of the namespace. For more information, see Add ImagePullSecrets to a service account.
    1. Run the following command to view the secret that is required to pull private images.
      # kubectl get secret regsecret
      NAME        TYPE                             DATA      AGE
      regsecret   kubernetes.io/dockerconfigjson   1         13m
      In this example, manually configure the default service account of the namespace to use this secret as the imagePullSecret.
    2. Create an sa.yaml file and add the configuration of the default service account to this file.
      kubectl get serviceaccounts default -o yaml > ./sa.yaml
      
      cat  sa.yaml
      
      apiVersion: v1
      kind: ServiceAccount
      metadata:
        creationTimestamp: 2015-08-07T22:02:39Z
        name: default
        namespace: default
        resourceVersion: "243024"             ## Note this parameter
        selfLink: /api/v1/namespaces/default/serviceaccounts/default
        uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6
      secrets:
      - name: default-token-uudgeoken-uudge
    3. Run the vim sa.yaml command to open the sa.yaml file, delete the resourceVersion parameter, and add the imagePullSecrets parameter to specify the secret for pulling images. The modified configuration is as follows:
      
      apiVersion: v1
      kind: ServiceAccount
      metadata:
        creationTimestamp: 2015-08-07T22:02:39Z
        name: default
        namespace: default
        selfLink: /api/v1/namespaces/default/serviceaccounts/default
        uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6
      secrets:
      - name: default-token-uudge
      imagePullSecrets:                 ## New parameter
      - name: regsecret
      
      									
    4. Use the configuration in the sa.yaml file to replace the configuration of the default service account.
      kubectl replace serviceaccount default -f ./sa.yaml
      serviceaccount "default" replaced
    5. Run the kubectl create -f command to create a Tomcat application.
      apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1
      kind: Deployment
      metadata:
        name: tomcat-deployment
        labels:
          app: tomcat
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: tomcat
        template:
          metadata:
            labels:
              app: tomcat
          spec:
            containers:
            - name: tomcat
              image: registry-internal.cn-hangzhou.aliyuncs.com/abc/test:1.0              # Replace the value with the address of your private image
              ports:
              - containerPort: 8080
    6. If the configuration is correct, the Pod is started. Run the kubectl get pod tomcat-xxx -o yaml command. You can find the following configuration in the command output:
      spec:
        imagePullSecrets:
      - nameregsecretey