This topic provides answers to some commonly asked questions about application management.
How do I manually upgrade Helm?
How do I use private images in Kubernetes clusters?
Run the following command:
kubectl create secret docker-registry regsecret --docker-server=registry-internal.cn-hangzhou.aliyuncs.com --docker-username=abc@aliyun.com --docker-password=xxxxxx --docker-email=abc@aliyun.com
Note
regsecret
: the name of the secret. You can enter a custom name.--docker-server
: the address of the Docker registry.--docker-username
: the username of the Docker registry.--docker-password
: the logon password of the Docker registry.--docker-email
: the email address. This parameter is optional.
You can perform the following operations.
- Manually configure the private image
Add the secret to the YAML configuration file.
containers: - name: foo image: registry-internal.cn-hangzhou.aliyuncs.com/abc/test:1.0 imagePullSecrets: - name: regsecret
NoteimagePullSecrets
specifies the secret that is required to pull the image.regsecret
must be the same as the previous configured secret name.- The Docker registry address in
image
must be the same as the one that is specified in--docker-server
.
For more information, see Use a private registry.
- Implement an orchestration without the secret
Note To avoid referencing the secret each time you use private images for deployment, you can add the secret to the default service account of the namespace. For more information, see Add ImagePullSecrets to a service account.
- Run the following command to view the secret that is required to pull private images.
kubectl get secret regsecret
In this example, the default service account of the namespace is manually configured to use this secret as the imagePullSecret.NAME TYPE DATA AGE regsecret kubernetes.io/dockerconfigjson 1 13m
- Create an sa.yaml file and add the configuration of the default service account to this file.
kubectl get serviceaccounts default -o yaml > ./sa.yaml cat sa.yaml apiVersion: v1 kind: ServiceAccount metadata: creationTimestamp: 2015-08-07T22:02:39Z name: default namespace: default resourceVersion: "243024" ##Note this parameter selfLink: /api/v1/namespaces/default/serviceaccounts/default uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6 secrets: - name: default-token-uudgeoken-uudge
- In the command-line interface (CLI), enter
vim sa.yaml
to open the sa.yaml file, delete the resourceVersion parameter, and then add the imagePullSecrets parameter to specify the secret for pulling images. The following sample code shows the modification:apiVersion: v1 kind: ServiceAccount metadata: creationTimestamp: 2015-08-07T22:02:39Z name: default namespace: default selfLink: /api/v1/namespaces/default/serviceaccounts/default uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6 secrets: - name: default-token-uudge imagePullSecrets: ## New parameter - name: regsecret
- Use the configuration in the sa.yaml file to replace the configuration of the default service account.
kubectl replace serviceaccount default -f ./sa.yaml serviceaccount "default" replaced
- In the CLI, enter kubectl create -f to create a Tomcat application.
apiVersion: apps/v1 kind: Deployment metadata: name: tomcat-deployment labels: app: tomcat spec: replicas: 1 selector: matchLabels: app: tomcat template: metadata: labels: app: tomcat spec: containers: - name: tomcat image: registry-internal.cn-hangzhou.aliyuncs.com/abc/test:1.0 # Replace the value with the address of your private image - containerPort: 8080
- If the configuration is valid, the pod is started. In the CLI, enter kubectl get pod tomcat-xxx -o yaml. You can find the following configuration in the command output:
spec: imagePullSecrets: - nameregsecretey
- Run the following command to view the secret that is required to pull private images.