Sealer is an open source cluster image technology implemented by Alibaba. The whole cluster can be packaged as a docker image, and any software can be installed by sealer run xxx to ensure the delivery consistency of the whole cluster dimension. It is a powerful tool for proprietary cloud and offline delivery. Of course, ordinary developers can use it to quickly practice cloud native ecological software. For example, you can install k8s or prometheus or highly available mysql with one click.

The difference between helm and helm is that helm only arranges without packaging, which is a problem for many helm domestic environments to download images, but sealer does not have this problem. All dependencies will be packaged, and the whole cluster will be packaged as a whole.

|Installing a k8s cluster with sealer

sealer run kuberetes:v1.19.9 \
   --master 192.168.0.2,192.168.0.3,192.168.0.4 \
   --node  192.168.0.5,192.168.0.6 -p 123456
     ```

contrast sealos Have you found that the command line is simpler and cleaner, more points is too much, and less points is too little? Elegant like art.

kuberentes:v1.19.9 We call it cluster mirroring. It's amazing, and Docker An image is essentially a collection of all the files needed to install the entire cluster sealos It could be a tar Package, and sealer It is layered and compatible docker registry The design of means that we can put the cluster image into docker registry Delivery inside.



It is easier to connect to the public cloud. You only need to specify the number of machines during installation

export ACCESSKEYID=xxx # specify AK SK export ACCESSKEYSECRET=xxx

Run 3master 3node

sealer run kuberetes:v1.19.9 -m 3 -n 3

Want to define more parameters? definition Clusterfile You can:

apiVersion: sealer.aliyun.com/v1alpha1 kind: Cluster metadata: name: my-cluster spec: image: registry.cn-qingdao.aliyuncs.com/sealer-io/kubernetes:v1.19.9 provider: ALI_CLOUD masters: cpu: 4 memory: 4 count: 3 systemDisk: 100 dataDisks: - 100 nodes: cpu: 4 memory: 4 count: 3 systemDisk: 100 dataDisks: - 100

apiVersion: sealer.aliyun.com/v1alpha1 kind: Config metadata: name: calico spec: path: etc/calico-values.yaml data: | # in use NIC name interface: eth0 # Network plug-in name cniName: calico podCIDR: 100.64.0.0/10 svcCIDR: 10.96.0.0/22 withoutCNI: false

# |It's just an installation tool. What's the big deal?

Installation only sealer A part of, sealer It is an implementation of cluster image, that is, how to package the whole cluster through certain technical means! Compared with this sealos It is a qualitative improvement.

sealer Give users Build The ability to allow users to customize cluster images in a very simple way:

![file](https://img-blog.csdnimg.cn/20210714112317935.png)

We want to define an include mysql ELK redis wordpress And package all dependencies together, sealer You can help you do this in a very simple way:

> 1. definition Kubefile

FROM kuberentes:v1.19.9 # cluster image basic image, sealer officially provides copy mysql# MySQL orchestration file copy elk COPY redis . COPY wordpress . CMD kubectl apply -f . # Commands executed after cluster startup

> 2. Build Custom image

`sealer build -t mysql-redis-elk:latest .`
Then you need to deploy a new cluster

`sealer run mysql-redis-elk:latest --master 192.168.0.2 -p 123456`
This cluster run It includes mysql redis etc.

You can also push the cluster image to the private image warehouse:

sealer login hub. docker. IO - U XXX - P XXX sealer push MySQL redis elk: latest can also pull down, save into tar and load:

sealer pull mysql-redis-elk:latest sealer save -o mysql-redis-elk.tar mysql-redis-elk:latest sealer load -i mysql-redis-elk.tar # customer offline environment

**| evermore**

Most cloud native ecological software landing:

sealer run rook:latest sealer run prometheus:latest sealer run ingress:latest sealer run istio:latest

...
Everything has become so simple...

| sealer design idea 

sealer The design is excellent. In fact, it is not easy to make the whole cluster into a mirror, sealer The cow breaking point of is to make complex things simple enough through elegant design, which is also the feature of almost all my products. I would rather not sacrifice complexity for functions.

> kubefile Design

This is the core highlight. It enables users to realize the ability of custom cluster image with a very simple user interface.

What kind of description language can be used to describe the files needed by the whole cluster, and it should be simple? stay sealer Before its birth, this was actually a complex problem, which was affected by Dockerfile Inspired, why not raise the stand-alone container image to the cluster dimension?

![file](https://img-blog.csdnimg.cn/20210714112318369.png)

So there was Kubefile. 

docker Can pass Dockerfile Build a docker Mirroring, using compose You can run the container.

sealer adopt Kubefile Build a CloudImage,use Clusterfile Start the entire cluster.

This is a very bright idea and design. that Kubefile What instructions should be included in the?


`FROM kubernetes:v1.19.9`
 FROM Specify the base image, which can be a very clean image k8s The basic image can also be a user-defined image that the user has packaged some services. For users, they don't need to care about the details, just like using docker Don't care when centos rootfs Which files are the same.

COPY my-chart . RUN wget helm.sh/download/helm-v3 && mv helm-v3 /usr/bin/helm

COPY Instructions can be like Docker Same handle build Copy the files from the working directory to the cluster image.

RUN The command will be Build When executed, the files generated during the execution will be cached in one of the cluster images layer For example, it is packaged in the cluster image helm Binary

`CMD helm install app my-chart`
CMD Instruction in k8s After the cluster is pulled up and executed, it can have multiple.

So in Build In the process of sealer Will pull up a temporary k8s Cluster, and then execute in it Kubefile Defined instructions, and finally package all the files generated by these instructions.

> Container image cache design

Caching container mirroring is not an easy task, and there are some difficult problems:

How to know which container images exist in distributed software? Because we need to cache these images, no matter scanning users' images yaml File or use helm template After that, the scanning is not perfect. First, we can't determine the user's layout. Second, some software even doesn't write the image address in the layout file, but pull it up through their own program. No guarantee build If it runs successfully, there must be no problem.

The container image needs to be stored in a private warehouse and packaged in a cluster image. The address of the container image warehouse is bound to be different from that written in the orchestration file, especially how to ensure users alwayPull The image can still be downloaded from the private warehouse.

This is reflected here sealer build The process plays a temporary role k8s The advantages of clusters, and eventually clusters will make docker go pull Mirror image, we are pull Intercepts images and caches them, transparently supports container image storage

![file](https://img-blog.csdnimg.cn/20210714112318806.png)

So did you Build The product consistency will be very good, and there is little need to change when deployed in other environments.

> Profile management

Many delivery scenarios will have a large number of business configuration files to be revealed, sealer It can be very friendly for users to reveal these configurations Clusterfile Yes. Typically, the user wants the image in the cluster image helm values Can be modified at deployment time.

Users only need to Clusterfile Define a Config You can:

apiVersion: sealer.aliyun.com/v1alpha1 kind: Config metadata: name: mysql-values.yaml spec: path: etc/mysql-chart/values.yaml data: | mysql-user: root mysql-passwd: xxx

data The content in the will overwrite the default mysql chart of values

> Plug in mechanism

There are also some scenes, such as hoping to pass sealer To modify the host name, upgrade the kernel, or synchronize the time, which "should not" be sealer To do, we can enable the plug-in. Take the plug-in of modifying the host name as an example:

apiVersion: sealer.aliyun.com/v1alpha1 kind: Plugin metadata: name: HOSTNAME spec: data: | 192.168.0.2 master-0 192.168.0.3 master-1 192.168.0.4 master-2 192.168.0.5 node-0 192.168.0.6 node-1 192.168.0.7 node-2

```Just define the above plug-in to help users modify the host name of nodes in the cluster to the name defined in data

Of course, there are other plug-ins, such as labeling plug-ins, shell command execution plug-ins, etc

Different runtime support

In the future, you can from k3s, from K0S, from ACK, etc., without paying attention to the installation differences between them.

Docking with gongyouyun

Now many users want to run their own cluster image in the cloud. Sealer has its own ability to connect to the public cloud. Thanks to our more elaborate backoff and retry mechanism, sealer can complete the infrastructure construction in 30 seconds (Alibaba cloud 6 nodes). It is a leader in similar tools. In addition, the number of API calls is greatly reduced and the configuration is compatible with Clusterfile.

|What scenario is suitable for sealer

If you want to deliver your distributed SaaS as a whole, please use sealer

If you want to integrate multiple distributed services, such as database message queuing or microservice runtime, use sealer

If you want to install a distributed application such as mysql active / standby cluster, please use sealer

If you need to install / manage a kubernetes high availability cluster, please use sealer

If you want to initialize multiple data centers and keep the state of multiple data centers strongly consistent, please use sealer

If you need to implement the above scenario on the public cloud, please use sealer

|Experience

Sealer is most proud of making complex things simple. It took nearly a year to think about the User Interface. How can it be simple without losing functions from the user's perspective? It's very difficult. Kubefile's design draft was overturned. I don't know how many times, we worked hard and finally created sealer.

I'd also like to talk about the origin of sealer and sealos. In fact, sealos is a very popular open source project I started very early. It iterates step by step and really makes the installation k8s cluster nearly perfect. However, there are many reasons why I have to make a big change:

In fact, there is a complete set of platform behind sealos to automatically build offline packages, but these things are very special. They are basically used to release new offline packages for ourselves, and ordinary developers can't reuse these capabilities at all. How to "gracefully open these capabilities" has always been my thinking. sealer gave the perfect answer!

Maybe those who have used sealos know that sealos has an install command that can install other apps, such as prometheus ingress dashboard. However, I have been dissatisfied with the design of this one, but I can't find a more elegant design. It can only be said that the app package of sealos has no technical content. First, the mirror image depends on load, so that the always pull in yaml is cool. Second, it's troublesome to pack, The user needs to save the image and then tar, which is too low. sealer completely solves the problem with a Kubefile, which benefits from the innovation of the underlying image cache technology.

sealos will not produce an ecology. It is very simple that we make things for developers. It is a one to many relationship. With the emergence of sealer, anyone can become a producer and consumer, and the rise of ecology is possible.

sealos's code now seems like a shit (self-criticism). In the early days, I only paid attention to the User interface and didn't pay attention to the places that users can't see. I just thought of an installation tool and wrote it casually. As long as the command is easy to use, who cares what's in you. As long as the regression test is OK, I basically merged all PR. now it has proved that this is a big mistake! This mentality will make you lose your love for your works and can only perish or reconstruct in the end. Fortunately, sealer is reborn from nirvana.

I have always had a lot of exploration and great ideas on how to make things simple, and finally turned it into reality. sealos is an example, but it can only be an amateur interest project. Unlike sealer, it integrates more thinking and the joint efforts of the whole community. At first, we thought that cluster image was just an empty concept, but today we can actually experience that it has become a reality! kubernetes one click installation