Authors: Huai You, Wang Fei, Yu Jia
Ali cloud native readers: hello everyone, today should be the majority of interested friends urged, we invited to the “ali cloud container services ACK release” on our program, for disturbing you about it, and how it and cooperate with partners, let us get together on its own infrastructure the best experience. So pass by must not miss oh ~
Hello, I’m ACK Distro, I’m looking forward to serving you Distro. I’m looking forward to serving you Distro. Alibaba’s open source cluster mirroring technology sealer, and how I used it to achieve fast and stable delivery of Aliyun ACK service.
What is ACK Distro
Reporter: Before we introduce our partners, let’s go to the first section. Many new readers still don’t know who you are and what your functions are, so let’s introduce ourselves.
ACK Distro: Yes, I do. I am Ali for heterogeneous IaaS environment issued Kubernetes release, can be deployed in heterogeneous IaaS privatized output container service ACK agile version, is the default by my production, operation and maintenance of Kubernetes cluster, we use container service ACK agile version, Through simple platform interaction, BASIC operation and maintenance such as deployment, upgrade and expansion of ACK Distro cluster can be realized.
My partners, the core components, have passed the validation and security checks of Alibaba Cloud Container Service ACK and Alibaba Group’s core business scenarios in mass production environments with industry-leading security and reliability.
As a full Kubernetes distribution, I can help you manage your cluster more easily and flexibly with sealer, an open source cluster mirroring technology, for easy and quick delivery to an offline environment. These components support X86 and ARM hardware architectures and include a high-performance networking plug-in hybridnet that ensures I can run smoothly on different infrastructures. At the same time, I can be registered on aliyun container service ACK to achieve consistent resource management, policy compliance and traffic control, so that everyone can get the same user experience as online ACK cluster. In addition, HYBRIdnet’s detailed description will be disclosed in the following interview, please stay tuned
Definition of SEALer and its core principles
Reporter: You mentioned that you can manage clusters more easily and flexibly with Sealer. What is it and how does it work?
ACK Distro: Sealer, alibaba’s open source solution for fast packaging, delivery and execution of distributed applications, can solve the delivery problems of complex applications by packaging distributed applications together with their database middleware dependencies.
Sealer built what we call a cluster image, which is embedded with a complete set of Kubernetes + containers that work together to solve the delivery consistency problem for distributed applications.
Its core principles can be seen in the following figure:
Docker can build single operating system (RootFS) and standalone application (Docker build) into a container image, and quickly run Docker run on standalone. Sealer, on the other hand, treats Kubernetes as a cluster operating system (Cloud RootFS) and builds sealer Build as a cluster image with distributed applications deployed on it to run Sealer Run quickly on the cluster. At the same time, the cluster image can also be pushed to the public image warehouse (such as DockerHub, Ali Cloud container image service, etc.) shared to other users.
To briefly describe, you can write a Kubefile using a file like Dockerfile:
The FROM registry.cn-qingdao.aliyuncs.com/sealer-io/kubernetes:v1.19.9 wget RUN https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml CMD kubectl apply - f recommended.yamlCopy the codeCluster images can be built using the sealer Build command:
sealer build -t registry.cn-qingdao.aliyuncs.com/sealer-io/dashboard:latest .
Copy the codeA cluster image containing the dashboard can then be created that everyone can run or share with others.
Push the made cluster image to the image warehouse, the cluster image warehouse is compatible with the Docker image warehouse standard, can push the cluster image to docker Hub, Ali ACR, or Harbor.
sealer push registry.cn-qingdao.aliyuncs.com/sealer-io/dashboard:latest
Copy the codeReporter: That said, Sealer can pack Kubernetes and the applications deployed on it, and the cluster can be managed by other products.
ACK Distro: Yes, that’s what we’re looking for, a consistent experience for everyone. In addition, sealer’s technical advantages include the following three points.
Sealer’s technological advantages
When writing copy
The storage of cluster images is also achieved by copy-on-write. This has two advantages: we can put different distributed software in the same cluster in different layers for reuse; It is also possible to push cluster images directly into the Docker image repository.
Container image cache
1) The sealer Build process is somewhat different from the Docker build process. The power of Sealer Build is that it can execute the Apply directive defined in Kubefile without using the Kubernetes cluster.
2) Sealer has the ability to pull the image from the public network as long as it is available in the private image repository.
Load balancing
Sealer’s cluster high availability uses the lightweight load balancer LVSCARE. Compared to other load balancers, Lvscare is very small, only a few hundred lines of code, and lvSCARE only does the daemon of IPVS rules and does not load itself, so it is very stable. Listen to apiserver directly on Node. If apiserver fails, it will remove the corresponding rule and automatically add it back after re-running. It is like a dedicated load balancer.
Reporter: True to its name. So what’s the reason for this fantastic linkage? Or why did you choose Sealer as your partner? * * * *
ACK Distro: My most important mission is to help users easily and quickly use ACK, Alibaba Cloud Container service, on their own infrastructure, and have a consistent experience. With this goal, the ability to deliver consistently across a wide variety of infrastructures is particularly important, and sealer provides the capability to address this challenge well.
First, sealer provides standardized packaging capability, eliminating the tedious work of customizing a set of packaging logic.
Second, Sealer delivers my commands in a quick and easy way, allowing everyone to deploy ACK Distro clusters in a matter of minutes with a single command. And I have direct access to Sealer’s ability to support diverse infrastructure.
At run time, Sealer’s load balancing, image caching and other technologies help me achieve high availability and stability in an offline environment without relying on the capabilities of the public cloud. Finally, with Sealer’s Kubefile, users can also use ACK Distro as a base image and have the flexibility to customize their own cluster images, allowing me to better empower developers.
How do I use ACK Distro through Sealer
ACK Distro: Knowing how important Sealer is to me, follow these steps to find ACK Distro through Sealer.
Obtain sealer tools
Wget -c http://sealer.oss-cn-beijing.aliyuncs.com/sealers/sealer-v0.5.2-linux-amd64.tar.gz tar XVF. - Sealer - v0.5.2 - Linux - amd64. Tar. Gz - C/usr/binCopy the codeGrab ACK Distro products and pull up the cluster
Sealer run ack-agility-registry.cn-shanghai.cr.aliyuncs.com/ecp_builder/ackdistro:v1.20.4-ack-2 -m ${master_ip1}[,${master_ip2},${master_ip3}] [-n ${worker_ip1...}] -p passwordCopy the codeViewing Cluster Status
kubectl get cs
Copy the codeExpansion node
sealer join -m ${master_ip1}[,${master_ip2},${master_ip3}] [ -n ${worker_ip1}...]
Copy the codeShrinkage capacity node
sealer delete -m ${master_ip1}[,${master_ip2},${master_ip3}] [ -n ${worker_ip1}...]
Copy the codeClean up the ACK Distro cluster
sealer delete -a
Copy the codeIf you still have any questions, please head over to ACK Distro’s official Github library:
https://github.com/AliyunContainerService/ackdistro
Take Istio for example, build your own cluster images based on ACK Distro
Reporter: You mentioned that users can customize their own cluster images using ACK Distro as a base image. How do you do that?
ACK Distro: LET me take Istio as an example
Build on the original ACK Distro base image and write Kubefile
The FROM ack - distro: 1.1 the RUN curl - L | sh - https://istio.io/downloadIstioCopy the codeBuild the mirror
Sealer build -F Kubefile -m Lite-t Ack-distro-istio :v0.0.1.Copy the codeGet ack – distro – istio: 0.0.1
Deploy an ack – distro – istio: 0.0.1
Sealer run ack - distro - istio: v0.0.1 - m ${master_ip1} [${master_ip2}, ${master_ip3}] [-n] ${worker_ip1}... -p passwordCopy the codeCheck the Istio
With these five steps, YOU can build a ACK Distro plus version of a cluster image with Istio and deploy it on a variety of infrastructures. This new cluster image can enjoy all my features, including deliverability.
Istio is just one example, and as you can see, with Kubefile you have full freedom to customize your own images, as long as your components can be deployed on Kubernetes, they can be packaged in this way.
Reporter: I see. Do you have anything to add?
ACK Distro: With Sealer, I have achieved fast and stable delivery of ALIyun container service ACK, and on this basis, I can deliver most containerized distributed software quickly. The ACK Distro project team members are also key participants in the Sealer project, and the two complement each other to deliver a better container service experience for developers.
Reporter: Thank you for your careful explanation, our first in-depth interview is here to say goodbye to you, looking forward to your next wonderful interview.
ACK Distro: See you next time!
A link to the
ACK Distro’s official website:
ACK Distro official GitHub:
Let innovation at your fingertips, Alibaba Cloud Container Service ACK release is open for free download:
Package Kubernetes cluster into an image:
Check out more of this on ACK Distro’s website here!