Hello World
Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub.
Quick Start
Create a new post
1 | $ hexo new "My New Post" |
More info: Writing
Run server
1 | $ hexo server |
More info: Server
Generate static files
1 | $ hexo generate |
More info: Generating
Deploy to remote sites
1 | $ hexo deploy |
More info: Deployment
集群镜像插件使用
插件类型列表
主机名插件
主机名插件将帮助您更改所有主机名
1 |
|
脚本插件
你可以在指定节点的任何阶段执行任何shell命令。
1 | apiVersion: sealer.aliyun.com/v1alpha1 |
1 | action : [PreInit| PreInstall| PostInstall] # 指定执行shell的时机 |
标签插件
帮助您在安装kubernetes集群后设置标签
1 | apiVersion: sealer.aliyun.com/v1alpha1 |
集群检测插件
由于服务器以及环境因素(服务器磁盘性能差)可能会导致sealer安装完kubernetes集群后,立即部署应用服务,出现部署失败的情况。cluster check插件会等待kubernetes集群稳定后再部署应用服务。
1 | apiVersion: sealer.aliyun.com/v1alpha1 |
污点插件
如果你在Clusterfile后添加taint插件配置并应用它,sealer将帮助你添加污点和去污点:
1 | apiVersion: sealer.aliyun.com/v1alpha1 |
data写法为
ips taint_argument
ips : 多个ip通过,连接,连续ip写法为 首ip-末尾ip
taint_argument: 同kubernetes 添加或去污点写法(key=value:effect #effect必须为:NoSchedule, PreferNoSchedule 或 NoExecute)。
Etcd 备份插件
1 | apiVersion: sealer.aliyun.com/v1alpha1 |
Out of tree plugin
at present, we only support the golang so file as out of tree plugin. More description about golang plugin
see golang plugin website.
copy the so file and the plugin config to your cloud image at build stage use Kubefile,sealer will parse and execute
it. develop your own out of tree plugin see sealer plugin.
plugin config:
1 | apiVersion: sealer.aliyun.com/v1alpha1 |
Kubefile:
1 | FROM kubernetes:v1.19.8 |
Build a cluster image that contains the golang plugin (or more plugins):
1 | sealer build -m lite -t kubernetes-post-install:v1.19.8 . |
如何使用插件
通过Clusterfile使用插件
例如,在安装kubernetes集群后设置节点标签:
1 | apiVersion: sealer.cloud/v2 |
1 | sealer apply -f Clusterfile |
在Kubefile中使用默认插件
在很多情况下,可以不使用Clusterfile而使用插件,本质上是在使用插件之前存储了Clusterfile插件到$rootfs/plugins目录下 所以当我们构建镜像时可以添加自定义默认插件。
插件配置文件 shell.yaml:
1 | apiVersion: sealer.aliyun.com/v1alpha1 |
Kubefile:
1 | FROM kubernetes:v1.19.8 |
构建一个包含安装iscsi的插件(或更多插件)的集群镜像:
1 | sealer build -m lite -t kubernetes-iscsi:v1.19.8 . |
通过镜像启动集群后插件也将被执行,而无需在Clusterfile中定义插件:sealer run kubernetes-iscsi:v1.19.8 -m x.x.x.x -p xxx
快速开始
使用sealer创建一个kubernetes集群
1 | 下载和安装sealer二进制 |
1 | [root@iZm5e42unzb79kod55hehvZ ~]# kubectl get node |
增加删除节点
1 | sealer join --masters 192.168.0.2,192.168.0.3,192.168.0.4 |
清理集群
创建集群会默认创建一个Clusterfile存储在 /root/.sealer/[cluster-name]/Clusterfile, 里面包含集群元数据信息.
删除集群:
1 | sealer delete -f /root/.sealer/my-cluster/Clusterfile |
自定义集群镜像
上面我们看到的kubernetes:v1.19.8就是一个标准的集群镜像,有时我们希望在集群镜像中带一些我们自己自定义的组件,就可以使用此功能。
比如这里我们创建一个包含dashboard的集群镜像:
Kubefile:
1 | 基础镜像中包含安装kuberntes的所有依赖,sealer已经制作好,用户直接使用它即可 |
构建集群镜像:
1 | sealer build -t dashboard:latest . |
运行集群镜像,这时运行出来的就是一个包含了dashboard的集群:
1 | sealer会启动一个kubernetes集群并在集群中启动dashboard |
把集群镜像推送到镜像仓库
1 | sealer tag dashboard:latest registry.cn-qingdao.aliyuncs.com/sealer-io/dashboard:latest |
镜像导入导出
1 | sealer save -o dashboard.tar dashboard:latest |
概览
sealer[ˈsiːlər] 可以像docker那样把整个集群制作成镜像,实现分布式软件的构建、交付、运行。
应用场景:
- kubernetes集群安装
- kubernetes集群、数据库、中间件、SaaS应用整体打包,一键交付
- 离线交付,多架构支持,国产化支持
- 各种在kubernetes上编排的分布式应用交付
编写一个和Dockerfile很类似的Kubefile,就可以构建一个集群镜像,使用Clusterfile去运行一个集群。
Docker镜像很好的解决了单应用的打包问题,但是没有解决分布式应用的镜像问题。helm这类编排工具解决了编排问题,没有解决打包问题。
目前集群没有打包标准,构建一个自定义的kubernetes集群也比较复杂,整个集群+分布式应用部署也是面向过程,交付问题爆炸屡屡得不到干净利索的解决,集群整体交付一致性差。
特别是在专有云交付领域,一个分布式软件往往有非常多的配置,以及很多应用镜像和依赖,甚至有些情况还需要在离线情况下进行交付,交付过程面临着非常大的挑战。
集群镜像把整个集群看成一台服务器,把k8s看成云操作系统,实现整个集群的镜像化打包和交付,为企业级软件提供一种“开箱即用”的应用封装技术。
通过非常简单的方式把一个应用的所有依赖进行标准化打包,一键运行到客户的集群中去,并且可以兼容复杂的基础设施,保障集群镜像构建过程没问题运行就没问题。
集群镜像市场中会提供非常多已经构建好的可复用镜像,软件的使用者可以像搭建积木一样灵活的组合这些镜像服务与自己的应用,如SaaS应用依赖的数据库,消息队列,甚至k8s本身都可以直接在市场中找到。
使用集群镜像技术最终能帮助企业一键拉起一个复杂的自定义集群,大幅提升交付效率,降低交付出错率,直接复用成熟稳定的组件也可使软件稳定性大大提升。
交付人员不用再关心复杂的部署细节,解决了软件生产者和使用者之间的协作问题。
Save helm chart package
Sealer support to save raw helm chart package to cloud image as oci format. with this feature, we can pull the helm
chart package in other offline production environment.
Prerequisites
Prepare two nodes named the build node and the run node. At the same time need to install sealer and helm on it.
Examples
On the build node.
Start docker registry to save helm chart package.
start docker registry to transfer helm chart package to oci format.
1 | docker run -p 5000:5000 --restart=always --name registry -v /registry/:/var/lib/registry -d registry |
use helm push to save helm chart package to registry.
1 | export HELM_EXPERIMENTAL_OCI=1 |
Use sealer build to save helm chart package from local registry to cloud image.
Prepare Kubefile:
1 | [root@iZbp16ikro46xwgqzij67sZ build]# cat Kubefile |
Prepare imageList file:
1 | [root@iZbp16ikro46xwgqzij67sZ build]# cat imageList |
Then run sealer build -t my-kubernetes:v1.19.8 -f Kubefile .and we can
use sealer save my-kubernetes:v1.19.8 -o my-kubernetes.tar to save the image to the local filesystem.
On the run node.
load the image my-kubernetes.tar from the build node use sealer load -i my-kubernetes.tar.
Use sealer run to start the cluster
1 | sealer run -d my-kubernetes:v1.19.8 -p password -m 172.16.0.230 |
Pull Helm chart on the run node.
When the cluster is up, we can pull the helm chart package use helm pull:
1 | export HELM_EXPERIMENTAL_OCI=1 |
Save ACR chart
Example to pull chart-registry.cn-shanghai.cr.aliyuncs.com/aliyun-inc.com/elasticsearch:1.0.1-elasticsearch.elasticsearch chart.
- Login your ACR registry
1 | sealer login sealer login chart-registry.cn-shanghai.cr.aliyuncs.com \ |
- Create Kubefile and imageList
1 | [root@iZ2zeasfsez3jrior15rpbZ chart]# cat imageList |
- Build CloudImage and save ACR remote chart to local registry
1 | sealer build -t chart:latest . |
- Run a cluster
1 | sealer run chart:latest -m x.x.x.x -p xxx |
- Try to pull chart using helm from local registry
1 | [root@iZ2zeasfsez3jrior15rpbZ certs]# helm pull oci://sea.hub:5000/aliyun-inc.com/elasticsearch --version 1.0.1-elasticsearch.elasticsearch |
If you got Error: failed to do request: Head "https://sea.hub:5000/v2/aliyun-inc.com/elasticsearch/manifests/1.0.1-elasticsearch.elasticsearch": x509: certificate signed by unknown authority error, trust registry cert on your host:
1 | cp /var/lib/sealer/data/my-cluster/certs/sea.hub.crt /etc/pki/ca-trust/source/anchors/ && update-ca-trust extract |
Define your own CloudRootfs
All the files which run a kubernetes cluster needs.
Contains:
- Bin files, like docker, containerd, crictl ,kubeadm, kubectl…
- Config files, like kubelet systemd config, docker systemd config, docker daemon.json…
- Registry docker image.
- Some Metadata, like Kubernetes version.
- Registry files, contains all the docker image, like kubernetes core component docker images…
- Scripts, some shell script using to install docker and kubelet… sealer will call init.sh and clean.sh.
- Other static files
1 | . |
How can I get CloudRootfs
- Pull a BaseImage
sealer pull kubernetes:v1.19.8-alpine - View the image layer information
sealer inspect kubernetes:v1.19.8-alpine - Get into the BaseImage Layer
ls /var/lib/sealer/data/overlay2/{layer-id}
You will find the CloudRootfs layer.
Build your own BaseImage
You can edit any files in CloudRootfs you want, for example you want to define your own docker daemon.json, just edit it and build a new CloudImage.
1 | FROM scratch |
1 | sealer build -t user-defined-kubernetes:v1.19.8 . |
Then you can use this image as a BaseImage.
OverWrite CloudRootfs files
Sometimes you don’t want to care about the CloudRootfs context, but need custom some config.
You can use kubernetes:v1.19.8 as BaseImage, and use your own config file to overwrite the default file in CloudRootfs.
For example: daemon.json is your docker engine config, using it to overwrite default config:
1 | FROM kubernetes:v1.19.8 |
1 | sealer build -t user-defined-kubernetes:v1.19.8 . |
What is CloudRootfs
All the files witch run a kubernetes cluster needs.
Contains:
- Bin files, like docker containerd crictl kubeadm kubectl…
- Config files, like kubelet systemd config, docker systemd config, docker daemon.json…
- Registry docker image
- Some Metadata, like Kubernetes version.
- Registry files, contains all the docker image, like kubernetes core component docker images…
- Scripts, some shell script using to install docker and kubelet… sealer will call init.sh and clean.sh.
- Other static files
1 | . |
How can I get CloudRootfs
- Pull a BaseImage
sealer pull kubernetes:v1.19.8-alpine - View the image layer information
sealer inspect kubernetes:v1.19.8-alpine - Get into the BaseImage Layer
ls /var/lib/sealer/data/overlay2/{layer-id}
You will found the CloudRootfs layer.
Build your own BaseImage
You can edit any files in CloudRootfs you want, for example you want to define your own docker daemon.json, just edit it and build a new CloudImage.
1 | FROM scratch |
1 | sealer build -t user-defined-kubernetes:v1.19.8 . |
Then you can use this image as a BaseImage.
OverWrite CloudRootfs files
Sometimes you don’t want to care about the CloudRootfs context, but need custom some config.
You can use kubernetes:v1.19.8 as BaseImage, and use your own config file to overwrite the default file in CloudRootfs.
For example: daemon.json is your docker engine config, using it to overwrite default config:
1 | FROM kubernetes:v1.19.8 |
1 | sealer build -t user-defined-kubernetes:v1.19.8 . |
Clusterfile definition
Install to existing servers, the provider is BAREMETAL:
1 | apiVersion: sealer.aliyun.com/v1alpha1 |
Automatically apply ali cloud server for installation, the provider is ALI_CLOUD. Or using container for installation,the provider is CONTAINER:
1 | apiVersion: sealer.aliyun.com/v1alpha1 |
Kubefile instruction
A Kubefile is a text document that contains all the commands a user could call on the command line to assemble an
image.We can use the Kubefile to define a cluster image that can be shared and deployed offline. a Kubefile just
like Dockerfile which contains the build instructions to define the specific cluster.
FROM instruction
The FROM instruction defines which base image you want reference, and the first instruction in Kubefile must be the
FROM instruction. Registry authentication information is required if the base image is a private image. By the way
official base images are available from the Sealer community.
command format:FROM {your base image name}
USAGE:
For example ,use the base image kubernetes:v1.19.8 which provided by the Sealer community to build a new cloud image.
FROM registry.cn-qingdao.aliyuncs.com/sealer-io/kubernetes:v1.19.8
COPY instruction
The COPY instruction used to copy the contents from the context path such as file or directory to the rootfs. all
the cloud image is based on the rootfs, and the default src path is
the rootfs .If the specified destination directory does not exist, sealer will create it automatically.
command format:COPY {src dest}
USAGE:
For example , copy mysql.yamltorootfs/mysql.yaml
COPY mysql.yaml .
For example , copy directory apollo to rootfs/charts/apollo
COPY apollo charts
RUN instruction
The RUN instruction will execute any commands in a new layer on top of the current image and commit the results. The
resulting committed image will be used for the next step in the Kubefile.
command format:RUN {command args …}
USAGE:
For example ,Using RUN instruction to execute a commands that download kubernetes dashboard.
RUN wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
CMD instruction
The format of CMD instruction is similar to RUN instruction, and also will execute any commands in a new layer. However,
the CMD command will be executed when the cluster is started . it is generally used to start applications or configure
the cluster. and it is different with Dockerfile CMD ,If you list more than one CMD in a Kubefile ,then all of them
will take effect.
command format:CMD {command args …}
USAGE:
For example ,Using CMD instruction to execute a commands that apply the kubernetes dashboard yaml.
CMD kubectl apply -f recommended.yaml