By Huaiyou, Wang Fei, and Yujia
Reporter: Hello, Alibaba Cloud-Native readers. Today, in response to the high expectation of interested readers, we have invited the Distribution of Alibaba Cloud Container Service for Kubernetes (ACK Distro) to our column to tell you how it is created and how it cooperates with its partners. It is expected that you can have a consistent and the best experience on your infrastructure. Please do not miss this interview!
ACK Distro: Hello, I am the Distribution of Alibaba Cloud Container Service for Kubernetes. You can also call me ACK Distro. In this interview, I will explain my good partner, Sealer, the open-source cluster image technology of Alibaba, in detail and how I can use it to achieve fast and stable delivery of Alibaba Cloud ACK services.
Reporter: Before introducing your partner, let's enter the first section. Many new readers still do not know who you are and your features. Please introduce yourself.
ACK Distro: Okay. I am the Kubernetes distribution released by Alibaba for a heterogeneous IaaS environment. I can deploy the Agility Edition of Container Service for Kubernetes, which is privatized and output in heterogeneous IaaS. I can produce and maintain Kubernetes clusters by default. When you use the Agility Edition of Container Service for Kubernetes, you can realize basic O&M, such as deployment, upgrade, and expansion of ACK Distro clusters, through simple platform interaction.
My partners are the core components that have passed the verification and security checks of ACK and core business scenarios of Alibaba Group in mass production environments. They all have industry-leading security and reliability.
As a complete Kubernetes distribution, I can use Sealer, the open-source cluster image technology, to easily and quickly deliver to the offline environment to help you manage clusters more simply and flexibly. These components support X86 and ARM hardware architectures and include a high-performance network plug-in named Hybridnet. The plug-in ensures that I can run smoothly on different infrastructures. At the same time, I can be registered on ACK, which achieves consistent resource management, policy compliance, and traffic control so you can get the same user experience as on online ACK clusters. In addition, I will disclose a detailed explanation of Hybridnet in the second interview. Please look forward to that.
Reporter: You just mentioned you can manage clusters more simply and flexibly using Sealer. What is it, and what are its core principles?
ACK Distro: As an open-source solution of Alibaba, Sealer helps package, deliver, and run distributed applications quickly. It can solve the delivery problem of complex applications by packaging distributed applications, their database middleware, and other dependencies together.
The product built by Sealer is called cluster images that contain a complete set of Kubernetes containers. The combination of cluster images and Kubernetes container solves the problem of consistency in the delivery of distributed applications.
Please refer to the following figure for its core principles:
Docker can build a single operating system (rootfs) and a standalone application (Docker build) into a container image, and the container image is quickly run on a single machine (Docker run). Sealer regards Kubernetes as the operating system of the entire cluster (cloud rootfs) and builds (Sealer build) a cluster image with the distributed applications deployed on it. Then, the cluster image is quickly run on the cluster (Sealer run). At the same time, the cluster image can be pushed (push) to public image repositories (such as DockerHub and Alibaba Cloud Container Image Service) to be shared with other users.
To briefly describe, you can write a Kubefile through a file (like Dockerfile):
FROM registry.cn-qingdao.aliyuncs.com/sealer-io/kubernetes:v1.19.9
RUN wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
CMD kubectl apply -f recommended.yaml
You can build a cluster image using the following Sealer build command:
sealer build -t registry.cn-qingdao.aliyuncs.com/sealer-io/dashboard:latest .
Then, you can make a cluster image containing dashboard, and you can run or share it with others.
You can push the created cluster image to the image repository. The cluster image repository is compatible with the standard of the Docker image repository. Therefore, you can push the cluster image to Docker hub, Alibaba Cloud Container Registry (ACR), or Harbor.
sealer push registry.cn-qingdao.aliyuncs.com/sealer-io/dashboard:latest
Reporter: In other words, Sealer can package and build Kubernetes and the applications deployed on Kubernetes, and the cluster can also be managed by other products.
ACK Distro: Yes, this is what we are after. We expect to bring you a consistent experience. In addition, Sealer has the following three technical advantages.
The storage of cluster images is also implemented by copy-on-write. This has two benefits. It allows us to reuse different distributed software by putting the software in the same cluster in different layers. It also allows us to push cluster images directly into the Docker image repository.
1) The process of Sealer build is different from Docker build. The strength of Sealer build is that it can execute the apply instruction defined in Kubefile without the ability to use the Kubernetes cluster.
2) Sealer can only pull images from the public network when there is no image in the private image repository to be directly pulled.
The high availability of Sealer clusters is achieved based on the lightweight load balancing named lvscare. Compared with other load balancing, lvscare is very small, with only a few hundred lines of code. Lvscare only manages IPVS rules but does not perform load itself, which makes it very stable. Lvscare can monitor apiserver directly on the node. It can remove the corresponding rule if it fails and automatically adds the corresponding rule back after rerunning. Therefore, it is equivalent to a dedicated load balancer.
Reporter: It deserves its fame. Could you tell us what causes this wonderful cooperation? Why do you choose Sealer as a partner?
ACK Distro: My most important mission is to help users easily and quickly use ACK on their infrastructure with a consistent experience. With this goal, the ability to deliver stably on various infrastructures is particularly important, and the ability provided by Sealer solves this problem very well.
First of all, the standardized packaging capability provided by Sealer eliminates the tedious work of customizing a set of packaging logic.
Secondly, the command delivered by Sealer is simple and time-saving. You can use one command to deploy the ACK Distro cluster in a few minutes, which is efficient. Moreover, I directly benefit from Sealer's ability to support diverse infrastructure.
In runtime, technologies provided by Sealer (such as load balancing and image cache) help me achieve high availability and stable operation in an offline environment without relying on the capability of the public cloud. Finally, based on the Kubefile of Sealer, users can use ACK Distro as a basic image to flexibly customize their cluster images to empower more developers.
ACK Distro: After understanding the importance of Sealer, you can check the following steps to obtain ACK Distro through Sealer.
wget -c http://sealer.oss-cn-beijing.aliyuncs.com/sealers/sealer-v0.5.2-linux-amd64.tar.gz
tar -xvf sealer-v0.5.2-linux-amd64.tar.gz -C /usr/bin
sealer run
ack-agility-registry.cn-shanghai.cr.aliyuncs.com/ecp_builder/ackdistro:v1.20.4-ack-2 -m ${master_ip1}[,${master_ip2},${master_ip3}] [-n ${worker_ip1...}] -p password
kubectl get cs
sealer join -m ${master_ip1}[,${master_ip2},${master_ip3}] [ -n ${worker_ip1}...]
sealer delete -m ${master_ip1}[,${master_ip2},${master_ip3}] [ -n ${worker_ip1}...]
sealer delete -a
If you still have questions, please refer to the official GitHub library of ACK Distro.
Reporter: As you mentioned, users can use ACK Distro as a basic image to flexibly customize their cluster images. How should they operate in detail?
ACK Distro: Let me use Istio as an example to explain it to you.
FROM ack-distro:1.1
RUN curl -L https://istio.io/downloadIstio | sh -
sealer build -f Kubefile -m lite -t ack-distro-istio:v0.0.1 .
sealer run ack-distro-istio:v0.0.1 -m ${master_ip1}[,${master_ip2},${master_ip3}] [ -n ${worker_ip1}...] -p password
You can build a plus-version cluster image with Istio based on ACK Distro and deploy it in various infrastructures through the five steps above. This new cluster image can use all my features, including the capability of delivery.
Istio is just a sample. I believe you can see that you have sufficient freedom to customize your images using Kubefile. You can package them in this way As long as your components can be deployed on Kubernetes.
Reporter: I see. Do you have anything else to add?
ACK Distro: With the help of Sealer, I have implemented fast and stable delivery of ACK. I can also implement fast delivery of most containerized distributed software. At the same time, members of the ACK Distro Project Team are also important participants in the Sealer project. The two projects complement each other and are committed to bringing a better container service experience to developers.
Reporter: Thank you for your careful explanation, ACK Distro. That's it for our first in-depth interview! We look forward to the next one.
ACK Distro: See you next time!
How Does Laidian Technology Implement Microservice Governance after Full Containerization?
201 posts | 12 followers
FollowAlibaba Cloud Native - May 23, 2022
Alibaba Cloud Native - May 23, 2022
Alibaba Cloud Native Community - May 31, 2022
Alibaba Developer - December 14, 2021
Alibaba Cloud Native Community - June 29, 2022
Alibaba Cloud Native Community - July 6, 2022
201 posts | 12 followers
FollowAlibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.
Learn MoreProvides a control plane to allow users to manage Kubernetes clusters that run based on different infrastructure resources
Learn MoreAccelerate and secure the development, deployment, and management of containerized applications cost-effectively.
Learn MoreA secure image hosting platform providing containerized image lifecycle management
Learn MoreMore Posts by Alibaba Cloud Native