Community Blog An In-Depth Interview with ACK Distro – Part 1: How to Use Sealer to Achieve Rapid Building and Deployment

An In-Depth Interview with ACK Distro – Part 1: How to Use Sealer to Achieve Rapid Building and Deployment

Part 1 of this 3-part series explains what ACK Distro is, how it was created, and how it cooperates with its partners.

By Huaiyou, Wang Fei, and Yujia

Reporter: Hello, Alibaba Cloud-Native readers. Today, in response to the high expectation of interested readers, we have invited the Distribution of Alibaba Cloud Container Service for Kubernetes (ACK Distro) to our column to tell you how it is created and how it cooperates with its partners. It is expected that you can have a consistent and the best experience on your infrastructure. Please do not miss this interview!

ACK Distro: Hello, I am the Distribution of Alibaba Cloud Container Service for Kubernetes. You can also call me ACK Distro. In this interview, I will explain my good partner, Sealer, the open-source cluster image technology of Alibaba, in detail and how I can use it to achieve fast and stable delivery of Alibaba Cloud ACK services.

What Is ACK Distro?

Reporter: Before introducing your partner, let's enter the first section. Many new readers still do not know who you are and your features. Please introduce yourself.

ACK Distro: Okay. I am the Kubernetes distribution released by Alibaba for a heterogeneous IaaS environment. I can deploy the Agility Edition of Container Service for Kubernetes, which is privatized and output in heterogeneous IaaS. I can produce and maintain Kubernetes clusters by default. When you use the Agility Edition of Container Service for Kubernetes, you can realize basic O&M, such as deployment, upgrade, and expansion of ACK Distro clusters, through simple platform interaction.

My partners are the core components that have passed the verification and security checks of ACK and core business scenarios of Alibaba Group in mass production environments. They all have industry-leading security and reliability.

As a complete Kubernetes distribution, I can use Sealer, the open-source cluster image technology, to easily and quickly deliver to the offline environment to help you manage clusters more simply and flexibly. These components support X86 and ARM hardware architectures and include a high-performance network plug-in named Hybridnet. The plug-in ensures that I can run smoothly on different infrastructures. At the same time, I can be registered on ACK, which achieves consistent resource management, policy compliance, and traffic control so you can get the same user experience as on online ACK clusters. In addition, I will disclose a detailed explanation of Hybridnet in the second interview. Please look forward to that.

The Definition of Sealer and Its Core Principles

Reporter: You just mentioned you can manage clusters more simply and flexibly using Sealer. What is it, and what are its core principles?

ACK Distro: As an open-source solution of Alibaba, Sealer helps package, deliver, and run distributed applications quickly. It can solve the delivery problem of complex applications by packaging distributed applications, their database middleware, and other dependencies together.

The product built by Sealer is called cluster images that contain a complete set of Kubernetes containers. The combination of cluster images and Kubernetes container solves the problem of consistency in the delivery of distributed applications.


Please refer to the following figure for its core principles:


Docker can build a single operating system (rootfs) and a standalone application (Docker build) into a container image, and the container image is quickly run on a single machine (Docker run). Sealer regards Kubernetes as the operating system of the entire cluster (cloud rootfs) and builds (Sealer build) a cluster image with the distributed applications deployed on it. Then, the cluster image is quickly run on the cluster (Sealer run). At the same time, the cluster image can be pushed (push) to public image repositories (such as DockerHub and Alibaba Cloud Container Image Service) to be shared with other users.

To briefly describe, you can write a Kubefile through a file (like Dockerfile):

FROM registry.cn-qingdao.aliyuncs.com/sealer-io/kubernetes:v1.19.9
RUN wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
CMD kubectl apply -f recommended.yaml

You can build a cluster image using the following Sealer build command:

sealer build -t registry.cn-qingdao.aliyuncs.com/sealer-io/dashboard:latest .

Then, you can make a cluster image containing dashboard, and you can run or share it with others.

You can push the created cluster image to the image repository. The cluster image repository is compatible with the standard of the Docker image repository. Therefore, you can push the cluster image to Docker hub, Alibaba Cloud Container Registry (ACR), or Harbor.

sealer push registry.cn-qingdao.aliyuncs.com/sealer-io/dashboard:latest

Reporter: In other words, Sealer can package and build Kubernetes and the applications deployed on Kubernetes, and the cluster can also be managed by other products.

ACK Distro: Yes, this is what we are after. We expect to bring you a consistent experience. In addition, Sealer has the following three technical advantages.

Technical Advantages of Sealer


The storage of cluster images is also implemented by copy-on-write. This has two benefits. It allows us to reuse different distributed software by putting the software in the same cluster in different layers. It also allows us to push cluster images directly into the Docker image repository.

Container Image Cache

1) The process of Sealer build is different from Docker build. The strength of Sealer build is that it can execute the apply instruction defined in Kubefile without the ability to use the Kubernetes cluster.

2) Sealer can only pull images from the public network when there is no image in the private image repository to be directly pulled.


Load Balancing

The high availability of Sealer clusters is achieved based on the lightweight load balancing named lvscare. Compared with other load balancing, lvscare is very small, with only a few hundred lines of code. Lvscare only manages IPVS rules but does not perform load itself, which makes it very stable. Lvscare can monitor apiserver directly on the node. It can remove the corresponding rule if it fails and automatically adds the corresponding rule back after rerunning. Therefore, it is equivalent to a dedicated load balancer.


Reporter: It deserves its fame. Could you tell us what causes this wonderful cooperation? Why do you choose Sealer as a partner?

ACK Distro: My most important mission is to help users easily and quickly use ACK on their infrastructure with a consistent experience. With this goal, the ability to deliver stably on various infrastructures is particularly important, and the ability provided by Sealer solves this problem very well.

First of all, the standardized packaging capability provided by Sealer eliminates the tedious work of customizing a set of packaging logic.

Secondly, the command delivered by Sealer is simple and time-saving. You can use one command to deploy the ACK Distro cluster in a few minutes, which is efficient. Moreover, I directly benefit from Sealer's ability to support diverse infrastructure.

In runtime, technologies provided by Sealer (such as load balancing and image cache) help me achieve high availability and stable operation in an offline environment without relying on the capability of the public cloud. Finally, based on the Kubefile of Sealer, users can use ACK Distro as a basic image to flexibly customize their cluster images to empower more developers.

How to Use ACK Distro through Sealer

ACK Distro: After understanding the importance of Sealer, you can check the following steps to obtain ACK Distro through Sealer.

Obtain Sealer Tools

wget -c http://sealer.oss-cn-beijing.aliyuncs.com/sealers/sealer-v0.5.2-linux-amd64.tar.gz
tar -xvf sealer-v0.5.2-linux-amd64.tar.gz -C /usr/bin

Obtain the Products of ACK Distro and Pull up a Cluster

sealer run
ack-agility-registry.cn-shanghai.cr.aliyuncs.com/ecp_builder/ackdistro:v1.20.4-ack-2 -m ${master_ip1}[,${master_ip2},${master_ip3}] [-n ${worker_ip1...}] -p password

View the Status of the Cluster

kubectl get cs

Scale-Out Nodes

sealer join -m ${master_ip1}[,${master_ip2},${master_ip3}] [ -n ${worker_ip1}...]

Scale-In Nodes

sealer delete -m ${master_ip1}[,${master_ip2},${master_ip3}] [ -n ${worker_ip1}...]

Clean up ACK Distro Cluster

sealer delete -a

If you still have questions, please refer to the official GitHub library of ACK Distro.

Take Istio as an Example to Build Cluster Images Based on ACK Distro

Reporter: As you mentioned, users can use ACK Distro as a basic image to flexibly customize their cluster images. How should they operate in detail?

ACK Distro: Let me use Istio as an example to explain it to you.

Build an Image on the Original Basic Image of ACK Distro and Write Kubefile

FROM ack-distro:1.1
RUN  curl -L https://istio.io/downloadIstio | sh -

Build an Image

sealer build -f Kubefile -m lite -t ack-distro-istio:v0.0.1 .

Obtain ack-distro-istio:0.0.1


Deploy ack-distro-istio:0.0.1

sealer run ack-distro-istio:v0.0.1 -m ${master_ip1}[,${master_ip2},${master_ip3}] [ -n ${worker_ip1}...] -p password

View Istio


You can build a plus-version cluster image with Istio based on ACK Distro and deploy it in various infrastructures through the five steps above. This new cluster image can use all my features, including the capability of delivery.

Istio is just a sample. I believe you can see that you have sufficient freedom to customize your images using Kubefile. You can package them in this way As long as your components can be deployed on Kubernetes.

Reporter: I see. Do you have anything else to add?

ACK Distro: With the help of Sealer, I have implemented fast and stable delivery of ACK. I can also implement fast delivery of most containerized distributed software. At the same time, members of the ACK Distro Project Team are also important participants in the Sealer project. The two projects complement each other and are committed to bringing a better container service experience to developers.

Reporter: Thank you for your careful explanation, ACK Distro. That's it for our first in-depth interview! We look forward to the next one.

ACK Distro: See you next time!


Next Article

0 0 0
Share on

Alibaba Cloud Native

164 posts | 12 followers

You may also like


Alibaba Cloud Native

164 posts | 12 followers

Related Products