Community Blog Sealer Becomes CNCF Sandbox Project to Build New Standards for Distributed Application Delivery

Sealer Becomes CNCF Sandbox Project to Build New Standards for Distributed Application Delivery

This article discusses Sealer joining CNCF Sandbox and details surrounding Sealer.


By Sealer Community

On April 26, 2022, Cloud Native Computing Foundation (CNCF) voted that the open-source Sealer project is allowed to become an official CNCF sandbox project in the TOC regular meeting. The Sealer project was born in Alibaba Cloud Intelligence to deal with the standardization of packaging, distribution, and operation of distributed software. Since May 2021, Alibaba Cloud engineers firmly made the project open-source at the very beginning of its development. Over the past year, Sealer has been widely favored by users in the independent software vendor (ISV) market. Thanks to its innovative ideas and fast-growing user base in a short period, Sealer has successfully applied for and been accepted by CNCF. On May 16, this new CNCF Sandbox project will also appear at the KubeCon EU Summit to share its technical architecture, community progress, and roadmap with cloud-native developers worldwide.

Sealer Project GitHub Link

Project Architecture

In general, Kubefile is the core innovative point of Sealer. So far, Sealer has been the first project in the industry to abstract the concept of cluster image. It uses Kubefile (a description file similar to Dockerfile) to build an image of the entire cluster and makes it run anywhere. The cluster image built by Kubefile can package all the files the entire cluster depends on and run in minutes with one command.


If you are required to deliver a cluster containing highly available MySQL, Redis, and WordPress, you only need to define a Kubefile, which is very similar to Dockerfile. You can package all the dependencies of Kubernetes and all the components into CloudImage with the Sealer build command and then use the CMD command to specify the commands to be executed after the cluster is started.


Compared with the workflow of Docker, Sealer can define a Kubefile build and a CloudImage and then use a Clusterfile to put in parameters required by the entire cluster, such as the server IP address list or component configuration. Finally, the entire cluster can be delivered by the Sealer run.

Feature Benefits

Docker images solve the problem of packaging a single application but do not solve image-related problems of distributed applications. Orchestration tools (such as Helm) deal with the orchestration problem but do not deal with the packaging problem. Currently, there are no packaging standards for clusters, and it is complicated to build a custom Kubernetes cluster. Moreover, the deployment of the entire cluster and distributed applications is only process-oriented, and surging delivery problems have not been solved. In addition, the overall delivery consistency of the cluster is poor. A distributed application often has many configurations as well as many application images and dependencies, especially in the Alibaba Cloud Apsara Stack delivery field. Even in some cases, it needs to be delivered offline. The delivery process encounters significant challenges.

A cluster image regards the entire cluster as a server and Kubernetes as a cloud operating system. It realizes image-based packaging and delivery of the entire cluster and provides the out-of-the-box technology of application packaging for enterprise-level software. A cluster image can use a very simple method to package all the dependencies of an application in a standardized way and run them into a customer's cluster with one click. It can be compatible with complex infrastructure, but you need to ensure the cluster image construction process runs without problems. A large number of built reusable images will be provided in the cluster image marketplace. Software users can flexibly combine these image services with their applications like building blocks, such as databases on which SaaS applications depend, MSMQ, and even Kubernetes itself that can be found in the market.

Using cluster image technology can ultimately help enterprises pull up a complex custom cluster with one click, improving delivery efficiency and reducing delivery error rates. Directly reusing mature and stable components can also improve software stability. Delivery staff no longer have to worry about complex deployment details, and problems related to collaboration between software producers and customers are addressed.

  • Simple: People using Docker can easily accept the method that Sealer uses to build an entire cluster image. One command can run a complex cluster.
  • Efficient: Sealer can quickly start the entire cluster within minutes, and it can improve the distribution performance of large images by 60% by enabling the Nydus feature.
  • Stable: Sealer has been used by dozens of enterprises. Thanks to its high adaptability, it is compatible with almost all mainstream Linux systems.
  • Sealer has powerful features and supports configuration management, plug-in management, multi-architecture, GPU, containerd, and other features.

Usage Scenarios

  • Installation and lifecycle management of Kubernetes cluster
  • Middleware, database, and SaaS applications are packaged as a whole and run in one click.
  • Offline delivery and cloud delivery
  • Localization, GPU, and other support
  • Run high-availability middleware and services with one click, such as MySQL, Kafka, and Redis clusters
  • The ability to freely assemble clusters: Custom images can be generated using Kubefile or a combination of cluster images to meet user requirements.

Progress in the Community

Sealer has 52 contributors. Currently, dozens of customers are using Sealer.

Sealer has gradually stabilized its user interface, and a lot of optimizations have been made in the past year. Building a cluster image has been reduced from 25 minutes to three minutes. The runtime performance of a large image is reduced from an hour to less than ten minutes. It only takes three minutes to minimize a cluster, and the connection of public cloud drivers is reduced from three minutes to 29 seconds.

In terms of user experience, Sealer v0.8.0 (released in April 2022) upgraded Clusterfile to version 2.0, which is more streamlined, easy to expand, and fully compatible with all kubeadm configurations. It supports the modification of any configuration in cluster images through deep merging and full lifecycle plug-ins, the capability for customizing script execution. It also has more plug-ins and flexible plug-ins. In addition, it supports the development of out-of-tree plug-ins using the Go programming language. The out-of-tree plug-in mechanism provides more freedom to customize Sealer.

In terms of ecosystem, Sealer supports more than 20 common cluster images, such as Prometheus, MySQL, Redis, and Kafka. Therefore, users can use commands like sealer run mysql:8.0 to start a highly available MySQL cluster with one click.

ACK Distro [1] (Alibaba Cloud Container Service for Kubernetes) and CNStack Community Edition [2] (downloadable for free from the Alibaba Cloud technical middle platform) are also based on the Sealer technology to achieve the capabilities for the packaging, distribution, and delivery of the entire container platform. At the same time, community developers are allowed to add open-source components or their components through the Kubefile extension of Sealer to create more complex software stacks and support more application scenarios.


  • Sealer continuously optimizes existing features and creates elaborate cluster images, making every cluster image available for production easy to use.
  • Sealer supports more runtimes, such as k3s and k0s.
  • Sealer improves its performance and efficiency, and realizes the ability to start the entire cluster in a few seconds.
  • Sealer strengthens community governance and refines rules for maintainers to enter or withdraw from Sealer, making the entire community more open.

The core concept of Sealer is to build the entire cluster and distributed applications like Docker, ensuring consistency in the entire cluster latitude to build, share, and run all distributed software in the entire cluster.


[1] ACK Distro:

[2] CNStack Community Edition:

0 0 0
Share on

You may also like


Related Products