From 2aeaec90c6ac567316c0da218d64e839f9e2fb84 Mon Sep 17 00:00:00 2001 From: kakazhou Date: Tue, 25 Jul 2023 14:36:21 +0800 Subject: [PATCH] add v0.11.0 doc Signed-off-by: kakazhou add v0.11.0 doc Signed-off-by: kakazhou add v0.11.0 doc Signed-off-by: kakazhou --- src/.vuepress/config.js | 73 +- src/docs/command/image/sealer_build.md | 1 + src/docs/concept/clusterfile.md | 31 + src/docs/getting-started/install-sealer.md | 4 +- .../advanced/customize-cluster-image.md | 484 +++++++++ src/v0.10.0/advanced/run-with-clusterfile.md | 30 + src/v0.10.0/advanced/sealer-run-rootless.md | 35 + .../advanced/use-sealer-image-offline.md | 496 ++++++++++ .../advanced/use-sealer-in-container.md | 70 ++ src/v0.10.0/best-practices/intro.md | 1 + src/v0.10.0/command/alpha/sealer_alpha.md | 43 + .../command/alpha/sealer_alpha_check.md | 47 + .../command/alpha/sealer_alpha_debug.md | 40 + .../command/alpha/sealer_alpha_debug_clean.md | 40 + .../command/alpha/sealer_alpha_debug_node.md | 40 + .../command/alpha/sealer_alpha_debug_pod.md | 41 + .../alpha/sealer_alpha_debug_show-images.md | 40 + .../command/alpha/sealer_alpha_exec.md | 54 + .../command/alpha/sealer_alpha_host-alias.md | 34 + .../command/alpha/sealer_alpha_manifest.md | 49 + .../alpha/sealer_alpha_manifest_add.md | 50 + .../alpha/sealer_alpha_manifest_create.md | 42 + .../alpha/sealer_alpha_manifest_delete.md | 42 + .../alpha/sealer_alpha_manifest_inspect.md | 42 + .../alpha/sealer_alpha_manifest_push.md | 48 + .../alpha/sealer_alpha_manifest_remove.md | 42 + .../command/alpha/sealer_alpha_mount.md | 43 + .../command/alpha/sealer_alpha_search.md | 42 + .../command/alpha/sealer_alpha_umount.md | 43 + src/v0.10.0/command/cluster/cluster.md | 11 + src/v0.10.0/command/cluster/sealer_apply.md | 63 ++ src/v0.10.0/command/cluster/sealer_cert.md | 57 ++ src/v0.10.0/command/cluster/sealer_delete.md | 62 ++ .../command/cluster/sealer_rollback.md | 49 + src/v0.10.0/command/cluster/sealer_run.md | 69 ++ .../command/cluster/sealer_scale-up.md | 61 ++ src/v0.10.0/command/cluster/sealer_upgrade.md | 54 + src/v0.10.0/command/image/image.md | 17 + src/v0.10.0/command/image/sealer_build.md | 78 ++ src/v0.10.0/command/image/sealer_images.md | 55 ++ src/v0.10.0/command/image/sealer_inspect.md | 52 + src/v0.10.0/command/image/sealer_load.md | 55 ++ src/v0.10.0/command/image/sealer_login.md | 52 + src/v0.10.0/command/image/sealer_logout.md | 49 + src/v0.10.0/command/image/sealer_pull.md | 53 + src/v0.10.0/command/image/sealer_push.md | 52 + src/v0.10.0/command/image/sealer_rmi.md | 59 ++ src/v0.10.0/command/image/sealer_save.md | 58 ++ src/v0.10.0/command/image/sealer_tag.md | 49 + src/v0.10.0/command/sealer.md | 30 + src/v0.10.0/concept/clusterfile.md | 923 ++++++++++++++++++ src/v0.10.0/concept/kubefile.md | 276 ++++++ src/v0.10.0/concept/sealer-image.md | 113 +++ src/v0.10.0/contributing/code-of-conduct.md | 3 + src/v0.10.0/contributing/contribute.md | 11 + src/v0.10.0/getting-started/install-sealer.md | 61 ++ src/v0.10.0/getting-started/quick-start.md | 139 +++ src/v0.10.0/help/contact.md | 13 + src/v0.10.0/help/faq.md | 50 + src/v0.10.0/introduction/architecture.md | 31 + src/v0.10.0/introduction/introduction.md | 24 + src/v0.10.0/reference/buildah.md | 1 + src/v0.10.0/release-notes/0.9.2.md | 9 + .../sealer-images/application-images.md | 1 + src/v0.10.0/sealer-images/cluster-images.md | 32 + 65 files changed, 4816 insertions(+), 3 deletions(-) create mode 100644 src/v0.10.0/advanced/customize-cluster-image.md create mode 100644 src/v0.10.0/advanced/run-with-clusterfile.md create mode 100644 src/v0.10.0/advanced/sealer-run-rootless.md create mode 100644 src/v0.10.0/advanced/use-sealer-image-offline.md create mode 100644 src/v0.10.0/advanced/use-sealer-in-container.md create mode 100644 src/v0.10.0/best-practices/intro.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_check.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_debug.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_debug_clean.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_debug_node.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_debug_pod.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_debug_show-images.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_exec.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_host-alias.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_manifest.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_manifest_add.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_manifest_create.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_manifest_delete.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_manifest_inspect.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_manifest_push.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_manifest_remove.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_mount.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_search.md create mode 100644 src/v0.10.0/command/alpha/sealer_alpha_umount.md create mode 100644 src/v0.10.0/command/cluster/cluster.md create mode 100644 src/v0.10.0/command/cluster/sealer_apply.md create mode 100644 src/v0.10.0/command/cluster/sealer_cert.md create mode 100644 src/v0.10.0/command/cluster/sealer_delete.md create mode 100644 src/v0.10.0/command/cluster/sealer_rollback.md create mode 100644 src/v0.10.0/command/cluster/sealer_run.md create mode 100644 src/v0.10.0/command/cluster/sealer_scale-up.md create mode 100644 src/v0.10.0/command/cluster/sealer_upgrade.md create mode 100644 src/v0.10.0/command/image/image.md create mode 100644 src/v0.10.0/command/image/sealer_build.md create mode 100644 src/v0.10.0/command/image/sealer_images.md create mode 100644 src/v0.10.0/command/image/sealer_inspect.md create mode 100644 src/v0.10.0/command/image/sealer_load.md create mode 100644 src/v0.10.0/command/image/sealer_login.md create mode 100644 src/v0.10.0/command/image/sealer_logout.md create mode 100644 src/v0.10.0/command/image/sealer_pull.md create mode 100644 src/v0.10.0/command/image/sealer_push.md create mode 100644 src/v0.10.0/command/image/sealer_rmi.md create mode 100644 src/v0.10.0/command/image/sealer_save.md create mode 100644 src/v0.10.0/command/image/sealer_tag.md create mode 100644 src/v0.10.0/command/sealer.md create mode 100644 src/v0.10.0/concept/clusterfile.md create mode 100644 src/v0.10.0/concept/kubefile.md create mode 100644 src/v0.10.0/concept/sealer-image.md create mode 100644 src/v0.10.0/contributing/code-of-conduct.md create mode 100644 src/v0.10.0/contributing/contribute.md create mode 100644 src/v0.10.0/getting-started/install-sealer.md create mode 100644 src/v0.10.0/getting-started/quick-start.md create mode 100644 src/v0.10.0/help/contact.md create mode 100644 src/v0.10.0/help/faq.md create mode 100644 src/v0.10.0/introduction/architecture.md create mode 100644 src/v0.10.0/introduction/introduction.md create mode 100644 src/v0.10.0/reference/buildah.md create mode 100644 src/v0.10.0/release-notes/0.9.2.md create mode 100644 src/v0.10.0/sealer-images/application-images.md create mode 100644 src/v0.10.0/sealer-images/cluster-images.md diff --git a/src/.vuepress/config.js b/src/.vuepress/config.js index 3540d5c..ee62860 100644 --- a/src/.vuepress/config.js +++ b/src/.vuepress/config.js @@ -14,7 +14,8 @@ enSideBar = { {text: 'v0.9.0', link: '/v0.9.0/introduction/introduction'}, {text: 'v0.9.1', link: '/v0.9.1/introduction/introduction'}, {text: 'v0.9.2', link: '/v0.9.2/introduction/introduction'}, - {text: 'v0.10.0', link: '/docs/introduction/introduction'}, + {text: 'v0.10.0', link: '/v0.10.0/introduction/introduction'}, + {text: 'v0.11.0', link: '/docs/introduction/introduction'}, ] }, ], @@ -90,6 +91,76 @@ enSideBar = { }, // 'release-notes/0.9.2', ], + '/v0.10.0/': [ + { + title: 'Introduction', + collapsable: true, + children: [ + 'introduction/introduction', + 'introduction/architecture', + ] + }, + { + title: 'Getting Started', + collapsable: true, + children: [ + 'getting-started/quick-start', + 'getting-started/install-sealer', + ] + }, + { + title: 'Commands', + collapsable: true, + children: [ + 'command/sealer', + 'command/image/image', + 'command/cluster/cluster', + 'command/alpha/sealer_alpha', + ] + }, + { + title: 'Concepts', + collapsable: true, + children: [ + 'concept/kubefile', + 'concept/sealer-image', + 'concept/clusterfile', + ] + }, + { + title: 'Advanced', + collapsable: true, + children: [ + 'advanced/customize-cluster-image', + 'advanced/use-sealer-image-offline', + 'advanced/run-with-clusterfile', + 'advanced/sealer-run-rootless', + ] + }, + { + title: 'Find Sealer Images', + collapsable: true, + children: [ + 'sealer-images/cluster-images', + ] + }, + { + title: 'Contributing', + collapsable: true, + children: [ + 'contributing/code-of-conduct', + 'contributing/contribute', + ] + }, + { + title: 'Help', + collapsable: true, + children: [ + 'help/contact', + 'help/faq', + ] + }, + ], '/v0.9.2/': [ { title: 'Introduction', diff --git a/src/docs/command/image/sealer_build.md b/src/docs/command/image/sealer_build.md index 67bc0ac..8facc53 100644 --- a/src/docs/command/image/sealer_build.md +++ b/src/docs/command/image/sealer_build.md @@ -37,6 +37,7 @@ build multi-platform image: --build-arg strings set custom build args -f, --file string Kubefile filepath (default "Kubefile") -h, --help help for build + --build-mode whether to download container image during the build process. default is `all`. --ignored-image-list pathname pathname of ignored image list filepath, if set, sealer will read its contents and prevent downloading of the corresponding container image (default "filepath") --image-list pathname pathname of imageList filepath, if set, sealer will read its content and download extra container (default "filepath") --image-list-with-auth pathname pathname of imageListWithAuth.yaml filepath, if set, sealer will read its content and download extra container images to rootfs(not usually used) diff --git a/src/docs/concept/clusterfile.md b/src/docs/concept/clusterfile.md index d26ae96..2d34587 100644 --- a/src/docs/concept/clusterfile.md +++ b/src/docs/concept/clusterfile.md @@ -31,6 +31,9 @@ type ClusterSpec struct { HostAliases []HostAlias `json:"hostAliases,omitempty"` // Registry field contains configurations about local registry and remote registry. Registry Registry `json:"registry,omitempty"` + // DataRoot set sealer rootfs directory path. + // if not set, default value is "/var/lib/sealer/data" + DataRoot string `json:"dataRoot,omitempty"` } type Host struct { @@ -301,6 +304,34 @@ spec: roles: [ node ] ``` +#### Changing default rootfs data path in Clusterfile + +When running a sealer image, sealer will mount the image content to rootfs data path. In some case, user want to change +this data path due to some reason, and then user could change default rootfs data path in Clusterfile via this +field `v2.cluster.spec.DataRoot`. if not set, sealer will use default rootfs data path `/var/lib/sealer/data` as default +data directory. + +```yaml +apiVersion: sealer.io/v2 +kind: Cluster +metadata: + name: my-cluster +spec: + dataRoot: /tmp/kaka + hosts: + - ips: + - 172.25.146.174 + roles: + - master + ssh: { } + image: docker.io/sealerio/kubernetes:v1-22-15-sealerio-2 + ssh: + passwd: xxxxx + pk: /root/.ssh/id_rsa + port: "22" + user: root +``` + ## Config API Using config, you can overwrite or merge any config files you want. Like chart values, kubeadm config file ... diff --git a/src/docs/getting-started/install-sealer.md b/src/docs/getting-started/install-sealer.md index 2e462ed..6f141ca 100644 --- a/src/docs/getting-started/install-sealer.md +++ b/src/docs/getting-started/install-sealer.md @@ -16,13 +16,13 @@ and installed. 1. Download sealer binary ```shell -wget https://github.com/sealerio/sealer/releases/download/v0.10.0/sealer-v0.10.0-linux-amd64.tar.gz +wget https://github.com/sealerio/sealer/releases/download/v0.11.0/sealer-v0.11.0-linux-amd64.tar.gz ``` 2. Unpack it ```shell -tar zxvf sealer-v0.10.0-linux-amd64.tar.gz +tar zxvf sealer-v0.11.0-linux-amd64.tar.gz ``` 3. Find the sealer binary in the unpacked directory, and move it to its desired destination diff --git a/src/v0.10.0/advanced/customize-cluster-image.md b/src/v0.10.0/advanced/customize-cluster-image.md new file mode 100644 index 0000000..3ff94cc --- /dev/null +++ b/src/v0.10.0/advanced/customize-cluster-image.md @@ -0,0 +1,484 @@ +# Customize sealer image + +## Customize the basefs + +All the files which run a kubernetes cluster needs. + +Contains: + +* Bin files, like docker, containerd, crictl ,kubeadm, kubectl... +* Config files, like kubelet systemd config, docker systemd config, docker daemon.json... +* Registry docker image. +* Registry files, contains all the docker image, like kubernetes core component docker images... +* Scripts, some shell script using to install docker and kubelet... sealer will call init.sh and clean.sh. +* Other static files + +rootfs dendrogram + +``` +. +├── application # app file, including chart package, script, yaml file. +│   └── apps +│   └── calico +│   └── calico.sh +├── applications +│   ├── custom-resources.yaml +│   └── tigera-operator.yaml +├── bin # some binaries +│   ├── conntrack +│   ├── containerd-rootless-setuptool.sh +│   ├── containerd-rootless.sh +│   ├── crictl +│   ├── kubeadm +│   ├── kubectl +│   ├── kubelet +│   ├── nerdctl +│   └── seautil +├── cri # cri bin files include docker,containerd,runc. +│   └── docker.tar.gz +├── etc +│   ├── 10-kubeadm.conf +│   ├── daemon.json # docker daemon config file. +│   ├── docker.service +│   ├── kubeadm.yml # kubeadm config including Cluster Configuration,JoinConfiguration and so on. +│   ├── kubeadm.yml.tmpl # kubeadm.yaml file template +│   ├── kubelet.service +│   └── registry_config.yml # docker registry config including storage root directory and http related config. +├── images # registry cri images. +│   └── docker-amd64-registry-image.tar.gz # registry docker image, will load this image and run a local registry in cluster. +├── lib # library file directory +│   ├── gperf-3.1.tar.gz +│   ├── install_libseccomp.sh +│   └── libseccomp-2.5.4.tar.gz +├── manifests # when the sealer builds, it will parse all the yaml files under this directory and extract the address of the container image inside, and then pull +│   └── imageList # this is a special file that contains a list of other mirror addresses that need to be pulled. For example, the mirror address cannot be resolved by the sealer in the CRD, so it needs to be manually configured in this file. +├── registry # will mount this dir to local registry +│   └── docker +│   └── registry +├── scripts # store script files +│   ├── docker.sh +│   ├── init-kube.sh +│   ├── init-registry.sh +│   ├── kubelet-pre-start.sh +│   └── uninstall-docker.sh +└── statics # yaml files, sealer will render values in those files + └── audit-policy.yml +``` + +### How can I get basefs + +1. Pull a BaseImage `sealer pull sealerio/kubernetes:v1-22-15-sealerio-2` +2. View the image layer information `sealer inspect kubernetes:v1-22-15-sealerio-2` +3. Get the image build file `sealer alpha mount kubernetes:v1-22-15-sealerio-2` + +You will find the context of the image build. + +### Build your own basefs + +You can edit any files in basefs you want, for example you want to define your own docker daemon.json, just edit it and +build a new CloudImage. + +```shell script +FROM scratch +COPY . . +``` + +```shell script +sealer build -t user-defined-kubernetes:v1.19.8 . +``` + +Then you can use this image as a BaseImage. + +### OverWrite basefs files + +Sometimes you don't want to care about the basefs context, but need custom some config. + +You can use `kubernetes:v1-22-15-sealerio-2` as BaseImage, and use your own config file to overwrite the default file in +basefs. + +For example: daemon.json is your docker engine config, using it to overwrite default config: + +```shell script +FROM kubernetes:v1-22-15-sealerio-2 +COPY daemon.json etc/ +``` + +```shell script +sealer build -t user-defined-kubernetes:v1-22-15-sealerio-2 . +``` + +## Build the cloud image + +### Build with specific directory + +#### images directory + +Directory to save container images,the offline image in this directory will be load into the built-in registry when +sealer run. + +Examples: copy offline tar file to this directory. + +`COPY mysql.tar images` + +#### plugin directory + +Directory to save plugin files, the plugin file in this directory will be load into the runtime interface when sealer +run. + +Examples: copy plugin config file to this directory. + +plugin config: shell.yaml: + +``` +apiVersion: sealer.io/v1 +kind: Plugin +metadata: + name: pre_init_host # Specify this plugin name,will dump in $rootfs/plugin dir. +spec: + type: SHELL + action: pre-init-host + scope: master/node + data: | + set -e;set -x + bash scripts/pre_init_host.sh +``` + +`COPY shell.yaml plugins` + +#### charts directory + +Directory to save charts packages,When sealer builds, it parses the charts file in this directory, and downloads and +saves the corresponding container image. + +Examples: copy nginx charts to this directory. + +`COPY nginx charts` + +#### manifests directory + +Directory to save yaml file or "imageList" file,When sealer builds, it parses the yaml and "imageList" file in this +directory, and downloads and saves the corresponding container image. + +Examples: copy "imageList" file to this directory. + +```shell +[root@iZbp143f9driomgoqx2krlZ build]# cat imageList +busybox +``` + +`COPY imageList manifests` + +Examples: copy dashboard yaml file to this directory. + +`COPY recommend.yaml manifests` + +### Customize the private registry + +Sealer optimizes and expands the docker registry, so that it can support proxy caching of multiple domain names and +multiple private registry at the same time. + +During the build process, there will be a scenario where it uses a private registry which requires authentication. In +this scenario, the authentication of docker is required for image caching. You can perform the login operation first +through the following command before executing the build operation: + +```shell +sealer login registry.com -u username -p password +``` + +Another dependent scenario, the kubernetes node is proxies to the private registry through the built-in registry of +sealer and the private registry needs to be authenticated, it can be configured through the custom registry config.Refer +to [registry config](https://github.com/sealerio/sealer/tree/main/docs/design/docker-image-cache.md) + +You can customize the registry configuration by defining Kubefile: + +```shell +FROM kubernetes:v1-22-15-sealerio-2 +COPY registry_config.yaml etc/ +``` + +### Customize the kubeadm configuration + +Sealer will replace the default configuration with a custom configuration file in $Rootfs/etc/kubeadm.yml. + +#### Example: Custom configuration using the Docker Unix socket. + +1. customize kubeadm init configuration: + +```yaml +apiVersion: kubeadm.k8s.io/v1beta2 +kind: InitConfiguration +localAPIEndpoint: + bindPort: 6443 +nodeRegistration: + criSocket: /var/run/dockershim.sock +``` + +2. customize kubeadm join configuration: + +```yaml +apiVersion: kubeadm.k8s.io/v1beta2 +kind: JoinConfiguration +caCertPath: /etc/kubernetes/pki/ca.crt +discovery: + timeout: 5m0s +nodeRegistration: + criSocket: /var/run/dockershim.sock +controlPlane: + localAPIEndpoint: + bindPort: 6443 +``` + +3. Build your own cloud image that override default configurations with custom configurations. Note that,the file name " + kubeadm.yml" is fixed: + +```yaml +#Kubefile +FROM kubernetes:v1-22-15-sealerio-2 +COPY kubeadm.yml etc +``` + +> sealer build -t user-define-kubeadm-kubernetes:v1-22-15-sealerio-2 . + +#### Default kubeadm configuration file with completely contents: + +pick any section of kubeadm.yml to customize: + +```yaml +apiVersion: kubeadm.k8s.io/v1beta2 +kind: InitConfiguration +localAPIEndpoint: + # advertiseAddress: 192.168.2.110 + bindPort: 6443 +nodeRegistration: + criSocket: /var/run/dockershim.sock + +--- +apiVersion: kubeadm.k8s.io/v1beta2 +kind: ClusterConfiguration +kubernetesVersion: v1.22.15 +#controlPlaneEndpoint: "apiserver.cluster.local:6443" +imageRepository: sea.hub:5000/library +networking: + # dnsDomain: cluster.local + podSubnet: 100.64.0.0/10 + serviceSubnet: 10.96.0.0/22 +apiServer: + # certSANs: + # - 127.0.0.1 + # - apiserver.cluster.local + # - aliyun-inc.com + # - 10.0.0.2 + # - 10.103.97.2 + extraArgs: + # etcd-servers: https://192.168.2.110:2379 + feature-gates: TTLAfterFinished=true,EphemeralContainers=true + audit-policy-file: "/etc/kubernetes/audit-policy.yml" + audit-log-path: "/var/log/kubernetes/audit.log" + audit-log-format: json + audit-log-maxbackup: '10' + audit-log-maxsize: '100' + audit-log-maxage: '7' + enable-aggregator-routing: 'true' + extraVolumes: + - name: "audit" + hostPath: "/etc/kubernetes" + mountPath: "/etc/kubernetes" + pathType: DirectoryOrCreate + - name: "audit-log" + hostPath: "/var/log/kubernetes" + mountPath: "/var/log/kubernetes" + pathType: DirectoryOrCreate + - name: localtime + hostPath: /etc/localtime + mountPath: /etc/localtime + readOnly: true + pathType: File +controllerManager: + extraArgs: + feature-gates: TTLAfterFinished=true,EphemeralContainers=true + experimental-cluster-signing-duration: 876000h + extraVolumes: + - hostPath: /etc/localtime + mountPath: /etc/localtime + name: localtime + readOnly: true + pathType: File +scheduler: + extraArgs: + feature-gates: TTLAfterFinished=true,EphemeralContainers=true + extraVolumes: + - hostPath: /etc/localtime + mountPath: /etc/localtime + name: localtime + readOnly: true + pathType: File +etcd: + local: + extraArgs: + listen-metrics-urls: http://0.0.0.0:2381 +--- +apiVersion: kubeproxy.config.k8s.io/v1alpha1 +kind: KubeProxyConfiguration +mode: "ipvs" +ipvs: + excludeCIDRs: + - "10.103.97.2/32" + +--- +apiVersion: kubelet.config.k8s.io/v1beta1 +kind: KubeletConfiguration +authentication: + anonymous: + enabled: false + webhook: + cacheTTL: 2m0s + enabled: true + x509: + clientCAFile: /etc/kubernetes/pki/ca.crt +authorization: + mode: Webhook + webhook: + cacheAuthorizedTTL: 5m0s + cacheUnauthorizedTTL: 30s +cgroupDriver: +cgroupsPerQOS: true +clusterDomain: cluster.local +configMapAndSecretChangeDetectionStrategy: Watch +containerLogMaxFiles: 5 +containerLogMaxSize: 10Mi +contentType: application/vnd.kubernetes.protobuf +cpuCFSQuota: true +cpuCFSQuotaPeriod: 100ms +cpuManagerPolicy: none +cpuManagerReconcilePeriod: 10s +enableControllerAttachDetach: true +enableDebuggingHandlers: true +enforceNodeAllocatable: + - pods +eventBurst: 10 +eventRecordQPS: 5 +evictionHard: + imagefs.available: 15% + memory.available: 100Mi + nodefs.available: 10% + nodefs.inodesFree: 5% +evictionPressureTransitionPeriod: 5m0s +failSwapOn: true +fileCheckFrequency: 20s +hairpinMode: promiscuous-bridge +healthzBindAddress: 127.0.0.1 +healthzPort: 10248 +httpCheckFrequency: 20s +imageGCHighThresholdPercent: 85 +imageGCLowThresholdPercent: 80 +imageMinimumGCAge: 2m0s +iptablesDropBit: 15 +iptablesMasqueradeBit: 14 +kubeAPIBurst: 10 +kubeAPIQPS: 5 +makeIPTablesUtilChains: true +maxOpenFiles: 1000000 +maxPods: 110 +nodeLeaseDurationSeconds: 40 +nodeStatusReportFrequency: 10s +nodeStatusUpdateFrequency: 10s +oomScoreAdj: -999 +podPidsLimit: -1 +port: 10250 +registryBurst: 10 +registryPullQPS: 5 +rotateCertificates: true +runtimeRequestTimeout: 2m0s +serializeImagePulls: true +staticPodPath: /etc/kubernetes/manifests +streamingConnectionIdleTimeout: 4h0m0s +syncFrequency: 1m0s +volumeStatsAggPeriod: 1m0s +--- +apiVersion: kubeadm.k8s.io/v1beta2 +kind: JoinConfiguration +caCertPath: /etc/kubernetes/pki/ca.crt +discovery: + timeout: 5m0s +nodeRegistration: + criSocket: /var/run/dockershim.sock +controlPlane: + localAPIEndpoint: + bindPort: 6443 +``` + +## For k0s + +The build content all your need, following is an x86_64 arch case: + +```bash tree +. +├── amd64 +│   ├── bin +│   │   ├── conntrack +│   │   ├── containerd-rootless-setuptool.sh +│   │   ├── containerd-rootless.sh +│   │   ├── crictl +│   │   ├── k0s +│   │   ├── kubectl +│   │   ├── nerdctl +│   │   └── seautil +│   ├── cri +│   │   └── containerd.tar.gz +│   └── images +│   └── nerdctl-amd64-registry-image.tar.gz +├── imageList +├── Kubefile +└── rootfs + ├── etc + │   ├── containerd-config.toml + │   ├── containerd.service + │   └── registry_config.yml + ├── lib + ├── manifests + └── scripts + ├── containerd.sh + ├── init-kube.sh + ├── init-registry.sh + └── uninstall-containerd.sh +``` + +Kubefile: + +```dockerfile +FROM scratch +COPY rootfs . +COPY amd64 . +COPY imageList manifests +LABEL "cluster.alpha.sealer.io/cluster-runtime-version"="v1.24.10" +LABEL "cluster.alpha.sealer.io/cluster-runtime-type"="k0s" +LABEL "cluster.alpha.sealer.io/container-runtime-type"="containerd" +LABEL "cluster.alpha.sealer.io/container-runtime-version"="1.5.12" +``` + +imageList: + +```text +quay.io/k0sproject/apiserver-network-proxy-agent:0.0.32-k0s1 +docker.io/coredns/coredns:1.7.1 +registry.k8s.io/kube-proxy:v1.24.10 +registry.k8s.io/metrics-server/metrics-server:v0.5.2 +registry.k8s.io/pause:3.6 +docker.io/cloudnativelabs/kube-router:v1.4.0 +quay.io/k0sproject/cni-node:1.1.1-k0s.0 +docker.io/calico/cni:v3.23.5 +docker.io/calico/kube-controllers:v3.23.5 +docker.io/calico/node:v3.23.5 +``` + +build: + +```shell +sealer build -f Kubefile -t my-k0s:1.24.10 . +``` + +## Best practices + +* Project address: [@basefs](https://github.com/sealerio/basefs) + +* Customize auto-build documentation: [@auto-build-docs](https://github.com/sealerio/basefs/blob/main/context/README.md) \ No newline at end of file diff --git a/src/v0.10.0/advanced/run-with-clusterfile.md b/src/v0.10.0/advanced/run-with-clusterfile.md new file mode 100644 index 0000000..803c0ab --- /dev/null +++ b/src/v0.10.0/advanced/run-with-clusterfile.md @@ -0,0 +1,30 @@ +# Run with clusterfile + +## For kubernetes + +see [clusterfile](../concept/clusterfile.md) + +## For k0s + +Now sealer just support to run k0s cluster with default configuration. + +```yaml +apiVersion: sealer.io/v2 +kind: Cluster +metadata: + name: my-test-cluster +spec: + image: docker.io/sealerio/k0s:v1-24-10-sealerio-1 + containerRuntime: + type: containerd + ssh: + passwd: xxxxxx + hosts: + - ips: [ 10.1.0.218 ] + roles: [ master ] + - ips: [ 10.1.0.217,10.1.0.215,10.1.0.216 ] + roles: [ node ] + registry: + localRegistry: + ha: false #Attention HA is not support for k0s cluster in v0.9.2 +``` \ No newline at end of file diff --git a/src/v0.10.0/advanced/sealer-run-rootless.md b/src/v0.10.0/advanced/sealer-run-rootless.md new file mode 100644 index 0000000..a13f55c --- /dev/null +++ b/src/v0.10.0/advanced/sealer-run-rootless.md @@ -0,0 +1,35 @@ +# Run sealer in non-root mode + +## Prerequisites + +Before running Sealer in non-root mode, please make sure the following steps are satisfied: + +### Check `sshd_config` permissions + +You need to change the permissions of the `sshd_config` file before installing Sealer using sudo. You can do this by using the following command: + +```bash +sealer@cubmaster01$ sudo chmod 644 /etc/ssh/sshd_config +``` + +This will fix the remote read permission issue. + +### Check `sudoers` rules + +Before running Sealer in the cluster, you need to assign passwordless login permissions to the users on **all nodes**. You can edit the `/etc/sudoers` file to achieve this purpose. The file contains sudo user and group rules that allow specific users (like sealer) or groups to run commands as a superuser while executing the commands. + +```bash +sealer ALL=(ALL) NOPASSWD: ALL +``` + +This will allow the user named sealer to run commands as a superuser without entering a password. + +## Run Sealer image + +To run the Sealer image, use the following command: + +```bash +sealer@cubmaster01$ sudo sealer run docker.io/sealerio/kubernetes:v1.22.15 --masters 10.0.0.245 --nodes 10.0.0.246 --nodes 10.0.0.247 --user sealer --passwd '1234$a' +``` + +Here, the `--masters` parameter specifies the IP addresses of the Kubernetes master nodes that Sealer will manage, the `--nodes` parameter specifies the IP addresses of the Kubernetes worker nodes that Sealer will manage, the `--user` parameter specifies the username that Sealer will use, and the `--passwd` parameter specifies the password that Sealer will use. \ No newline at end of file diff --git a/src/v0.10.0/advanced/use-sealer-image-offline.md b/src/v0.10.0/advanced/use-sealer-image-offline.md new file mode 100644 index 0000000..db340b9 --- /dev/null +++ b/src/v0.10.0/advanced/use-sealer-image-offline.md @@ -0,0 +1,496 @@ +# Use Sealer Image Offline + +## Motivations + +It's common that some k8s clusters have their own private image registry, and they don't want to pull images from other registry for some reasons. This page is about how to integrate kyverno into k8s cluster, which will redirect image pull request to Specified registry. + +## How to use Kyverno BaseImage + +We provide official BaseImage which integrates kyverno into cluster. + +| Sealer version | Image | Arch | OS | Network plugins | Container runtime | +| :------------: | :----------------------------------------------------------: | :---: | :----------------------------------------------------------: | :-------------: | :-----------------------: | +| v0.9.1 | docker.io/sealerio/kubernetes-kyverno:v1-18-3-sealerio-1 | x86 | CentOS/RHEL 7.5
CentOS/RHEL 7.6
CentOS/RHEL 7.7
CentOS/RHEL 7.8
CentOS/RHEL 7.9 | calico | Official docker v19.03.15 | +| v0.9.1 | docker.io/sealerio/kubernetes-kyverno:v1-20-4-sealerio-1 | x86 | CentOS/RHEL 7.5
CentOS/RHEL 7.6
CentOS/RHEL 7.7
CentOS/RHEL 7.8
CentOS/RHEL 7.9 | calico | Official docker v19.03.15 | +| v0.9.1 | docker.io/sealerio/kubernetes-kyverno:v1-22-15-sealerio-1 | x86 | CentOS/RHEL 7.5
CentOS/RHEL 7.6
CentOS/RHEL 7.7
CentOS/RHEL 7.8
CentOS/RHEL 7.9 | calico | Official docker v19.03.15 | +| v0.9.1 | docker.io/sealerio/kubernetes-kyverno-arm64:v1-18-3-sealerio-1 | arm64 | CentOS/RHEL 7.5
CentOS/RHEL 7.6
CentOS/RHEL 7.7
CentOS/RHEL 7.8
CentOS/RHEL 7.9 | calico | Official docker v19.03.15 | +| v0.9.1 | docker.io/sealerio/kubernetes-kyverno-arm64:v1-20-4-sealerio-1 | arm64 | CentOS/RHEL 7.5
CentOS/RHEL 7.6
CentOS/RHEL 7.7
CentOS/RHEL 7.8
CentOS/RHEL 7.9 | calico | Official docker v19.03.15 | +| v0.9.1 | docker.io/sealerio/kubernetes-kyverno-arm64:v1-22-15-sealerio-1 | arm64 | CentOS/RHEL 7.5
CentOS/RHEL 7.6
CentOS/RHEL 7.7
CentOS/RHEL 7.8
CentOS/RHEL 7.9 | calico | Official docker v19.03.15 | + +Note that these contains no docker images other than those necessary to run a k8s cluster, so if you want to use these cloud image, and you also need other docker images(such as `nginx`) to run a container, you need to cache the docker images to your private registry. + +Of course `sealer` can help you do this,use `nginx` and `kubernetes-kyverno:v1-22-15-sealerio-1` as an example. + +### step1: create the build content + +We prepare the following `nginx.yaml` file. + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-nginx + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + run: my-nginx + template: + metadata: + labels: + run: my-nginx + spec: + containers: + - name: my-nginx + image: docker.io/library/nginx:latest + ports: + - containerPort: 80 +``` + +**Note: The address of the image to be cached needs to be filled in completely, image address such as `nginx:latest` are temporarily not supported now.** + +Create a `kyvernoNginxBuild` directory with four files: the `nginx.yaml` and a `Kubefile` which content is following: + +```shell +FROM docker.io/sealerio/kubernetes-kyverno:v1-22-15-sealerio-1 +APP nginx local://nginx.yaml +APPCMDS kyverno ["sh redirect-registry.sh -r sea.hub:5000"] +LAUNCH ["calico", "kyverno", "nginx"] +``` + +### step2: build the image + +Supposing you are at the `kyvernoNginxBuild` directory, please execute `sealer build --no-cache -t kubernetes-kyverno-nginx:v1 .` + +### step3: run the image + +Use the `sealer run` command to deploy: + +`sealer run localhost/kubernetes-kyverno-nginx:v1 -m 10.0.0.238 -n 10.0.0.239 10.0.0.240 -p Sealer.io@123` + +## How to use Kyverno AppImage + +We also provide official Kyverno AppImage, you can use Kyverno AppImage when your k8s cluster don't integrate with kyverno. + +| Sealer version | Image | +| :------------: | :---------------------------------------------------: | +| v0.9.1 | docker.io/sealerio/scratch-kyverno:v1-6-3-sealerio-1 | +| v0.9.1 | docker.io/sealerio/scratch-kyverno:v1-7-5-sealerio-1 | +| v0.9.1 | docker.io/sealerio/scratch-kyverno:v1-8-5-sealerio-1 | + +Due to kyverno's compatibility requirements with kubernetes (shown below), we need to pick the corresponding version of kyverno. + +You can find a more detailed compatibility matrix [here](https://kyverno.io/docs/installation/#compatibility-matrix). + +| Kyverno Version | Kubernetes Min | Kubernetes Max | +| :-------------: | :------------: | :------------: | +| 1.6.x | 1.16 | 1.23 | +| 1.7.x | 1.21 | 1.23 | +| 1.8.x | 1.23 | 1.25 | + +\* Due to a known issue with Kubernetes 1.23.0-1.23.2, support for 1.23 begins at 1.23.3. + +Note that these contains no docker images other than kyverno, so if you want to use these, and you also need other docker images(such as `nginx`) to run a container, you need to cache the docker images to your private registry. + +Of course `sealer` can help you do this,use `nginx` and `docker.io/sealerio/scratch-kyverno:v1-7-5-sealerio-1` as an example. + +### step1: create the build content + +We prepare the following `nginx.yaml` file. + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-nginx + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + run: my-nginx + template: + metadata: + labels: + run: my-nginx + spec: + containers: + - name: my-nginx + image: docker.io/library/nginx:latest + ports: + - containerPort: 80 +``` + +**Note: The address of the image to be cached needs to be filled in completely, image address such as `nginx:latest` are temporarily not supported now.** + +Create a `kyvernoNginxBuild` directory with four files: the `nginx.yaml` and a `Kubefile` which content is following: + +```shell +FROM docker.io/sealerio/scratch-kyverno:v1-7-5-sealerio-1 +APP nginx local://nginx.yaml +APPCMDS kyverno ["sh redirect-registry.sh -r sea.hub:5000"] +LAUNCH ["kyverno", "nginx"] +``` + +### step2: build the image + +Supposing you are at the `kyvernoNginxBuild` directory, please execute `sealer build --type=app-installer --no-cache -t kyverno-nginx:v1 .` + +### step3: run the image + +**Note: If your cluster already has kyverno installed, please uninstall the previous kyverno first.** + +Use the `sealer run` command to deploy: + +`sealer run localhost/kyverno-nginx:v1` + +## How to build Kyverno BaseImage + +The following is a sequence steps of building kyverno build-in sealer image. + +### step1: choose a base image + +Choose a base image which can create a k8s cluster with at least one master node and one work node. You can find the Official docker version of the image to build the kyverno base image: [here](http://sealer.cool/docs/sealer-images/cluster-images.html#k8s-cluster-image-list) + +To demonstrate the workflow, we use `docker.io/sealerio/kubernetes:v1.22.15-sealerio-2-official-docker-1`. You can get the same image by executing `sealer pull docker.io/sealerio/kubernetes:v1.22.15-sealerio-2-official-docker-1`. + +### step2: get the kyverno install yaml + +Due to kyverno's compatibility requirements with kubernetes (shown below), we need to pick the corresponding version of kyverno based on the version of the base image we have selected. + +You can find a more detailed compatibility matrix [here](https://kyverno.io/docs/installation/#compatibility-matrix). + +| Kyverno Version | Kubernetes Min | Kubernetes Max | +| :-------------: | :------------: | :------------: | +| 1.6.x | 1.16 | 1.23 | +| 1.7.x | 1.21 | 1.23 | +| 1.8.x | 1.23 | 1.25 | + +\* Due to a known issue with Kubernetes 1.23.0-1.23.2, support for 1.23 begins at 1.23.3. + +1.6.x: + +1.7.x: + +1.8.5: + +You can also find the `install.yaml` for the version of kyverno you want here: + +Because we are using a base image with Kubernetes version `v1.22.15`, we can use `1.6.x` or `1.7.x` versions of kyverno. + +### step3: create a ClusterPolicy + +Create a yaml with the following content: + +```yaml +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: replace-image-registry +spec: + background: false + rules: + - name: replace-image-registry-pod-containers + match: + any: + - resources: + kinds: + - Pod + preconditions: + all: + - key: "{{request.operation || 'BACKGROUND'}}" + operator: AnyIn + value: + - CREATE + - UPDATE + mutate: + foreach: + - list: "request.object.spec.containers" + patchStrategicMerge: + spec: + containers: + - name: "{{ element.name }}" + image: "{{ regex_replace_all_literal('^[^/]+', '{{element.image}}', 'sea.hub:5000' )}}" + - name: replace-image-registry-pod-initcontainers + match: + any: + - resources: + kinds: + - Pod + preconditions: + all: + - key: "{{request.operation || 'BACKGROUND'}}" + operator: AnyIn + value: + - CREATE + - UPDATE + - key: "{{ request.object.spec.initContainers[] || '' | length(@) }}" + operator: GreaterThanOrEquals + value: 1 + mutate: + foreach: + - list: "request.object.spec.initContainers" + patchStrategicMerge: + spec: + initContainers: + - name: "{{ element.name }}" + image: "{{ regex_replace_all_literal('^[^/]+', '{{element.image}}', 'sea.hub:5000' )}}" +``` + +This ClusterPolicy will redirect image pull request to private registry `sea.hub:5000`, and we can name this file as `redirect-registry`. + +### step4: create a shell script + +we use this script to change the address of the mirror repository in `install.yaml` and `redirect-registry`, install kyverno and create policy. + +```shell +#!/bin/bash + +function usage { + cat << EOF +Usage: redirect-registry.sh -r +EOF + exit 1 +} + +registry="sea.hub:5000" + +if [ $# -gt 2 ]; then + usage; +elif [ $# -eq 2 ]; then + if [ "$1" != "-r" ]; then + usage + fi + registry=$2 +fi + +sed -i "s/ghcr.io/${registry}/g" ./install.yaml +sed -i "s/sea.hub:5000/${registry}/g" ./redirect-registry +cat >>install.yaml< + +1.7.x: + +1.8.5: + +You can also find the `install.yaml` for the version of kyverno you want here: + +Because we are using a base image with Kubernetes version `v1.22.15`, we can use `1.6.x` or `1.7.x` versions of kyverno. + +### Step2: create a ClusterPolicy + +Create a yaml with the following content: + +```yaml +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: replace-image-registry +spec: + background: false + rules: + - name: replace-image-registry-pod-containers + match: + any: + - resources: + kinds: + - Pod + preconditions: + all: + - key: "{{request.operation || 'BACKGROUND'}}" + operator: AnyIn + value: + - CREATE + - UPDATE + mutate: + foreach: + - list: "request.object.spec.containers" + patchStrategicMerge: + spec: + containers: + - name: "{{ element.name }}" + image: "{{ regex_replace_all_literal('^[^/]+', '{{element.image}}', 'sea.hub:5000' )}}" + - name: replace-image-registry-pod-initcontainers + match: + any: + - resources: + kinds: + - Pod + preconditions: + all: + - key: "{{request.operation || 'BACKGROUND'}}" + operator: AnyIn + value: + - CREATE + - UPDATE + - key: "{{ request.object.spec.initContainers[] || '' | length(@) }}" + operator: GreaterThanOrEquals + value: 1 + mutate: + foreach: + - list: "request.object.spec.initContainers" + patchStrategicMerge: + spec: + initContainers: + - name: "{{ element.name }}" + image: "{{ regex_replace_all_literal('^[^/]+', '{{element.image}}', 'sea.hub:5000' )}}" +``` + +This ClusterPolicy will redirect image pull request to private registry `sea.hub:5000`, and we can name this file as `redirect-registry`. + +### Step3: create a shell script + +we use this script to change the address of the mirror repository in `install.yaml` and `redirect-registry`, install kyverno and create policy. + +```shell +#!/bin/bash + +function usage { + cat << EOF +Usage: redirect-registry.sh -r +EOF + exit 1 +} + +registry="sea.hub:5000" + +if [ $# -gt 2 ]; then + usage; +elif [ $# -eq 2 ]; then + if [ "$1" != "-r" ]; then + usage + fi + registry=$2 +fi + +sed -i "s/ghcr.io/${registry}/g" ./install.yaml +sed -i "s/sea.hub:5000/${registry}/g" ./redirect-registry +cat >>install.yaml<// ... +## default imageDomain: 'docker.io', default imageRepo: 'sealerio' +ex.: + sealer alpha search kubernetes + +``` + +## Options + +``` + -h, --help help for search +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer alpha](sealer_alpha.md) - sealer experimental sub-commands + diff --git a/src/v0.10.0/command/alpha/sealer_alpha_umount.md b/src/v0.10.0/command/alpha/sealer_alpha_umount.md new file mode 100644 index 0000000..cfdb322 --- /dev/null +++ b/src/v0.10.0/command/alpha/sealer_alpha_umount.md @@ -0,0 +1,43 @@ +# sealer alpha umount + +umount cluster image + +## Synopsis + +umount the cluster image and delete the mount directory + +``` +sealer alpha umount [flags] +``` + +## Examples + +``` + sealer alpha umount containerID + sealer alpha umount --all +``` + +## Options + +``` + -a, --all umount all cluster image directories + -h, --help help for umount +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk (default true) + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer alpha](sealer_alpha.md) - sealer experimental sub-commands \ No newline at end of file diff --git a/src/v0.10.0/command/cluster/cluster.md b/src/v0.10.0/command/cluster/cluster.md new file mode 100644 index 0000000..337ae4b --- /dev/null +++ b/src/v0.10.0/command/cluster/cluster.md @@ -0,0 +1,11 @@ +# sealer cluster + +Cluster module command line + +* [sealer cert](sealer_cert.md) - Update Kubernetes API server's cert +* [sealer delete](sealer_delete.md) - delete an existing cluster +* [sealer apply](sealer_apply.md) - apply a Kubernetes cluster via specified Clusterfile +* [sealer scale-up](sealer_scale-up.md) - scale-up new master or worker node to specified cluster +* [sealer run](sealer_run.md) - start to run a cluster from a Sealer Image +* [sealer rollback](sealer_rollback.md) - rollback a Kubernetes cluster via specified Clusterfile +* [sealer upgrade](sealer_upgrade.md) - upgrade the kubernetes version of an existing cluster from a Sealer Image \ No newline at end of file diff --git a/src/v0.10.0/command/cluster/sealer_apply.md b/src/v0.10.0/command/cluster/sealer_apply.md new file mode 100644 index 0000000..090ec03 --- /dev/null +++ b/src/v0.10.0/command/cluster/sealer_apply.md @@ -0,0 +1,63 @@ +# sealer apply + +apply a Kubernetes cluster via specified Clusterfile + +## Synopsis + +apply command is used to apply a Kubernetes cluster via specified Clusterfile. If the Clusterfile is applied first time, +Kubernetes cluster will be created. Otherwise, sealer will apply the diff change of current Clusterfile and the original +one. + +``` +sealer apply [flags] +``` + +## Examples + +``` + + sealer apply -f Clusterfile + +``` + +## Options + +``` + -f, --Clusterfile string Clusterfile path to apply a Kubernetes cluster + -m, --applyMode string load images to the specified registry in advance (default "apply") + -e, --env strings set custom environment variables + --force force to delete the specified cluster if set true + -h, --help help for apply + --ignore-cache whether ignore cache when distribute sealer image, default is false. + --masters string set count or IPList to masters + --nodes string set count or IPList to nodes + -p, --passwd string set cloud provider or baremetal server password + --pk string set baremetal server private key (default "/root/.ssh/id_rsa") + --pk-passwd string set baremetal server private key password + --port uint16 set the sshd service port number for the server (default port: 22) (default 22) + -u, --user string set baremetal server username (default "root") +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer cert](sealer_cert.md) - Update Kubernetes API server's cert +* [sealer delete](sealer_delete.md) - delete an existing cluster +* [sealer apply](sealer_apply.md) - apply a Kubernetes cluster via specified Clusterfile +* [sealer scale-up](sealer_scale-up.md) - scale-up new master or worker node to specified cluster +* [sealer run](sealer_run.md) - start to run a cluster from a Sealer Image +* [sealer rollback](sealer_rollback.md) - rollback a Kubernetes cluster via specified Clusterfile +* [sealer upgrade](sealer_upgrade.md) - upgrade the kubernetes version of an existing cluster from a Sealer Image \ No newline at end of file diff --git a/src/v0.10.0/command/cluster/sealer_cert.md b/src/v0.10.0/command/cluster/sealer_cert.md new file mode 100644 index 0000000..fd41f18 --- /dev/null +++ b/src/v0.10.0/command/cluster/sealer_cert.md @@ -0,0 +1,57 @@ +# sealer cert + +Update Kubernetes API server's cert + +## Synopsis + +This command will add the new domain or IP address in cert to update cluster API server. + +sealer has some default domain and IP in the cert process builtin: localhost,outbound IP address and some DNS domain which is strongly related to the apiserver CertSANs configured by kubeadm.yml. + +You need to restart your API server manually after using sealer cert. Then, you can using cmd "openssl x509 -noout -text -in apiserver.crt" to check the cert details. + +``` +sealer cert [flags] +``` + +## Examples + +``` + +The following command will generate new api server cert and key for all control-plane certificates: + + sealer cert --alt-names 39.105.169.253,sealer.cool + +``` + +## Options + +``` + --alt-names strings add DNS domain or IP in certs, if it is already in the cert subject alternative names list, nothing will be changed + -h, --help help for cert + --wait wait for apiserver to be ready (default true) +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer cert](sealer_cert.md) - Update Kubernetes API server's cert +* [sealer delete](sealer_delete.md) - delete an existing cluster +* [sealer apply](sealer_apply.md) - apply a Kubernetes cluster via specified Clusterfile +* [sealer scale-up](sealer_scale-up.md) - scale-up new master or worker node to specified cluster +* [sealer run](sealer_run.md) - start to run a cluster from a Sealer Image +* [sealer rollback](sealer_rollback.md) - rollback a Kubernetes cluster via specified Clusterfile +* [sealer upgrade](sealer_upgrade.md) - upgrade the kubernetes version of an existing cluster from a Sealer Image \ No newline at end of file diff --git a/src/v0.10.0/command/cluster/sealer_delete.md b/src/v0.10.0/command/cluster/sealer_delete.md new file mode 100644 index 0000000..911b478 --- /dev/null +++ b/src/v0.10.0/command/cluster/sealer_delete.md @@ -0,0 +1,62 @@ +# sealer delete + +delete an existing cluster + +## Synopsis + +delete command is used to delete part or all of existing cluster. User can delete cluster by explicitly specifying host +IP + +``` +sealer delete [flags] +``` + +## Examples + +``` + +delete cluster node: + sealer delete --nodes 192.168.0.1 [--force] + sealer delete --masters 192.168.0.1 --nodes 192.168.0.2 [--force] + sealer delete --masters 192.168.0.1-192.168.0.3 --nodes 192.168.0.4-192.168.0.6 [--force] +delete all: + sealer delete --all [--force] + +``` + +## Options + +``` + -f, --Clusterfile string delete a kubernetes cluster with Clusterfile + -a, --all this flags is for delete the entire cluster, default is false + -e, --env strings set custom environment variables + --force We also can input an --force flag to delete cluster by force + -h, --help help for delete + -m, --masters string reduce Count or IPList to masters + -n, --nodes string reduce Count or IPList to nodes + -p, --prune this flags is for delete all cluster rootfs, default is false +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer cert](sealer_cert.md) - Update Kubernetes API server's cert +* [sealer delete](sealer_delete.md) - delete an existing cluster +* [sealer apply](sealer_apply.md) - apply a Kubernetes cluster via specified Clusterfile +* [sealer scale-up](sealer_scale-up.md) - scale-up new master or worker node to specified cluster +* [sealer run](sealer_run.md) - start to run a cluster from a Sealer Image +* [sealer rollback](sealer_rollback.md) - rollback a Kubernetes cluster via specified Clusterfile +* [sealer upgrade](sealer_upgrade.md) - upgrade the kubernetes version of an existing cluster from a Sealer Image \ No newline at end of file diff --git a/src/v0.10.0/command/cluster/sealer_rollback.md b/src/v0.10.0/command/cluster/sealer_rollback.md new file mode 100644 index 0000000..3cc7e83 --- /dev/null +++ b/src/v0.10.0/command/cluster/sealer_rollback.md @@ -0,0 +1,49 @@ +# sealer rollback + +rollback a Kubernetes cluster via specified Clusterfile + +## Synopsis + +rollback command is used to roll back a Kubernetes cluster via specified Clusterfile. + +``` +sealer rollback [flags] +``` + +## Examples + +``` + sealer rollback docker.io/sealerio/kubernetes:v1.22.15-rollback +``` + +## Options + +``` + --apps strings override default AppNames of sealer image + -h, --help help for rollback + --ignore-cache whether ignore cache when distribute sealer image, default is false. +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk (default true) + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer cert](sealer_cert.md) - Update Kubernetes API server's cert +* [sealer delete](sealer_delete.md) - delete an existing cluster +* [sealer apply](sealer_apply.md) - apply a Kubernetes cluster via specified Clusterfile +* [sealer scale-up](sealer_scale-up.md) - scale-up new master or worker node to specified cluster +* [sealer run](sealer_run.md) - start to run a cluster from a Sealer Image +* [sealer rollback](sealer_rollback.md) - rollback a Kubernetes cluster via specified Clusterfile +* [sealer upgrade](sealer_upgrade.md) - upgrade the kubernetes version of an existing cluster from a Sealer Image \ No newline at end of file diff --git a/src/v0.10.0/command/cluster/sealer_run.md b/src/v0.10.0/command/cluster/sealer_run.md new file mode 100644 index 0000000..b29a979 --- /dev/null +++ b/src/v0.10.0/command/cluster/sealer_run.md @@ -0,0 +1,69 @@ +# sealer run + +start to run a cluster from a Sealer Image + +## Synopsis + +sealer run docker.io/sealerio/kubernetes:v1.22.15 --masters [arg] --nodes [arg] + +``` +sealer run [flags] +``` + +## Examples + +``` + +run cluster by Clusterfile: + sealer run -f Clusterfile + +run cluster by CLI flags: + sealer run docker.io/sealerio/kubernetes:v1.22.15 -m 172.28.80.01 -n 172.28.80.02 -p Sealer123 + +run app image: + sealer run localhost/nginx:v1 + +``` + +## Options + +``` + -f, --Clusterfile string Clusterfile path to run a Kubernetes cluster + --apps strings override default AppNames of sealer image + --cmds strings override default LaunchCmds of sealer image + -e, --env strings set custom environment variables + -h, --help help for run + --ignore-cache whether ignore cache when distribute sealer image, default is false. + -m, --masters string set count or IPList to masters + --mode string load images to the specified registry in advance (default "apply") + -n, --nodes string set count or IPList to nodes + -p, --passwd string set cloud provider or baremetal server password + --pk string set baremetal server private key (default "/root/.ssh/id_rsa") + --pk-passwd string set baremetal server private key password + --port uint16 set the sshd service port number for the server (default port: 22) (default 22) + -u, --user string set baremetal server username (default "root") +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer cert](sealer_cert.md) - Update Kubernetes API server's cert +* [sealer delete](sealer_delete.md) - delete an existing cluster +* [sealer apply](sealer_apply.md) - apply a Kubernetes cluster via specified Clusterfile +* [sealer scale-up](sealer_scale-up.md) - scale-up new master or worker node to specified cluster +* [sealer run](sealer_run.md) - start to run a cluster from a Sealer Image +* [sealer rollback](sealer_rollback.md) - rollback a Kubernetes cluster via specified Clusterfile +* [sealer upgrade](sealer_upgrade.md) - upgrade the kubernetes version of an existing cluster from a Sealer Image \ No newline at end of file diff --git a/src/v0.10.0/command/cluster/sealer_scale-up.md b/src/v0.10.0/command/cluster/sealer_scale-up.md new file mode 100644 index 0000000..78d1139 --- /dev/null +++ b/src/v0.10.0/command/cluster/sealer_scale-up.md @@ -0,0 +1,61 @@ +# sealer scale-up + +scale-up new master or worker node to specified cluster + +## Synopsis + +scale-up command is used to scale-up master or node to the existing cluster. User can scale-up cluster by explicitly +specifying host IP + +``` +sealer scale-up [flags] +``` + +## Examples + +``` + +scale-up cluster: + sealer scale-up --masters 192.168.0.1 --nodes 192.168.0.2 -p Sealer123 + sealer scale-up --masters 192.168.0.1-192.168.0.3 --nodes 192.168.0.4-192.168.0.6 -p Sealer123 + +``` + +## Options + +``` + -e, --env strings set custom environment variables + -h, --help help for scale-up + --ignore-cache whether ignore cache when distribute sealer image, default is false. + -m, --masters string set Count or IPList to masters + -n, --nodes string set Count or IPList to nodes + -p, --passwd string set cloud provider or baremetal server password + --pk string set baremetal server private key (default "/root/.ssh/id_rsa") + --pk-passwd string set baremetal server private key password + --port uint16 set the sshd service port number for the server (default port: 22) (default 22) + -u, --user string set baremetal server username (default "root") +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer cert](sealer_cert.md) - Update Kubernetes API server's cert +* [sealer delete](sealer_delete.md) - delete an existing cluster +* [sealer apply](sealer_apply.md) - apply a Kubernetes cluster via specified Clusterfile +* [sealer scale-up](sealer_scale-up.md) - scale-up new master or worker node to specified cluster +* [sealer run](sealer_run.md) - start to run a cluster from a Sealer Image +* [sealer rollback](sealer_rollback.md) - rollback a Kubernetes cluster via specified Clusterfile +* [sealer upgrade](sealer_upgrade.md) - upgrade the kubernetes version of an existing cluster from a Sealer Image \ No newline at end of file diff --git a/src/v0.10.0/command/cluster/sealer_upgrade.md b/src/v0.10.0/command/cluster/sealer_upgrade.md new file mode 100644 index 0000000..7df4bd2 --- /dev/null +++ b/src/v0.10.0/command/cluster/sealer_upgrade.md @@ -0,0 +1,54 @@ +# sealer upgrade + +upgrade the kubernetes version of an existing cluster from a Sealer Image + +## Synopsis + +upgrade command is used to upgrade the kubernetes version of an existing cluster. +User can upgrade cluster by using specifying upgrade-image + +``` +sealer upgrade [flags] +``` + +## Examples + +``` +upgrade cluster by Clusterfile: + sealer upgrade -f Clusterfile + +run cluster by CLI flags: + sealer upgrade docker.io/sealerio/kubernetes:v1.22.15 + +``` + +## Options + +``` + -f, --Clusterfile string Clusterfile path to upgrade a Kubernetes cluster + -h, --help help for upgrade +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer cert](sealer_cert.md) - Update Kubernetes API server's cert +* [sealer delete](sealer_delete.md) - delete an existing cluster +* [sealer apply](sealer_apply.md) - apply a Kubernetes cluster via specified Clusterfile +* [sealer scale-up](sealer_scale-up.md) - scale-up new master or worker node to specified cluster +* [sealer run](sealer_run.md) - start to run a cluster from a Sealer Image +* [sealer rollback](sealer_rollback.md) - rollback a Kubernetes cluster via specified Clusterfile +* [sealer upgrade](sealer_upgrade.md) - upgrade the kubernetes version of an existing cluster from a Sealer Image \ No newline at end of file diff --git a/src/v0.10.0/command/image/image.md b/src/v0.10.0/command/image/image.md new file mode 100644 index 0000000..268f662 --- /dev/null +++ b/src/v0.10.0/command/image/image.md @@ -0,0 +1,17 @@ +# sealer image + +Image module command line + +## SEE ALSO + +* [sealer build]( sealer_build.md) - build a Sealer Image from a Kubefile +* [sealer images]( sealer_images.md) - list all Sealer Images on the local node +* [sealer inspect]( sealer_inspect.md) - print the image information or Clusterfile +* [sealer load]( sealer_load.md) - load a Sealer Image from a tar file +* [sealer login]( sealer_login.md) - login image registry +* [sealer logout]( sealer_logout.md) - logout from image registry +* [sealer pull]( sealer_pull.md) - pull Sealer Image from a registry to local +* [sealer push]( sealer_push.md) - push Sealer Image to remote registry +* [sealer rmi]( sealer_rmi.md) - remove local images +* [sealer save]( sealer_save.md) - save Sealer Image to a tar file +* [sealer tag]( sealer_tag.md) - create one or more tags for local Sealer Image diff --git a/src/v0.10.0/command/image/sealer_build.md b/src/v0.10.0/command/image/sealer_build.md new file mode 100644 index 0000000..67bc0ac --- /dev/null +++ b/src/v0.10.0/command/image/sealer_build.md @@ -0,0 +1,78 @@ +# sealer build + +build a Sealer Image from a Kubefile + +## Synopsis + +build command is used to generate a Sealer Image from specified Kubefile. It organizes the specified Kubefile and input +building context, and builds a brand new Sealer Image. + +``` +sealer build [flags] PATH +``` + +## Examples + +``` +the current path is the context path, default build type is lite and use build cache +build: + sealer build -f Kubefile -t my-kubernetes:v1 . +build without cache: + sealer build -f Kubefile -t my-kubernetes:v1 --no-cache . +build with args: + sealer build -f Kubefile -t my-kubernetes:v1 --build-arg MY_ARG=abc,PASSWORD=Sealer123 . +build with image type: + sealer build -f Kubefile -t my-kubernetes:v1 --type=app-installer . + sealer build -f Kubefile -t my-kubernetes:v1 --type=kube-installer(default) . + app-installer type image will not install kubernetes. +build multi-platform image: + sealer build -f Kubefile -t my-kubernetes:v1 --platform linux/amd64,linux/arm64 + +``` + +## Options + +``` + --annotation strings add annotations for image. Format like --annotation key=[value] + --build-arg strings set custom build args + -f, --file string Kubefile filepath (default "Kubefile") + -h, --help help for build + --ignored-image-list pathname pathname of ignored image list filepath, if set, sealer will read its contents and prevent downloading of the corresponding container image (default "filepath") + --image-list pathname pathname of imageList filepath, if set, sealer will read its content and download extra container (default "filepath") + --image-list-with-auth pathname pathname of imageListWithAuth.yaml filepath, if set, sealer will read its content and download extra container images to rootfs(not usually used) + --label strings add labels for image. Format like --label key=[value] (default [io.sealer.version=v0.10.0]) + --no-cache do not use existing cached images for building. Build from the start with a new set of cached layers. + --platform strings set the target platform, --platform=linux/amd64 or --platform=linux/amd64/v7. Multi-platform will be like --platform=linux/amd64,linux/amd64/v7 (default [linux/amd64]) + --pull string pull policy. Allow for --pull, --pull=true, --pull=false, --pull=never, --pull=always, --pull=ifnewer (default "ifnewer") + -t, --tag string specify a name for sealer image + --type string specify the image type, --type=kube-installer, --type=app-installer, default is kube-installer (default "kube-installer") +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer build]( sealer_build.md) - build a Sealer Image from a Kubefile +* [sealer images]( sealer_images.md) - list all Sealer Images on the local node +* [sealer inspect]( sealer_inspect.md) - print the image information or Clusterfile +* [sealer load]( sealer_load.md) - load a Sealer Image from a tar file +* [sealer login]( sealer_login.md) - login image registry +* [sealer logout]( sealer_logout.md) - logout from image registry +* [sealer pull]( sealer_pull.md) - pull Sealer Image from a registry to local +* [sealer push]( sealer_push.md) - push Sealer Image to remote registry +* [sealer rmi]( sealer_rmi.md) - remove local images +* [sealer save]( sealer_save.md) - save Sealer Image to a tar file +* [sealer tag]( sealer_tag.md) - create one or more tags for local Sealer Image + diff --git a/src/v0.10.0/command/image/sealer_images.md b/src/v0.10.0/command/image/sealer_images.md new file mode 100644 index 0000000..9144139 --- /dev/null +++ b/src/v0.10.0/command/image/sealer_images.md @@ -0,0 +1,55 @@ +# sealer images + +list all Sealer Images on the local node + +``` +sealer images [flags] +``` + +## Examples + +``` + + sealer images + +``` + +## Options + +``` + -a, --all show all images, including intermediate images from a build + --digests show digests + -h, --help help for images + --history display the image name history + --json output in JSON format + --no-trunc do not truncate output + -n, --noheading do not print column headings +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer build]( sealer_build.md) - build a Sealer Image from a Kubefile +* [sealer images]( sealer_images.md) - list all Sealer Images on the local node +* [sealer inspect]( sealer_inspect.md) - print the image information or Clusterfile +* [sealer load]( sealer_load.md) - load a Sealer Image from a tar file +* [sealer login]( sealer_login.md) - login image registry +* [sealer logout]( sealer_logout.md) - logout from image registry +* [sealer pull]( sealer_pull.md) - pull Sealer Image from a registry to local +* [sealer push]( sealer_push.md) - push Sealer Image to remote registry +* [sealer rmi]( sealer_rmi.md) - remove local images +* [sealer save]( sealer_save.md) - save Sealer Image to a tar file +* [sealer tag]( sealer_tag.md) - create one or more tags for local Sealer Image diff --git a/src/v0.10.0/command/image/sealer_inspect.md b/src/v0.10.0/command/image/sealer_inspect.md new file mode 100644 index 0000000..33ab237 --- /dev/null +++ b/src/v0.10.0/command/image/sealer_inspect.md @@ -0,0 +1,52 @@ +# sealer inspect + +print the image information or Clusterfile + +``` +sealer inspect [flags] +``` + +## Examples + +``` + + sealer inspect {imageName or imageID} + sealer inspect --format '{{.OCIv1.Config.Env}}' {imageName or imageID} + +``` + +## Options + +``` + -f, --format format use format as a Go template to format the output + -h, --help help for inspect + -t, --type type look at the item of the specified type (container or image) and name (default "image") +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer build]( sealer_build.md) - build a Sealer Image from a Kubefile +* [sealer images]( sealer_images.md) - list all Sealer Images on the local node +* [sealer inspect]( sealer_inspect.md) - print the image information or Clusterfile +* [sealer load]( sealer_load.md) - load a Sealer Image from a tar file +* [sealer login]( sealer_login.md) - login image registry +* [sealer logout]( sealer_logout.md) - logout from image registry +* [sealer pull]( sealer_pull.md) - pull Sealer Image from a registry to local +* [sealer push]( sealer_push.md) - push Sealer Image to remote registry +* [sealer rmi]( sealer_rmi.md) - remove local images +* [sealer save]( sealer_save.md) - save Sealer Image to a tar file +* [sealer tag]( sealer_tag.md) - create one or more tags for local Sealer Image diff --git a/src/v0.10.0/command/image/sealer_load.md b/src/v0.10.0/command/image/sealer_load.md new file mode 100644 index 0000000..b313da3 --- /dev/null +++ b/src/v0.10.0/command/image/sealer_load.md @@ -0,0 +1,55 @@ +# sealer load + +load a Sealer Image from a tar file + +## Synopsis + +Load a Sealer Image from a tar archive + +``` +sealer load [flags] +``` + +## Examples + +``` + + sealer load -i kubernetes.tar + +``` + +## Options + +``` + -h, --help help for load + -i, --input string Load image from file + --tmp-dir string set temporary directory when load image. if not set, use system`s temporary directory +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer build]( sealer_build.md) - build a Sealer Image from a Kubefile +* [sealer images]( sealer_images.md) - list all Sealer Images on the local node +* [sealer inspect]( sealer_inspect.md) - print the image information or Clusterfile +* [sealer load]( sealer_load.md) - load a Sealer Image from a tar file +* [sealer login]( sealer_login.md) - login image registry +* [sealer logout]( sealer_logout.md) - logout from image registry +* [sealer pull]( sealer_pull.md) - pull Sealer Image from a registry to local +* [sealer push]( sealer_push.md) - push Sealer Image to remote registry +* [sealer rmi]( sealer_rmi.md) - remove local images +* [sealer save]( sealer_save.md) - save Sealer Image to a tar file +* [sealer tag]( sealer_tag.md) - create one or more tags for local Sealer Image diff --git a/src/v0.10.0/command/image/sealer_login.md b/src/v0.10.0/command/image/sealer_login.md new file mode 100644 index 0000000..8f52fa8 --- /dev/null +++ b/src/v0.10.0/command/image/sealer_login.md @@ -0,0 +1,52 @@ +# sealer login + +login image registry + +``` +sealer login [flags] +``` + +## Examples + +``` + + sealer login registry.cn-qingdao.aliyuncs.com -u [username] -p [password] + +``` + +## Options + +``` + -h, --help help for login + -p, --passwd string password for login registry + --skip-tls-verify default is requiring require HTTPS and verify certificates when accessing the registry. TLS verification cannot be used when talking to an insecure registry. + -u, --username string user name for login registry +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer build]( sealer_build.md) - build a Sealer Image from a Kubefile +* [sealer images]( sealer_images.md) - list all Sealer Images on the local node +* [sealer inspect]( sealer_inspect.md) - print the image information or Clusterfile +* [sealer load]( sealer_load.md) - load a Sealer Image from a tar file +* [sealer login]( sealer_login.md) - login image registry +* [sealer logout]( sealer_logout.md) - logout from image registry +* [sealer pull]( sealer_pull.md) - pull Sealer Image from a registry to local +* [sealer push]( sealer_push.md) - push Sealer Image to remote registry +* [sealer rmi]( sealer_rmi.md) - remove local images +* [sealer save]( sealer_save.md) - save Sealer Image to a tar file +* [sealer tag]( sealer_tag.md) - create one or more tags for local Sealer Image diff --git a/src/v0.10.0/command/image/sealer_logout.md b/src/v0.10.0/command/image/sealer_logout.md new file mode 100644 index 0000000..53f3ceb --- /dev/null +++ b/src/v0.10.0/command/image/sealer_logout.md @@ -0,0 +1,49 @@ +# sealer logout + +logout from image registry + +``` +sealer logout [flags] +``` + +## Examples + +``` + + sealer logout registry.cn-qingdao.aliyuncs.com + +``` + +## Options + +``` + -h, --help help for logout +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer build]( sealer_build.md) - build a Sealer Image from a Kubefile +* [sealer images]( sealer_images.md) - list all Sealer Images on the local node +* [sealer inspect]( sealer_inspect.md) - print the image information or Clusterfile +* [sealer load]( sealer_load.md) - load a Sealer Image from a tar file +* [sealer login]( sealer_login.md) - login image registry +* [sealer logout]( sealer_logout.md) - logout from image registry +* [sealer pull]( sealer_pull.md) - pull Sealer Image from a registry to local +* [sealer push]( sealer_push.md) - push Sealer Image to remote registry +* [sealer rmi]( sealer_rmi.md) - remove local images +* [sealer save]( sealer_save.md) - save Sealer Image to a tar file +* [sealer tag]( sealer_tag.md) - create one or more tags for local Sealer Image diff --git a/src/v0.10.0/command/image/sealer_pull.md b/src/v0.10.0/command/image/sealer_pull.md new file mode 100644 index 0000000..2df47bc --- /dev/null +++ b/src/v0.10.0/command/image/sealer_pull.md @@ -0,0 +1,53 @@ +# sealer pull + +pull Sealer Image from a registry to local + +``` +sealer pull [flags] +``` + +## Examples + +``` + + sealer pull docker.io/sealerio/kubernetes:v1.22.15 + sealer pull docker.io/sealerio/kubernetes:v1.22.15 --platform linux/amd64 + +``` + +## Options + +``` + -h, --help help for pull + --platform string prefer OS/ARCH instead of the current operating system and architecture for choosing images (default "linux/amd64") + --policy string missing, always, ifnewer or never. (default "always") + --skip-tls-verify default is requiring HTTPS and verify certificates when accessing the registry. +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer build]( sealer_build.md) - build a Sealer Image from a Kubefile +* [sealer images]( sealer_images.md) - list all Sealer Images on the local node +* [sealer inspect]( sealer_inspect.md) - print the image information or Clusterfile +* [sealer load]( sealer_load.md) - load a Sealer Image from a tar file +* [sealer login]( sealer_login.md) - login image registry +* [sealer logout]( sealer_logout.md) - logout from image registry +* [sealer pull]( sealer_pull.md) - pull Sealer Image from a registry to local +* [sealer push]( sealer_push.md) - push Sealer Image to remote registry +* [sealer rmi]( sealer_rmi.md) - remove local images +* [sealer save]( sealer_save.md) - save Sealer Image to a tar file +* [sealer tag]( sealer_tag.md) - create one or more tags for local Sealer Image diff --git a/src/v0.10.0/command/image/sealer_push.md b/src/v0.10.0/command/image/sealer_push.md new file mode 100644 index 0000000..2b4f6f3 --- /dev/null +++ b/src/v0.10.0/command/image/sealer_push.md @@ -0,0 +1,52 @@ +# sealer push + +push Sealer Image to remote registry + +``` +sealer push [flags] +``` + +## Examples + +``` + + sealer push registry.cn-qingdao.aliyuncs.com/sealer-io/my-kubernetes-cluster-with-dashboard:latest + +``` + +## Options + +``` + --all also push the images in the list (default true) + --authfile string path to store auth file after login. Accessing registry with this auth. (default "/root/.sealer/auth.json") + -h, --help help for push + --skip-tls-verify default is requiring HTTPS and verify certificates when accessing the registry. +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer build]( sealer_build.md) - build a Sealer Image from a Kubefile +* [sealer images]( sealer_images.md) - list all Sealer Images on the local node +* [sealer inspect]( sealer_inspect.md) - print the image information or Clusterfile +* [sealer load]( sealer_load.md) - load a Sealer Image from a tar file +* [sealer login]( sealer_login.md) - login image registry +* [sealer logout]( sealer_logout.md) - logout from image registry +* [sealer pull]( sealer_pull.md) - pull Sealer Image from a registry to local +* [sealer push]( sealer_push.md) - push Sealer Image to remote registry +* [sealer rmi]( sealer_rmi.md) - remove local images +* [sealer save]( sealer_save.md) - save Sealer Image to a tar file +* [sealer tag]( sealer_tag.md) - create one or more tags for local Sealer Image diff --git a/src/v0.10.0/command/image/sealer_rmi.md b/src/v0.10.0/command/image/sealer_rmi.md new file mode 100644 index 0000000..acb5a3d --- /dev/null +++ b/src/v0.10.0/command/image/sealer_rmi.md @@ -0,0 +1,59 @@ +# sealer rmi + +remove local images + +``` +sealer rmi [flags] +``` + +## Examples + +``` + + sealer rmi docker.io/sealerio/kubernetes:v1.22.15 + +prune dangling images: + sealer rmi --prune/-p + +force removal of the image and any containers using the image: + sealer rmi docker.io/sealerio/kubernetes:v1.22.15 --force/-f + + +``` + +## Options + +``` + -f, --force force removal of the image and any containers using the image + -h, --help help for rmi + -p, --prune prune dangling images +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer build]( sealer_build.md) - build a Sealer Image from a Kubefile +* [sealer images]( sealer_images.md) - list all Sealer Images on the local node +* [sealer inspect]( sealer_inspect.md) - print the image information or Clusterfile +* [sealer load]( sealer_load.md) - load a Sealer Image from a tar file +* [sealer login]( sealer_login.md) - login image registry +* [sealer logout]( sealer_logout.md) - logout from image registry +* [sealer pull]( sealer_pull.md) - pull Sealer Image from a registry to local +* [sealer push]( sealer_push.md) - push Sealer Image to remote registry +* [sealer rmi]( sealer_rmi.md) - remove local images +* [sealer save]( sealer_save.md) - save Sealer Image to a tar file +* [sealer tag]( sealer_tag.md) - create one or more tags for local Sealer Image + diff --git a/src/v0.10.0/command/image/sealer_save.md b/src/v0.10.0/command/image/sealer_save.md new file mode 100644 index 0000000..547f502 --- /dev/null +++ b/src/v0.10.0/command/image/sealer_save.md @@ -0,0 +1,58 @@ +# sealer save + +save Sealer Image to a tar file + +## Synopsis + +sealer save -o [output file name] [image name] + +``` +sealer save [flags] +``` + +## Examples + +``` + +save kubernetes:v1 image to kubernetes.tar file: + + sealer save -o kubernetes.tar kubernetes:v1 +``` + +## Options + +``` + --compress Compress tarball image layers when saving to a directory using the 'dir' transport. (default is same compression type as source) + --format string Save image to oci-archive, oci-dir (directory with oci manifest type), docker-archive, docker-dir (directory with v2s2 manifest type) (default "oci-archive") + -h, --help help for save + -o, --output string Write image to a specified file + --tmp-dir string set temporary directory when save image. if not set, use system`s temporary directory +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer build]( sealer_build.md) - build a Sealer Image from a Kubefile +* [sealer images]( sealer_images.md) - list all Sealer Images on the local node +* [sealer inspect]( sealer_inspect.md) - print the image information or Clusterfile +* [sealer load]( sealer_load.md) - load a Sealer Image from a tar file +* [sealer login]( sealer_login.md) - login image registry +* [sealer logout]( sealer_logout.md) - logout from image registry +* [sealer pull]( sealer_pull.md) - pull Sealer Image from a registry to local +* [sealer push]( sealer_push.md) - push Sealer Image to remote registry +* [sealer rmi]( sealer_rmi.md) - remove local images +* [sealer save]( sealer_save.md) - save Sealer Image to a tar file +* [sealer tag]( sealer_tag.md) - create one or more tags for local Sealer Image diff --git a/src/v0.10.0/command/image/sealer_tag.md b/src/v0.10.0/command/image/sealer_tag.md new file mode 100644 index 0000000..3c136db --- /dev/null +++ b/src/v0.10.0/command/image/sealer_tag.md @@ -0,0 +1,49 @@ +# sealer tag + +create one or more tags for local Sealer Image + +``` +sealer tag [flags] +``` + +## Examples + +``` + + sealer tag docker.io/sealerio/kubernetes:v1.22.15 firstName secondName + +``` + +## Options + +``` + -h, --help help for tag +``` + +## Options inherited from parent commands + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set +``` + +## SEE ALSO + +* [sealer build]( sealer_build.md) - build a Sealer Image from a Kubefile +* [sealer images]( sealer_images.md) - list all Sealer Images on the local node +* [sealer inspect]( sealer_inspect.md) - print the image information or Clusterfile +* [sealer load]( sealer_load.md) - load a Sealer Image from a tar file +* [sealer login]( sealer_login.md) - login image registry +* [sealer logout]( sealer_logout.md) - logout from image registry +* [sealer pull]( sealer_pull.md) - pull Sealer Image from a registry to local +* [sealer push]( sealer_push.md) - push Sealer Image to remote registry +* [sealer rmi]( sealer_rmi.md) - remove local images +* [sealer save]( sealer_save.md) - save Sealer Image to a tar file +* [sealer tag]( sealer_tag.md) - create one or more tags for local Sealer Image \ No newline at end of file diff --git a/src/v0.10.0/command/sealer.md b/src/v0.10.0/command/sealer.md new file mode 100644 index 0000000..fd6dccc --- /dev/null +++ b/src/v0.10.0/command/sealer.md @@ -0,0 +1,30 @@ +# sealer + +A tool to build, share and run any distributed applications. + +## Synopsis + +sealer is a tool to seal application's all dependencies and Kubernetes into Sealer Image by Kubefile, distribute this +application anywhere via Sealer Image, and run it within any cluster with Clusterfile in one command. + +## Options + +``` + --color string set the log color mode, the possible values can be [never always] (default "always") + --config string config file of sealer tool (default is $HOME/.sealer.json) + -d, --debug turn on debug mode + -h, --help help for sealer + --hide-path hide the log path + --hide-time hide the log time + --log-to-file write log message to disk + -q, --quiet silence the usage when fail + --remote-logger-url string remote logger url, if not empty, will send log to this url + --task-name string task name which will embedded in the remote logger header, only valid when --remote-logger-url is set + -t, --toggle Help message for toggle +``` + +## SEE ALSO + +* [sealer cluster](cluster/cluster.md) - cluster module command line +* [sealer image](image/image.md) - image module command line +* [sealer alpha](alpha/sealer_alpha.md) - sealer experimental sub-commands diff --git a/src/v0.10.0/concept/clusterfile.md b/src/v0.10.0/concept/clusterfile.md new file mode 100644 index 0000000..d26ae96 --- /dev/null +++ b/src/v0.10.0/concept/clusterfile.md @@ -0,0 +1,923 @@ +# Clusterfile + +Clusterfile is a file that is used to describe the desired cluster state, such as node information, node configuration, +and various startup configurations. it supports more flexible cluster configs like user defined kubeadm config, helm +values config overwriting, plugins ... + +This file can contain multiple objects in YAML format, such as cluster API, plugin API, config API. + +## Cluster API + +### Cluster Spec + +ClusterSpec defines the desired state of Cluster + +``` +type ClusterSpec struct { + // desired cluster image name. + Image string `json:"image,omitempty"` + // cluster level ENV list. it can be used to render configurations files under rootfs. + Env []string `json:"env,omitempty"` + // it's a string list to overwrite cluster image`s boot command. + CMD []string `json:"cmd,omitempty"` + // APPNames This field allows user to specify the app name they want to run launch. + APPNames []string `json:"appNames,omitempty"` + //hosts information for the cluster. + Hosts []Host `json:"hosts,omitempty"` + // cluster level ssh configs, if all cluster host is the same credentials, only need to set this field. + SSH v1.SSH `json:"ssh,omitempty"` + // HostAliases holds the mapping between IP and hostnames that will be injected as an entry in the + // host's hosts file. + HostAliases []HostAlias `json:"hostAliases,omitempty"` + // Registry field contains configurations about local registry and remote registry. + Registry Registry `json:"registry,omitempty"` +} + +type Host struct { + // host ip list. + IPS []net.IP `json:"ips,omitempty"` + // Host roles, its value is "master" Or "node". + Roles []string `json:"roles,omitempty"` + //host SSH configs. + SSH v1.SSH `json:"ssh,omitempty"` + //host level env list. + Env []string `json:"env,omitempty"` + // If not nil, labels will be set on this host. + Labels map[string]string `json:"labels,omitempty"` + // If not nil, taints will be set on this host. + Taints []string `json:"taints,omitempty"` +} + + +type HostAlias struct { + // IP address of the host file entry. + IP string `json:"ip,omitempty"` + // Hostnames for the above IP address. + Hostnames []string `json:"hostnames,omitempty"` +} + +type Registry struct { + // LocalRegistry is the sealer builtin registry configuration + LocalRegistry *LocalRegistry `json:"localRegistry,omitempty"` + // ExternalRegistry used to serve external registry service. do not support yet. + ExternalRegistry *ExternalRegistry `json:"externalRegistry,omitempty"` +} + +type RegistryConfig struct { + Domain string `json:"domain,omitempty"` + Port int `json:"port,omitempty"` + Username string `json:"username,omitempty"` + Password string `json:"password,omitempty"` +} + +type ExternalRegistry struct { + RegistryConfig +} + +type LocalRegistry struct { + RegistryConfig + // HA indicate that whether local registry will be deployed on all master nodes. + // if LocalRegistry is not specified, default value is true. + HA *bool `json:"ha,omitempty"` + // Insecure indicated that whether the local registry is exposed in HTTPS. + // if true sealer will not generate default ssl cert. + Insecure *bool `json:"insecure,omitempty"` + // Additional cert configuration information for the built-in registry + Cert TLSCert `json:"cert,omitempty"` +} + +type TLSCert struct { + SubjectAltName *SubjectAltName `json:"subjectAltName,omitempty"` +} + +type SubjectAltName struct { + DNSNames []string `json:"dnsNames,omitempty"` + IPs []string `json:"ips,omitempty"` +} + +``` + +### Use cases + +#### Apply a simple cluster by default + +create 3 masters and a node using cluster image `docker.io/sealerio/kubernetes:v1.22.15` + +```yaml +apiVersion: sealer.io/v2 +kind: Cluster +metadata: + name: default-kubernetes-cluster +spec: + image: docker.io/sealerio/kubernetes:v1.22.15 + ssh: + passwd: xxx + hosts: + - ips: [ 192.168.0.2,192.168.0.3,192.168.0.4 ] + roles: [ master ] + - ips: [ 192.168.0.5 ] + roles: [ node ] +``` + +#### Different hosts have different credential (for example password,and port) + +`cluster.spec.ssh` is cluster level ssh credential, if different hosts have different credential we only need to set +the `cluster.spec.hosts.ssh`. + +```yaml +apiVersion: sealer.io/v2 +kind: Cluster +metadata: + name: default-kubernetes-cluster +spec: + image: docker.io/sealerio/kubernetes:v1.22.15 + ssh: + passwd: xxx + port: "2222" + hosts: + - ips: [ 192.168.0.2 ] # this master ssh port is different with others. + roles: [ master ] + ssh: + passwd: yyy + port: "22" + - ips: [ 192.168.0.3,192.168.0.4 ] + roles: [ master ] + - ips: [ 192.168.0.5 ] + roles: [ node ] +``` + +#### Pre-set roles,labels,taints for cluster node + +set `cluster.spec.hosts.labels`, `cluster.spec.hosts.roles` and `cluster.spec.hosts.taints` in Clusterfile. + +```yaml +apiVersion: sealer.io/v2 +kind: Cluster +metadata: + name: my-cluster +spec: + hosts: + - ips: + - 172.16.26.162 + labels: + fake: labels + roles: + - master + taints: + - key1=value1:NoSchedule + - ips: + - 172.16.26.165 + labels: + sealer: test + roles: + - node + image: docker.io/sealerio/kubernetes:v1.22.15 + ssh: + passwd: password + pk: /root/.ssh/id_rsa + port: "22" + user: root +``` + +#### Overwrite cluster image`s boot command. + +we can overwrite the boot command by set `cluster.spec.cmd` in Clusterfile, this will only execute the `cmd` value to +launch cluster image. + +```yaml +apiVersion: sealer.io/v2 +kind: Cluster +metadata: + name: default-kubernetes-cluster +spec: + image: docker.io/sealerio/kubernetes:v1.22.15 + ssh: + passwd: xxx + hosts: + - ips: [ 192.168.0.2,192.168.0.3,192.168.0.4 ] + roles: [ master ] + - ips: [ 192.168.0.5 ] + roles: [ node ] + cmd: [ "kubectl apply -f etc/tigera-operator.yaml", "kubectl apply -f etc/custom-resources.yaml" ] +``` + +#### Overwrite cluster image`s boot apps. + +we can overwrite the boot apps by set `cluster.spec.appNames` in Clusterfile, if a cluster image contains one or more +apps by default. + +```yaml +apiVersion: sealer.io/v2 +kind: Cluster +metadata: + name: default-kubernetes-cluster +spec: + image: myimage-with-nginx-mysql:v1 + ssh: + passwd: xxx + hosts: + - ips: [ 192.168.0.2,192.168.0.3,192.168.0.4 ] + roles: [ master ] + - ips: [ 192.168.0.5 ] + roles: [ node ] + appNames: [ "nginx" ] +``` + +#### Using cluster ENV in Clusterfile + +cluster `cluster.spec.env` is used to render go template files under rootfs directory which file name is with +extension ".tmpl". + +files under below directory will be rendered by default. + +1. "${rootfs}/etc" +2. "${rootfs}/charts" +3. "${rootfs}/manifests" + +for example ,if we want to customize kubeadm config like "podSubnet" and "serviceSubnet" at `etc/kubeadm.yaml.tmpl` +using env render. + +```yaml +apiVersion: kubeadm.k8s.io/v1beta2 +kind: ClusterConfiguration +kubernetesVersion: v1.22.15 +controlPlaneEndpoint: "apiserver.cluster.local:6443" +imageRepository: sea.hub:5000 +networking: + podSubnet: {{ .PodCIDR }} + serviceSubnet: {{ .SvcCIDR }} +``` + +set "PodCIDR=172.24.0.0/24","SvcCIDR=10.96.0.0/16" in `cluster.spec.env`, sealer will render the "kubeadm.yaml.tmpl" +file and create a new file named `kubeadm.yaml`,and will use the new one to init the cluster. + +```yaml +apiVersion: sealer.io/v2 +kind: Cluster +metadata: + name: my-cluster +spec: + env: + - PodCIDR=100.64.0.0/10 + - SvcCIDR=10.96.0.0/16 + hosts: + ips: + - 172.16.0.197 + roles: + - master + ssh: + passwd: password123 + port: "22" + user: root + image: docker.io/sealerio/kubernetes:v1.22.15 +``` + +#### Using host ENV in Clusterfile + +Host env `cluster.spec.hosts.env` is generally used to configure script and plugin execution environment variables ,it +also inherits the cluster's env `cluster.spec.env` list. + +for example, some node have different storage device, we can set its real value by exporting host env to shell scripts. +cluster default storage device is "StorageDevice=/dev/vdc", while master node is "StorageDevice=/dev/vde", sealer will +use host env "StorageDevice=/dev/vde" for master node as their key is equal. + +```yaml +apiVersion: sealer.io/v2 +kind: Cluster +metadata: + name: my-cluster +spec: + image: docker.io/sealerio/kubernetes:v1.22.15 + env: + - EtcdDevice=/dev/vdb # EtcdDevice is device for etcd, default is "", which will use system disk + - StorageDevice=/dev/vdc # StorageDevice is device for kubelet and container daemon, default is "", which will use system disk + hosts: + - ips: [ 192.168.0.2 ] + roles: [ master ] # add role field to specify the node role + env: # all env are NOT necessary, rewrite some nodes has different env config + - EtcdDevice=/dev/vdb + - StorageDevice=/dev/vde + - ips: [ 192.168.0.3 ] + roles: [ node ] +``` + +## Config API + +Using config, you can overwrite or merge any config files you want. Like chart values, kubeadm config file ... + +### Config Spec + +below is the ConfigSpec, it defines the desired state of Config resource. + +``` +type ConfigSpec struct { + // Enumeration value is "merge" and "overwrite". default value is "overwrite". + // Only yaml files format are supported if strategy is "merge", this will deeply merge each yaml file section. + // Otherwise, will overwrite the whole file content with config data. + Strategy string `json:"strategy,omitempty"` + // preprocess with processor: value|toJson|toBase64|toSecret + Process string `json:"process,omitempty"` + // config real data + Data string `json:"data,omitempty"` + // the path to write the configs.the desired state of Cluster + Path string `json:"path,omitempty"` +} +``` + +### Use cases + +#### Using config to overwrite mysql chart values + +Append you config file into Clusterfile like this: + +```yaml +apiVersion: sealer.io/v1 +kind: Config +metadata: + name: mysql-config +spec: + path: application/apps/mysql/mysql.yaml + data: | + mysql-user: root + mysql-passwd: xxx +``` + +sealer will overwrite the file `config.spec.path`("application/apps/{APP name}/{you target file}") under cluster image +with the specified value `config.spec.data`. + +#### Using processor to pre process data into a specific format + +Currently, sealer supported preprocessor list: + +1. `value`: used to indicate that whether preprocess the entire data. if not set ,will only preprocess the value. +2. `toJson`: convert data to json format. +3. `toBase64`: encode data to base64 string. +4. `toSecret`: convert data to k8s secret format. + +we can freely combine these processors, if strategy is `tojson|tobase64` the entire data will be converted to json and +then encoded to base64 string. + +Examples: + +this will convert value to json, and then encoded it to base64 string. + +``` +apiVersion: sealer.io/v1 +kind: Config +metadata: + name: mysql-config +spec: + path: etc/mysql.yaml + process: value|toJson|toBase64 # pre process pipeline + data: + config: + username: root + passwd: xxx +``` + +pre process data to json: + +```json +{ + "username": "root", + "passwd": "xxx" +} +``` + +then process to base64: `ewogICJ1c2VybmFtZSI6ICJyb290IiwKICAicGFzc3dkIjogInh4eCIKfQ==` and write to `config.spec.path`: +etc/mysql.yaml with the content: + +``` +config: ewogICJ1c2VybmFtZSI6ICJyb290IiwKICAicGFzc3dkIjogInh4eCIKfQ== +``` + +## Plugin API + +### Plugin Spec + +PluginSpec defines the desired state of Plugin + +``` +type PluginSpec struct { + Type string `json:"type,omitempty"` + Data string `json:"data,omitempty"` + Action string `json:"action,omitempty"` + Scope string `json:"scope,omitempty"` +} +``` + +* for `PluginSpec.Type`: plugin type,currently only supported "SHELL". +* for `PluginSpec.Data`: plugin`s real data, sealer will use it to do actual action. +* for `PluginSpec.Scope`: plugin`s scope, it is usually the role name, support use '|' to specify multiple scopes. if + not set, default is all hosts excluding cluster type plugins. +* for `PluginSpec.Action`: phase of this plugin will run. if action is `host type`,will execute on `PluginSpec.Scope` + specified, if it is `cluster type` , only execute plugin at master0. below is the phase list we currently supported. + +plugin will be executed by `PluginSpec.Name` in alphabetical order at the same stage. + +The following is a detailed introduction for plugin action.it is divided into 2 categories, one is the `host type` +plugin and the other is the `cluster type` plugin. + +| action name | action scope | category| explanation | +| :-----| ----: | ----: |----: | +| pre-init-host | all host |host type | will run before init cluster host | +| post-init-host | all host | host type| will run after init cluster host | +| pre-clean-host | all host | host type| will run before clean cluster host | +| post-clean-host | all host | host type| will run after clean cluster host | +| pre-install | master0 | cluster type| will run before install cluster | +| post-install | master0 |cluster type | will run after install cluster | +| pre-uninstall | master0 |cluster type | will run before uninstall cluster | +| post-uninstall | master0 | cluster type| will run after uninstall cluster | +| pre-scaleup | master0 | cluster type| will run before scaleup cluster | +| post-scaleup | master0 | cluster type| will run after scaleup cluster | +| upgrade-host | all host | host type| will run before upgrade cluster | +| upgrade | master0 | cluster type| will run for upgrading cluster | + +### Use cases + +#### Configure the system disk before initialize the host + +use `pre-init-host` to init each host`s disk. + +```yaml +apiVersion: sealer.io/v1 +kind: Plugin +metadata: + name: pre_init_host +spec: + type: SHELL + action: pre-init-host + scope: master | node + data: | + set -x + bash scripts/pre_init_disk.sh + if [ $? -ne 0 ];then + exit 1 + fi +``` + +#### Configure cluster storage class after install the cluster + +use `post-install` to configure cluster storage class. + +```yaml +apiVersion: sealer.io/v1 +kind: Plugin +metadata: + name: post_install +spec: + type: SHELL + action: post-install + data: | + set -x + # process taints first + if [ "${RemoveMasterTaint}" == "true" ];then + kubectl taint node node-role.kubernetes.io/master- --all || true + fi + # set default storageclass and snapshot + kubectl annotate storageclass yoda-lvm-default snapshot.storage.kubernetes.io/is-default-class="true" --overwrite + kubectl annotate storageclass yoda-lvm-default storageclass.kubernetes.io/is-default-class="true" --overwrite +``` + +#### Do the actual upgrade work when upgrading the cluster + +use `upgrade` to upgrade cluster kubernetes version. + +```yaml +apiVersion: sealer.io/v1 +kind: Plugin +metadata: + name: upgrade +spec: + type: SHELL + action: upgrade + data: | + set -x + # sealer won't provide specific upgrade capabilities, only the entrance. + # you can do the actual upgrade work in your own upgrade shell. + bash scripts/upgrade.sh +``` + +## Application API + +### Application Spec + +ApplicationSpec defines the desired state of Application + +```yaml +type ApplicationSpec struct { + //Cmds raw command line which has the highest priority, is mutually exclusive with the AppNames parameter + // it could be overwritten from ClusterSpec.CMD and cli flags, and it is not required. + Cmds []string `json:"cmds"` + + //LaunchApps This field allows user to specify the app names they want to launch. + // it could be overwritten from ClusterSpec.APPNames and cli flags. + LaunchApps []string `json:"launchApps,omitempty"` + + // Configs Additional configurations for the specified app + //it will override the default launch command and delete command, as well as the corresponding app files. + Configs []ApplicationConfig `json:"configs,omitempty"` +} + + type ApplicationConfig struct { + // the AppName + Name string `json:"name,omitempty"` + + // Env is a set of key value pair. + // it is app level, only this app will be aware of its existence, + // it is used to render app files, or as an environment variable for app startup and deletion commands + // it takes precedence over ApplicationSpec.Env. + Env []string `json:"env,omitempty"` + + // app Launch customization + Launch *Launch `json:"launch,omitempty"` + + Files []AppFile `json:"files,omitempty"` +} + + type Launch struct { + // Cmds raw cmds support, not required, exclusive with app type. + Cmds []string `json:"cmds,omitempty"` +} + + type AppFile struct { + // Path represents the path to write the Values, required. + Path string `json:"path,omitempty"` + + // Enumeration value is "merge", "overwrite". default value is "overwrite". +// OverWriteStrategy: this will overwrite the FilePath with the Data. +// MergeStrategy: this will merge the FilePath with the Data, and only yaml files format are supported + Strategy Strategy `json:"strategy,omitempty"` + + // Data real app launch need. + // it could be raw content, yaml data, yaml section data, key-value pairs, and so on. + Data string `json:"data,omitempty"` +} +``` + +### Use cases + +#### overwrite image launch cmds + +```yaml +apiVersion: sealer.io/v2 +kind: Application +metadata: + name: my-apps +spec: + cmds: + - kubectl apply -f ns.yaml + - kubectl apply -f nginx.yaml +--- +apiVersion: sealer.io/v2 +kind: Cluster +metadata: + name: my-cluster +spec: + hosts: + - ips: + - 172.16.83.189 + roles: + - master + ssh: { } + image: my-app:v1 + ssh: + passwd: "password" + pk: /root/.ssh/id_rsa + port: "22" + user: root +``` + +`sealer run -f Clusterfile.yaml` + +this will only execute `ApplicationSpec.Cmds`: "kubectl apply -f ns.yaml" and "kubectl apply -f nginx.yaml". + +#### overwrite image launch apps + +```yaml +apiVersion: sealer.io/v2 +kind: Application +metadata: + name: my-apps +spec: + launchApps: + - app1 + - app2 +--- +apiVersion: sealer.io/v2 +kind: Cluster +metadata: + name: my-cluster +spec: + hosts: + - ips: + - 172.16.83.189 + roles: + - master + ssh: { } + image: my-app:v1 + ssh: + passwd: "password" + pk: /root/.ssh/id_rsa + port: "22" + user: root +``` + +`sealer run -f Clusterfile.yaml` + +this will only launch two apps with its default launch cmds defined from kubefile: "app1","app2" + +#### overwrite app launch cmds + +```yaml +apiVersion: sealer.io/v2 +kind: Application +metadata: + name: my-apps +spec: + launchApps: + - app1 + - app2 + configs: + - name: app2 + launch: + cmds: + - kubectl apply -f app2.yaml +--- +apiVersion: sealer.io/v2 +kind: Cluster +metadata: + name: my-cluster +spec: + hosts: + - ips: + - 172.16.83.189 + roles: + - master + ssh: { } + image: my-app:v1 + ssh: + passwd: "password" + pk: /root/.ssh/id_rsa + port: "22" + user: root +``` + +`sealer run -f Clusterfile.yaml` + +this will only launch two apps ("app1","app2"): + +* for "app1": use its default launch cmds defined from kubefile. +* for "app2": overwrite its default launch cmds as "kubectl apply -f app2.yaml". + +#### overwrite app files with config data + +currently, we support below strategy for app modification. + +* "overwrite": overwrite strategy will overwrite the FilePath with the Data. + +example: + +```yaml +apiVersion: sealer.io/v2 +kind: Application +metadata: + name: my-apps +spec: + launchApps: + - redis + configs: + - name: redis + files: + - path: rediscert + strategy: "overwrite" + data: | + redis-user: root + redis-passwd: xxx +--- +apiVersion: sealer.io/v2 +kind: Cluster +metadata: + name: my-cluster +spec: + hosts: + - ips: + - 172.16.26.162 + roles: + - master + ssh: { } + image: abc:v1 + ssh: + passwd: xxxxxx + pk: /root/.ssh/id_rsa + port: "22" + user: root +``` + +then we can apply this application config through `sealer apply`. + +for "redis"app ,will overwrite data to "rediscert" file: + +```yaml +[ root@iZbp1chh98quny8r8r71bhZ]# cat /var/lib/sealer/data/my-cluster/rootfs/application/apps/redis/rediscert + redis-user: root + redis-passwd: xxx +``` + +#### merge app files with config data + +currently, we support below strategy for app modification. + +* "merge": merge strategy will merge the FilePath with the Data, and only yaml files format are supported. + +example: + +```yaml +apiVersion: sealer.io/v2 +kind: Application +metadata: + name: my-apps +spec: + launchApps: + - yamlapp + configs: + - name: yamlapp + files: + - path: merge.yaml + strategy: "merge" + data: | + data: + test-key: test-key + metadata: + namespace: test-namespace +--- +apiVersion: sealer.io/v2 +kind: Cluster +metadata: + name: my-cluster +spec: + hosts: + - ips: + - 172.16.26.162 + roles: + - master + ssh: { } + image: abc:v1 + ssh: + passwd: xxxxxx + pk: /root/.ssh/id_rsa + port: "22" + user: root +``` + +then we can apply this application config through `sealer apply`. + +for "yamlapp", will merge data to "merge.yaml" file: + +before: + +```yaml +[ root@iZbp1chh98quny8r8r71bhZ]# cat merge.yaml + apiVersion: v1 + data: + key1: myConfigMap1 + kind: ConfigMap + metadata: + name: myConfigMap1 +--- +apiVersion: v1 +data: + key2: myConfigMap2 +kind: ConfigMap +metadata: + name: myConfigMap2 +``` + +after: + +```yaml +[ root@iZbp1chh98quny8r8r71bhZ]# cat /var/lib/sealer/data/my-cluster/rootfs/application/apps/yamlapp/merge.yaml + apiVersion: v1 + data: + key1: myConfigMap1 + test-key: test-key + kind: ConfigMap + metadata: + name: myConfigMap1 + namespace: test-namespace +--- +apiVersion: v1 +data: + key2: myConfigMap2 + test-key: test-key +kind: ConfigMap +metadata: + name: myConfigMap2 + namespace: test-namespace +``` + +#### render app files with config env + +using config env to do app file rendering, support Golang HTML template rendering syntax. + +example: + +set Deployment `ImageName` as a variable in template file `nginx.yaml.tmpl`. + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-deployment +spec: + selector: + matchLabels: + app: nginx + replicas: 2 + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: {{ .ImageName }} + ports: + - containerPort: 80 +``` + +below is the build context: + +```shell +├── Kubefile +└── nginx + └── nginx.yaml.tmpl +``` + +Kubefile: + +```shell +FROM scratch +APP app1 local://nginx +APPCMDS app1 ["kubectl apply -f nginx.yaml"] +LAUNCH ["app1"] +``` + +using `ImageName="docker.io/bitnami/nginx:latest"`as app1 env config at clusterfile, this will render `nginx.yaml.tmpl` +to `nginx.yaml` and change `ImageName` to its value after apply. + +```yaml +kind: Application +metadata: + name: my-apps +spec: + launchApps: + - app1 + configs: + - name: app1 + env: + - ImageName="docker.io/bitnami/nginx:latest" +--- +apiVersion: sealer.io/v2 +kind: Cluster +metadata: + name: my-cluster +spec: + hosts: + - ips: + - 172.16.26.162 + roles: + - master + ssh: { } + image: my-nginx:v1 + ssh: + passwd: xxxxxx + pk: /root/.ssh/id_rsa + port: "22" + user: root +``` + +we can check the result : + +```shell +cat /var/lib/sealer/data/my-cluster/rootfs/application/apps/app1/nginx.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-deployment +spec: + selector: + matchLabels: + app: nginx + replicas: 2 + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: "docker.io/bitnami/nginx:latest" + ports: + - containerPort: 80 +``` diff --git a/src/v0.10.0/concept/kubefile.md b/src/v0.10.0/concept/kubefile.md new file mode 100644 index 0000000..9d3485b --- /dev/null +++ b/src/v0.10.0/concept/kubefile.md @@ -0,0 +1,276 @@ +# Kubefile + +A `Kubefile` is a text document that contains all the commands a user could call on the command line to assemble an +image.We can use the `Kubefile` to define a cluster image that can be shared and deployed offline. a `Kubefile` just +like `Dockerfile` which contains the build instructions to define the specific cluster. + +## FROM instruction + +The `FROM` instruction defines which base image you want reference, and the first instruction in Kubefile must be the +FROM instruction. Registry authentication information is required if the base image is a private image. By the way +official base images are available from the Sealer community. + +> command format:FROM {your base image name} + +USAGE: + +For example ,use the base image `kubernetes:v1.19.8` which provided by the Sealer community to build a new cloud image. + +`FROM docker.io/sealerio/kubernetes:v1.22.15` + +## COPY instruction + +The `COPY` instruction used to copy the contents from the context path such as file or directory to the `rootfs`, and the default src path is +the `rootfs` .If the specified destination directory does not exist, sealer will create it automatically. + +> command format:COPY {src dest} + +USAGE: + +For example , copy `mysql.yaml`to`rootfs/mysql.yaml` + +`COPY mysql.yaml .` + +For example , copy directory `apollo` to `rootfs/charts/apollo` + +`COPY apollo charts` + +## APP instruction + +The `APP` instruction defines an app virtual object and specify the materials that needed to start an app, +and finally we can define the running object in terms of the dimensions of the `APP` by `LAUNCH` instruction. + +> command format:APP APP_NAME scheme:path1 scheme:path2 + +USAGE: + +For example: + ++ Using `APP` instruction to define a `mysql` app which contains files form the local chart dir `local://mysql/`. + + `APP mysql local://mysql/` + ++ Using `APP` instruction to define a `dashboard` app which contains [remote k8s resource file](https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml) and the remote file will be auto downloaded. + + `APP dashboard https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml` + ++ Using `APP` instruction to define a `dashboard` app which contains a local k8s resource file `recommended.yaml`. + + `APP dashboard local://recommended.yaml` + ++ Using `APP` instruction to define a `business` app which contains a local shell file `install.sh`. + + `APP business local://install.sh` + +## CNI instruction + +The `CNI` instruction provides or overrides CNI plugins, the syntax is same with `APP`. + +And there are some points that require special attention: + ++ Multiple `CNI` definitions can be specified. If the name is the same, the last one takes precedence. ++ The `CNI` can be thought of as an `APP` with type Kubernetes CNI. Beyond this, it will automatically fills in the label `cluster.alpha.sealer.io/kube-cni` to declare the CNI list supported by the Sealer Image. + +> command format:CNI CNI_NAME scheme:path1 scheme:path2 + +USAGE: + +For example ,Using `CNI` instruction to define the Sealer Image supports both flannel and calico CNI plugin and use `LAUNCH` instruction to specifies that the flannel will be started by default. + +``` +CNI flannel https://raw.githubusercontent.com/flannel-io/flannel/v0.20.2/Documentation/kube-flannel.yml +CNI calico local://calico.sh +LAUNCH ["flannel"] +``` + +## CSI instruction + +The `CSI` instruction provides or overrides CSI plugins. +Except it will automatically fills in the label `cluster.alpha.sealer.io/kube-csi`, other features are identical with `CNI`instruction + +And there are some points that require special attention: + ++ Multiple `CSI` definitions can be specified. If the name is the same, the last one takes precedence. ++ The `CSI` can be thought of as an `APP` with type Kubernetes CNI. Beyond this, it will automatically fills in the label `cluster.alpha.sealer.io/kube-csi` to declare the CNI list supported by the Sealer Image. + +> command format:CSI CSI_NAME scheme:path1 scheme:path2 + +## CMD instruction + +> NOTE: Deprecated, `LAUNCH` and `CMDS` are more recommended. + +The format of CMD instruction is similar to RUN instruction, and also will execute any commands in a new layer. However, +the CMD command will be executed when the cluster is started . it is generally used to start applications or configure +the cluster. and it is different with `Dockerfile` CMD ,If you list more than one CMD in a `Kubefile` ,then all of them +will take effect. + +> command format:CMD {command args ...} + +USAGE: + +For example ,Using `CMD` instruction to execute a commands that apply the kubernetes dashboard yaml. + +`CMD kubectl apply -f recommended.yaml` + +## CMDS instruction + +> NOTE: `LAUNCH` instruction is more recommended than `CMDS`. + +The format of CMDS instruction will execute any commands in a new layer. The CMDS command will be executed when `sealer run` . +It is generally used to start applications or configure the cluster. + +And there are some points that require special attention: + ++ Just like with `Dockerfile` CMD , if there are multiple `CMDS` instructions in the `Kubefile`, only the last one takes effect. ++ The `CMDS` of the parent image will not be inherited, and you need to redefine it in the child image if you need to have it set. ++ The `CMDS` instruction and the `LAUNCH` instruction are in conflict, and only one of them can exist. + +> command format:CMD {command args ...} + +USAGE: + +For example ,Using `CMDS` instruction to execute a commands that apply the kubernetes dashboard yaml. + +`CMDS ["kubectl apply -f recommended.yaml","echo success"]` + +## APPCMDS instruction + +The `APPCMDS` instruction specify the cmds for a specified app and the context is the dir of specified app. + +And there are some points that require special attention: + ++ If there are more than one `APPCMDS` for a `APP` then only the last `APPCMDS` will take effect. ++ The `APPCMDS` takes effect only if the corresponding APP_NAME is specified in `LAUNCH` instruction, ++ If no `APPCMDS` specified for APP_NAME, By default, the default command will be generated based on its type. For now, the following file or directory types are supported: + + Helm Chart + + K8S YAML + + Linux Shell + +> command format:APPCMDS APP_NAME ["executable","param1","param2"] + +USAGE: + +For example: + +Using `APPCMDS` instruction to specify the launch cmds for nginx app to override the `kubectl apply -f nginx.yaml` command generated by default. + +``` +APP nginx local://nginx.yaml +APPCMDS nginx ["kubectl apply -f nginx.yaml -n nginx-namespace"] +LAUNCH ["nginx"] +``` + +## LAUNCH instruction + +The `LAUNCH` instruction specifies a list of apps to launch when sealer run. Only one `LAUNCH` instruction can be defined in the `Kubefile`. + +And there are some points that require special attention: + ++ The `LAUNCH` of the parent image will not be inherited, and you need to redefine it in the child image if you need to have it set. ++ The `LAUNCH` instruction and the `CMDS` instruction are in conflict, and only one of them can exist. + +> command format:LAUNCH {command args ...} + +USAGE: + +For example ,Using `LAUNCH` instruction to start mysql and business apps defined by `APP` instruction. + +`LAUNCH ["mysql","business"]` + +## LABEL instruction + +The `LABEL` instruction allows to add some metadata to a Sealer Image just like `Dockerfile LABEL instruction`. + +And there are some points that require special attention: + ++ An image can have more than one label. You can specify multiple labels on a single line. ++ Sealer reserves all label keys prefixed with `sealer.io`, such as: + + `cluster.alpha.sealer.io/cluster-runtime-type`, supported cluster runtime type, such as kubernetes, k0s, k3s, etc + + `cluster.alpha.sealer.io/cluster-runtime-version`, supported cluster runtime version + + `cluster.alpha.sealer.io/container-runtime-type`, supported container runtime type, such as docker, containerd, etc + + `cluster.alpha.sealer.io/container-runtime-version`, supported container runtime version + + `cluster.alpha.sealer.io/kube-cni`, supported cni plugin list, such as calico,flannel, etc + + `cluster.alpha.sealer.io/kube-csi`, supported csi plugin list + + `app.alpha.sealer.io/supported-kube-version`, a [SemVer](https://github.com/Masterminds/semver) range of compatible Kubernetes versions by the applications ++ All labels will be inherited by child image. ++ In general, a base [Sealer Cluster Image](sealer-image.md#cluster-image) should declare supported cluster runtimes, container runtimes, etc. + +``` +command format: +LABEL = = = ... +LABEL = \ + = \ + = ... +``` + +USAGE: + +For example ,Using `LABEL` instruction to define the supported cluster runtime and container runtime info for Sealer Image. + +``` +LABEL "cluster.alpha.sealer.io/cluster-runtime-version"="v1.22.15" +LABEL "cluster.alpha.sealer.io/cluster-runtime-type"="kubernetes" +LABEL "cluster.alpha.sealer.io/container-runtime-type"="docker" +LABEL "cluster.alpha.sealer.io/container-runtime-version"="20.10.14" +``` + +## KUBEVERSION + +The `KUBEVERSION` instruction defines a [SemVer](https://github.com/Masterminds/semver) range of compatible Kubernetes versions for a [Sealer Application Image](sealer-image.md#application-image). +In fact, the `KUBEVERSION` instruction is equivalent to the `LABEL app.alpha.sealer.io/supported-kube-version`. + +And there are some points that require special attention: + ++ If there are multiple apps in the `Kubefile`, you should take the intersection of the cluster versions they support ++ Some checks will be done against the `KUBEVERSION` value, and the value must follow the format [SemVer range](https://github.com/Masterminds/semver). + +> command format:KUBEVERSION {command args ...} + +USAGE: + +For example ,Using `KUBEVERSION` instruction to declare that the `Sealer Image` supports kubernetes version between 1.22 and 1.24. + +`KUBEVERSION 1.22 - 1.24` + +## ENV instruction + +The `ENV` instruction sets the environment variable `` to the value ``. This value will be in the +environment for all subsequent instructions in the build stage and will also save to image spec as well for lately used, +such as file rendering . + +> command format: ENV key=value + +USAGE: + +For example: + +Using `ENV` instruction to specify the global key pair for all apps + +``` +FROM scratch +ENV globalKey=globalValue +APP app1 local://app1 +APP app2 local://app2 +LAUNCH ["app1","app2"] +``` + +## APPENV instruction + +The `APPENV` instruction sets the environment variable `` to the value ``. This value will only be used to +specified app, and used to do app file rendering. + +> command format: APPENV APP_NAME key1=value1 key2=value2 + +USAGE: + +For example: + +Using `APPENV` instruction to specify the key pair for an app. + +``` +FROM scratch +APP app1 local://app1 +APP app2 local://app2 +APPENV app1 key1=value1 key2=value2 +LAUNCH ["app1","app2"] +``` \ No newline at end of file diff --git a/src/v0.10.0/concept/sealer-image.md b/src/v0.10.0/concept/sealer-image.md new file mode 100644 index 0000000..99b32a4 --- /dev/null +++ b/src/v0.10.0/concept/sealer-image.md @@ -0,0 +1,113 @@ +# Sealer Image + +## What is Sealer Image? + +A `Sealer Image` is a read-only file with all dependencies that needed to run a cluster and distributed applications. +Just like OCI Image, an image is often based on another image, with some additional customization. +In fact, the format of sealer image is also fully compliant with the [OCI specification](https://github.com/opencontainers). + +## Application Image + +An `Sealer Image` that does not contain Kubernetes and other KxS runtimes. + +![](../../../attachment/images/app-kubefile.png) + +### How to build an application image + +Kubefile: + +``` +FROM scratch +APP mysql https://charts/mysql.tgz +APP elasticsearch https://charts/ elasticsearch.tgz +APP redis local://redis.yaml +APP businessApp local://install.sh +LAUNCH ["mysql", "redis", "businessApp"] +``` + +build command: + +> NOTE: --type=kube-installer is the default value for sealer build + +``` +sealer build -f Kubefile -t my-app:1.0.0 --type=app-installer . +``` + +## Cluster Image + +An `Sealer Image` that contains Kubernetes or other KxS runtimes. + +![](../../../attachment/images/cluster-kubefile.png) + +### How to build a custom cluster image + +```shell +# sealer inspect docker.io/sealerio/kubernetes:v1.22.15 +{ + "id": "bb75382891e7f04f192f1baeab18ef9c9f5503f4de8ac6dfc2a4d94f2164dde6", + "name": "docker.io/sealerio/kubernetes:v1.22.15", + "digest": "sha256:2f92b0149053ece9de6c683754f76fb9fd023a44540a9e33fc371afb8b76cc1b", + "manifestv1": { + ...... + }, + "ociv1": { + ...... + }, + "buildClient": { + "sealerVersion": "v0.9.0", + "buildahVersion": "1.27.1" + }, + "schemaVersion": "v1alpha1", + "type": "kube-installer", + "applications": [ + { + "name": "calico", + "type": "shell", + "launchfiles": [ + "calico.sh" + ], + "version": "v1" + } + ], + "launch": { + "app_names": [ + "calico" + ] + } +} +``` + +Kubefile: + +> NOTE: When we build an image based on a base image, +> we need to re-declare the app that needs to be launched in the base image for `LAUNCH` instruction. +> +> For more details about `APP` and `LAUNCH`, please refer to [Kubefile](kubefile.md) + +``` +FROM docker.io/sealerio/kubernetes:v1.22.15 +APP mysql https://charts/mysql.tgz +APP elasticsearch https://charts/elasticsearch.tgz +APP redis local://redis.yaml +APP businessApp local://install.sh +LAUNCH ["calico", "mysql", "elasticsearch", "redis", "businessApp"] +``` + +or + +``` +FROM docker.io/sealerio/kubernetes:v1.22.15 +COPY mysql.tgz . +COPY elasticsearch.tgz . +COPY redis.yaml . +COPY install.sh . +CMDS ["sh application/apps/calico/calico.sh", "helm install mysql.tgz", "helm install elasticsearch.tgz", "kubectl apply -f redis.yaml", "bash install.sh"] +``` + +build command: + +> NOTE: --type=kube-installer is the default value for sealer build + +``` +sealer build -f Kubefile -t my-kubernetes:1.0.0 . +``` diff --git a/src/v0.10.0/contributing/code-of-conduct.md b/src/v0.10.0/contributing/code-of-conduct.md new file mode 100644 index 0000000..813d0d5 --- /dev/null +++ b/src/v0.10.0/contributing/code-of-conduct.md @@ -0,0 +1,3 @@ +# Code of conduct + +[code of conduct](https://github.com/sealerio/sealer/blob/main/code-of-conduct.md) \ No newline at end of file diff --git a/src/v0.10.0/contributing/contribute.md b/src/v0.10.0/contributing/contribute.md new file mode 100644 index 0000000..008dade --- /dev/null +++ b/src/v0.10.0/contributing/contribute.md @@ -0,0 +1,11 @@ +# Contributing + +👉 Make sure to read the [Code of Conduct](https://github.com/sealerio/sealer/blob/main/code-of-conduct.md). + +## Contribute to Docs + +👉 Follow the [guide](https://github.com/sealerio/sealer/issues/628). + +## Contributing guide + +👉 Follow the [guide](https://github.com/sealerio/sealer/blob/main/CONTRIBUTING.md). diff --git a/src/v0.10.0/getting-started/install-sealer.md b/src/v0.10.0/getting-started/install-sealer.md new file mode 100644 index 0000000..2e462ed --- /dev/null +++ b/src/v0.10.0/getting-started/install-sealer.md @@ -0,0 +1,61 @@ +# Installing Sealer + +## System requirements + +Recommended OS: + +| Arch | OS | Kernel | +| :----------------------------: | :-----------------------------------------------------------------------------------------: | :-------------------------------------------------------: | +| x86/arm64 | CentOS/RHEL 7.5
CentOS/RHEL 7.6
CentOS/RHEL 7.7
CentOS/RHEL 7.8
CentOS/RHEL 7.9 | 4.18.* (recommend)
4.19.*
3.10.*(>=3.10.0-1160) | + +## From the Binary Releases + +Every release of sealer provides binary releases for a variety of OSes. These binary versions can be manually downloaded +and installed. + +1. Download sealer binary + +```shell +wget https://github.com/sealerio/sealer/releases/download/v0.10.0/sealer-v0.10.0-linux-amd64.tar.gz +``` + +2. Unpack it + +```shell +tar zxvf sealer-v0.10.0-linux-amd64.tar.gz +``` + +3. Find the sealer binary in the unpacked directory, and move it to its desired destination + +```shell +mv sealer /usr/bin +``` + +## From the Source code + +1. Download sealer code + +```shell +git clone https://github.com/sealerio/sealer.git +``` + +2. Enter the Sealer project + +```shell +cd sealer +``` + +3. Switch to the main branch + +```shell +git checkout main +``` + +4. Build the sealer binary + +```shell +make linux +``` + +5. The built Sealer binaries are placed in the `_output/bin/sealer/linux_amd64/sealer` directory,you can upload it to + your own machine for use \ No newline at end of file diff --git a/src/v0.10.0/getting-started/quick-start.md b/src/v0.10.0/getting-started/quick-start.md new file mode 100644 index 0000000..8ac4d85 --- /dev/null +++ b/src/v0.10.0/getting-started/quick-start.md @@ -0,0 +1,139 @@ +# Quick start + +This guide covers how you can quickly get started using Sealer. + +## Prerequisites for kubernetes + +1. Install the sealer locally. +2. Prepare six hosts and record their IPs and passwords, the following conditions are recommended: + 1. Hardware: 4C8G + 50G(System Disk) + 2. OS: CentOS/RHEL 7.5、CentOS/RHEL 7.6、CentOS/RHEL 7.7、CentOS/RHEL 7.8、CentOS/RHEL 7.9 + 3. Kernel: 4.18.\*(Recommend)、4.19.\* 、 3.10.\*(>=3.10.0-1160) + +## Install a kubernetes cluster + +```shell +# run a kubernetes cluster +sealer run docker.io/sealerio/kubernetes:v1-22-15-sealerio-2 \ + --masters 192.168.0.2,192.168.0.3,192.168.0.4 \ + --nodes 192.168.0.5,192.168.0.6,192.168.0.7 --passwd xxx +``` + +:::tip Password reminder +The password cannot contain the `$` environment variable character, as [cobra](https://github.com/spf13/cobra/) cannot recognize it. You can run Sealer using one of the following methods: user `\$`、 `'1234$a'` OR `"1234\$a"` +::: + +```shell +[root@iZm5e42unzb79kod55hehvZ ~]# kubectl get node +NAME STATUS ROLES AGE VERSION +izm5e42unzb79kod55hehvz Ready master 18h v1.22.15 +izm5ehdjw3kru84f0kq7r7z Ready master 18h v1.22.15 +izm5ehdjw3kru84f0kq7r8z Ready master 18h v1.22.15 +izm5ehdjw3kru84f0kq7r9z Ready 18h v1.22.15 +izm5ehdjw3kru84f0kq7raz Ready 18h v1.22.15 +izm5ehdjw3kru84f0kq7rbz Ready 18h v1.22.15 +``` + +## PREREQUISITES for k0s + +1. Install the sealer locally. +2. prepare four hosts and record their IPs and passwords, the condition you should refer [System-requirements](https://docs.k0sproject.io/v1.26.2+k0s.0/system-requirements/) + +## Install a k0s cluster + +```shell +sealer run docker.io/sealerio/k0s:v1-24-10-sealerio-1 \ + --masters 192.168.0.2 \ + --nodes 192.168.0.5,192.168.0.6,192.168.0.7 --passwd xxx +``` + +```shell +[root@iZm5e42unzb79kod55hehvZ ~]# kubectl get node +NAME STATUS ROLES AGE VERSION +izm5ehdjw3kru84f0kq7r9z Ready 18h v1.24.10-k0s.0 +izm5ehdjw3kru84f0kq7raz Ready 18h v1.24.10-k0s.0 +izm5ehdjw3kru84f0kq7rbz Ready 18h v1.24.10-k0s.0 +``` + +## Build an app image + +To build an app image, start by creating a nginx.yaml file with the following content: + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-nginx + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + run: my-nginx + template: + metadata: + labels: + run: my-nginx + spec: + containers: + - name: my-nginx + image: nginx + ports: + - containerPort: 80 +``` + +Next, create a `Kubefile` with the following content: + +```shell +FROM scratch +APP nginx local://nginx.yaml +LAUNCH ["nginx"] +``` + +Finally, run the following command to build the app image: + +```shell +sealer build -f Kubefile -t sealer-io/nginx:latest --type app-installer +``` + +## Run the app image + +To run the app image, use the following command: + +```bash +sealer run sealer-io/nginx:latest +``` + +You can check the pod by running the following command: + +```bash +kubectl get pod -A +``` + +## Push the app image to the registry + +To push the app image to the registry, use the following command: + +```bash +sealer tag sealer-io/nginx:latest {registryDomain}/sealer-io/nginx:latest +sealer push {registryDomain}/sealer-io/nginx:latest +``` + +You can push the app image to Docker Hub, Ali ACR, or Harbor. + +## Clean the cluster + +If you want to clean the cluster, run the following command: + +```shell +sealer delete -a +``` + +Please note that some information of the basic settings will be written to the cluster and stored in `/root/.sealer/Clusterfile` locally. + +## SEE ALSO + ++ [Kubefile](../concept/kubefile.md) ++ [Sealer Image](../concept/sealer-image.md) ++ [Sealer Cluster Image List](../sealer-images/cluster-images.md) ++ [Running sealer image as a Non-root User](../advanced/sealer-run-rootless.md) \ No newline at end of file diff --git a/src/v0.10.0/help/contact.md b/src/v0.10.0/help/contact.md new file mode 100644 index 0000000..e2eb2cb --- /dev/null +++ b/src/v0.10.0/help/contact.md @@ -0,0 +1,13 @@ +# Contacts + +* Email: sealerio@list.alibaba-inc.com +* Twitter: [@sealer](https://twitter.com/sealer_oss) +* DingTalk Group: 34619594 + + +
+ +
+ + +If you're using sealer, [let us know](https://github.com/sealerio/sealer/issues/119) \ No newline at end of file diff --git a/src/v0.10.0/help/faq.md b/src/v0.10.0/help/faq.md new file mode 100644 index 0000000..27f6adb --- /dev/null +++ b/src/v0.10.0/help/faq.md @@ -0,0 +1,50 @@ +# FAQ + +This section is mean to answer the most frequently asked questions about sealer. And it will be updated regularly. + +## How to clean host environment manually when sealer apply failed. + +in some case ,when you failed to run sealer apply ,and the hints show a little that is not enough to use, this section +will guild you how to clean your host manually. + +you may follow the below clean steps when run kubeadm init failed. + +## delete my-cluster directory if it existed + +```shell +rm -rf /var/lib/sealer/data/my-cluster +``` + +## delete kubernetes directory if it existed + +```shell +rm -rf /etc/kubernetes +rm -rf /etc/cni +rm -rf /opt/cni +``` + +## delete docker registry if it existed + +```shell +docker ps +docker rm -f -v sealer-registry +``` + +you may follow the below clean steps if your cluster is up. + +## kubeadm reset + +```shell +kubeadm reset -f +``` + +## delete kube config and kubelet if it existed + +```shell +rm -rf $HOME/.kube/config +rm -rf ~/.kube/ && rm -rf /etc/kubernetes/ && \ +rm -rf /etc/systemd/system/kubelet.service.d && rm -rf /etc/systemd/system/kubelet.service && \ +rm -rf /usr/bin/kube* && rm -rf /usr/bin/crictl && \ +rm -rf /etc/cni && rm -rf /opt/cni && \ +rm -rf /var/lib/etcd && rm -rf /var/etcd +``` \ No newline at end of file diff --git a/src/v0.10.0/introduction/architecture.md b/src/v0.10.0/introduction/architecture.md new file mode 100644 index 0000000..4a5bc41 --- /dev/null +++ b/src/v0.10.0/introduction/architecture.md @@ -0,0 +1,31 @@ +# Architecture + +Sealer has two top module: Image Module & Cluster Module + +The Image module using Kubefile and build context as input, and build a Sealer Image that contains all the dependencies. + +The Cluster module implements the desired state of cluster through Clusterfile and Sealer Image. + +## Image module + +![](../../../attachment/images/image-arch.png) + +### Build Engine + +* parser : parse Kubefile into Dockerfile. +* builder : execute each build instruction and save its asset. +* committer : commit Sealer Image to image engine. + +### Image Engine + +Provides a common interface to the Sealer Image, such as list,delete,mount,inspect and the interaction with the local +disk and the remote registry hub. + +## Cluster module + +![](https://user-images.githubusercontent.com/83740799/210050465-104e7374-1bf0-429b-af0e-a471f022fbb9.png) + +* common user interface: provides a common user interface to launch Sealer Image through sealer CLI or Clusterfile. +* image preprocessor: implement content distribution and modification through config or env render for the Sealer Image. +* cluster runtime: cluster installer implementation, like using kubeadm to install or upgrade k8s cluster. +* plugin : implements the maintenance of hosts and the modification of the cluster at different process phase. diff --git a/src/v0.10.0/introduction/introduction.md b/src/v0.10.0/introduction/introduction.md new file mode 100644 index 0000000..746c8c6 --- /dev/null +++ b/src/v0.10.0/introduction/introduction.md @@ -0,0 +1,24 @@ +# What is Sealer? + +## Introduction + +Sealer[ˈsiːlər] provides a new way of distributed application delivery which is reducing the difficulty and complexity by packaging Kubernetes cluster and all application's dependencies into one `Sealer Image`. + +We can write a `Kubefile`, and build a `Sealer Image`, then using a `Clusterfile` to run a `Sealer Image`. + +![](https://user-images.githubusercontent.com/8912557/117400612-97cf3a00-af35-11eb-90b9-f5dc8e8117b5.png) + +>[Kubefile](../concept/kubefile.md): a file that describes how to build a Sealer Image. +> +>[Sealer Image](../concept/sealer-image.md): like docker image, and it contains all the dependencies you need to deploy a cluster or applications(like container images, yaml files or helm chart). +> +>[Clusterfile](../concept/clusterfile.md): a file that describes how to run a Sealer Image. + +## Awesome features + ++ Simplicity: Packing the distributed application into ClusterImage with few instructions. ++ Efficiency: Launching the k8s-based application through ClusterImage in minutes. ++ Scalability: Powerful cluster and image life cycle management, such as cluster scale, upgrade, image load, save and so on. ++ Compatibility: Multi-arch delivery Supporting. Such as AMD, ARM with common Linux distributions. ++ Iterative: Incremental operations on ClusterImage is like what container image behaves. + diff --git a/src/v0.10.0/reference/buildah.md b/src/v0.10.0/reference/buildah.md new file mode 100644 index 0000000..a0d879e --- /dev/null +++ b/src/v0.10.0/reference/buildah.md @@ -0,0 +1 @@ +# Buildah \ No newline at end of file diff --git a/src/v0.10.0/release-notes/0.9.2.md b/src/v0.10.0/release-notes/0.9.2.md new file mode 100644 index 0000000..2e978cd --- /dev/null +++ b/src/v0.10.0/release-notes/0.9.2.md @@ -0,0 +1,9 @@ +# Release Notes + +## Breaking Changes + +## Features + +## Bug Fixes + +## Optimization diff --git a/src/v0.10.0/sealer-images/application-images.md b/src/v0.10.0/sealer-images/application-images.md new file mode 100644 index 0000000..470cfc1 --- /dev/null +++ b/src/v0.10.0/sealer-images/application-images.md @@ -0,0 +1 @@ +# Application Image List diff --git a/src/v0.10.0/sealer-images/cluster-images.md b/src/v0.10.0/sealer-images/cluster-images.md new file mode 100644 index 0000000..963c985 --- /dev/null +++ b/src/v0.10.0/sealer-images/cluster-images.md @@ -0,0 +1,32 @@ +# Cluster Image List + +## K8S Cluster Image List + +### Best practices + ++ [@ackdistro](https://github.com/AliyunContainerService/ackdistro/blob/main/docs/user-guide/getting-started.md) + +### Officially + +| v0.9.2 | Arch | OS | Network plugins | container runtime | +| :----------------------------------------------------: | :-------------------------------------: | :-------------------------------------------------------------------------------------------------: | :-------------------------------------: | :-------------------------------------: | +| docker.io/sealerio/kubernetes:v1-18-3-sealerio-2 | x86 | CentOS/RHEL 7.5
CentOS/RHEL 7.6
CentOS/RHEL 7.7
CentOS/RHEL 7.8
CentOS/RHEL 7.9 | calico | hack docker v19.03.14 | +| docker.io/sealerio/kubernetes:v1-20-4-sealerio-2 | x86 | CentOS/RHEL 7.5
CentOS/RHEL 7.6
CentOS/RHEL 7.7
CentOS/RHEL 7.8
CentOS/RHEL 7.9 | calico | hack docker v19.03.14 | +| docker.io/sealerio/kubernetes:v1-22-15-sealerio-2 | x86 | CentOS/RHEL 7.5
CentOS/RHEL 7.6
CentOS/RHEL 7.7
CentOS/RHEL 7.8
CentOS/RHEL 7.9 | calico | hack docker v19.03.14 | +| docker.io/sealerio/kubernetes-arm64:v1-18-3-sealerio-2 | arm64 | CentOS/RHEL 7.5
CentOS/RHEL 7.6
CentOS/RHEL 7.7
CentOS/RHEL 7.8
CentOS/RHEL 7.9 | calico | hack docker v19.03.14 | +| docker.io/sealerio/kubernetes-arm64:v1-20-4-sealerio-2 | arm64 | CentOS/RHEL 7.5
CentOS/RHEL 7.6
CentOS/RHEL 7.7
CentOS/RHEL 7.8
CentOS/RHEL 7.9 | calico | hack docker v19.03.14 | +| docker.io/sealerio/kubernetes-arm64:v1-22-15-sealerio-2| arm64 | CentOS/RHEL 7.5
CentOS/RHEL 7.6
CentOS/RHEL 7.7
CentOS/RHEL 7.8
CentOS/RHEL 7.9 | calico | hack docker v19.03.14 | + +## K0S Cluster Image List + +| v0.9.2 | Arch | OS | Network plugins | container runtime | +|:------------------------------------------:|:----:|:-------------------------------------------------------------------------------------------:|:------------------------:|:-----------------:| +| docker.io/sealerio/k0s:v1-24-10-sealerio-1 | x86 | CentOS/RHEL 7.5
CentOS/RHEL 7.6
CentOS/RHEL 7.7
CentOS/RHEL 7.8
CentOS/RHEL 7.9 | kube-router(k0s-default) | containerd | + +## K3S Cluster Image List + +// Coming Soon + +## SEE ALSO + ++ [build-custom-cluster-images](https://github.com/sealerio/basefs/blob/new_basefs/README.md)