BestHub
Sign in
Cloud Native 15 min read

Sealer 0.9 Unveiled: Cluster‑Centric Build, Share & Run with Enhanced App Support

Sealer 0.9 introduces a cluster‑centric model for building, sharing and running distributed applications, adds Sealer Image types, enriches Kubefile with LABEL, KUBEVERSION, APP, CNI, CSI, APPCMDS and LAUNCH directives, and outlines future roadmap and community resources.

Alibaba Cloud Native
Alibaba Cloud Native
Alibaba Cloud Native
Sealer 0.9 Unveiled: Cluster‑Centric Build, Share & Run with Enhanced App Support

Release Overview

Sealer 0.9 is released. The project shifts focus from a cluster‑dimension “Build, Share, Run” model to a “cluster‑as‑foundation, application‑as‑center” model, strengthening support for distributed applications.

Sealer Image Types

Two image categories:

Cluster Image : contains a cluster runtime such as Kubernetes, K0s, or K3s. During the run phase the cluster and any bundled applications are installed.

Application Image : does not contain a cluster runtime and must be run on an existing cluster.

Kubefile Enhancements

New directives:

LABEL : adds metadata similar to Dockerfile LABEL. Labels prefixed with sealer.io are reserved, e.g., cluster.alpha.sealer.io/cluster-runtime-type, cluster.alpha.sealer.io/container-runtime-type.

KUBEVERSION : defines a compatible Kubernetes version range for an application image using Semantic Versioning 2.0.0.

APP : defines a virtual application object with associated resources. Syntax: APP APP_NAME scheme:path1 scheme:path2.

CNI / CSI : specialized APP directives for network and storage plugins; they automatically generate label keys cluster.alpha.sealer.io/kube-cni and cluster.alpha.sealer.io/kube-csi.

APPCMDS : scoped to an APP, similar to Dockerfile CMD. Only the last declaration for a given APP takes effect.

LAUNCH : specifies which APPs to start when the image runs. Only one LAUNCH block is allowed per Kubefile; child images must redeclare it if they need a different launch set.

Example Kubefiles

Cluster Image :

FROM sealerio/kubernetes:v1.22.15
LABEL "cluster.alpha.sealer.io/cluster-runtime-version"="v1.22.15"
LABEL "cluster.alpha.sealer.io/cluster-runtime-type"="kubernetes"
LABEL "cluster.alpha.sealer.io/container-runtime-type"="docker"
LABEL "cluster.alpha.sealer.io/container-runtime-version"="20.10.14"
CNI calico local://install-calico.sh
CNI flannel local://flannel.yaml
CSI alibaba-cloud-csi-driver local://install-alibaba-cloud-csi-driver.sh

Application Image :

FROM scratch
KUBEVERSION 1.22 - 1.24
APP redis local://redis.yaml
APP nginx local://nginx.yaml
APPCMDS nginx ["kubectl apply -f nginx.yaml -n nginx-namespace"]
APP mysql local://charts/mysql/ local://values.yaml
APPCMDS mysql ["helm install mysql .", "-f values.yaml", "--set key=value"]
LABEL "created-by"="sealer.io"
LAUNCH ["nginx", "mysql"]

Build and Run Commands

Tag the image type during build: sealer build --type kube-installer – builds a cluster image. sealer build --type app-installer – builds an application image.

Run an application image:

sealer run ${appImageName}

Clusterfile Extension for Application Configuration

Clusterfile can override LAUNCH or APPCMDS at runtime. Example:

apiVersion: sealer.cloud/v2
kind: Cluster
metadata:
  name: my-cluster
spec:
  image: myimage-with-nginx-mysql:v1
  appNames: ["nginx"]
---
apiVersion: sealer.io/v2
kind: Application
metadata:
  name: my-apps
spec:
  configs:
  - name: app1
    launch:
      cmds:
      - kubectl apply -f ns.yaml
      - kubectl apply -f nginx.yaml -n namespace
  - name: app2
    launch:
      cmds:
      - helm install my-nginx bitnami/nginx

APP, CNI, CSI, APPCMDS, and LAUNCH Directives

APP defines a virtual application. The scheme can be local://path (relative to the build context) or an HTTP(S) URL. Supported file types are .sh, .yaml/.yml, and Helm chart directories.

CNI and CSI are shortcuts for APP that automatically generate the corresponding label keys.

APPCMDS provides the command(s) to execute for a given APP; only the last APPCMDS for an APP is used.

LAUNCH lists the APP names to start when the image runs. Only one LAUNCH block is effective; child images must redeclare it to change the launch set.

Future Roadmap (Technical Highlights)

Expand APP types to include Helm charts, Kustomize, OAM, etc., and launch a community Sealer Image Hub.

Enhance cluster‑centric capabilities: large‑scale cluster installation, support for additional container runtimes (containerd, K0s, K3s), and richer operational toolboxes (certificate issuance, health checks, OS audit).

Upgrade the image engine to be fully OCI‑compatible using buildah.

Leverage Kubernetes admission webhook mechanisms (e.g., Kyverno) for image policy enforcement.

Key References

Sealer repository: https://github.com/sealerio/sealer

Sealer Image documentation: http://sealer.cool/docs/concept/sealer-image.html

Semantic Versioning library: https://github.com/Masterminds/semver

Buildah project: https://github.com/containers/buildah

Kyverno policy engine: https://github.com/kyverno/kyverno

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Cloud NativeKubernetesSealerKubefileOCIcontainer images
Alibaba Cloud Native
Written by

Alibaba Cloud Native

We publish cloud-native tech news, curate in-depth content, host regular events and live streams, and share Alibaba product and user case studies. Join us to explore and share the cloud-native insights you need.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment