BestHub
Sign in
Cloud Native 15 min read

Understanding Cluster Images: How Sealer Enables One‑Command Kubernetes Deployments

This article explains what a cluster image is, compares it with single‑machine setups, introduces Alibaba's open‑source Sealer tool, and provides step‑by‑step commands and examples for building, running, and managing Kubernetes cluster images across various environments.

Alibaba Cloud Native
Alibaba Cloud Native
Alibaba Cloud Native
Understanding Cluster Images: How Sealer Enables One‑Command Kubernetes Deployments

Cluster Image Overview

A cluster image is a packaged resource that contains all files required to run an entire Kubernetes cluster, similar to an OS .iso or a Docker image but for distributed environments.

Comparison with Single‑Machine Images

Single machines have compute, storage, and network drivers; clusters use CNI/CSI/CRI implementations as drivers.

Single machines run Ubuntu/CentOS; a cluster treats Kubernetes as a cloud operating system.

On a single machine you run a Docker container or VM; on a cluster you run a Kubernetes instance.

Single machines use VM or Docker images; clusters increasingly adopt analogous layered image technologies.

Typical Contents of a Kubernetes‑Based Cluster Image

Docker binaries, systemd configuration, dockerd settings, and a private container registry.

Kubernetes core component binaries, container images, kubelet system configuration, etc.

Application YAML files or Helm charts together with their container images.

All additional scripts, configs, and binary tools required for the applications.

Sealer – Open‑Source Implementation

Project URL: https://github.com/alibaba/sealer Sealer packages an entire distributed software stack, enabling a “Build‑Share‑Run” workflow for Kubernetes clusters.

One‑Command SaaS Delivery

Traditional delivery steps:

Install a Kubernetes cluster with a separate tool.

Run helm install mysql es redis … (and import container images in offline environments).

Execute kubectl apply your‑saas.

These steps are error‑prone. With Sealer a single command handles all of them:

sealer run your-saas-application-with-mysql-redis-es:latest

Building a Cluster Image

Define a Kubefile (similar to a Dockerfile):

# Base image containing all Kubernetes startup dependencies
FROM registry.cn-qingdao.aliyuncs.com/sealer-io/cloudrootfs:v1.16.9-alpha.7
# Download the official dashboard yaml
RUN wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
# Apply the dashboard yaml at runtime
CMD kubectl apply -f recommended.yaml

Build the image:

sealer build -t your-saas-application-with-mysql-redis-es:latest .

Run the image on master and node machines:

sealer run kubernetes-with-dashboard:latest \
  --master 192.168.0.2,192.168.0.3,192.168.0.4 \
  --node 192.168.0.5,192.168.0.6 \
  --passwd xxx

Push the built image to a Docker registry (compatible with Docker registries):

sealer tag kubernetes-with-dashboard:latest docker.io/fanux/dashboard:latest
sealer push docker.io/fanux/dashboard:latest

Use Cases

Install Kubernetes and manage its lifecycle (upgrade, backup, restore, scaling).

Package and install cloud‑native software stacks such as Prometheus or MySQL clusters.

Deliver entire SaaS solutions in offline private‑cloud scenarios.

Integrate with public‑cloud providers, specifying server counts and specs without handling individual IPs.

Technical Principles

Copy‑On‑Write Storage

Cluster images are stored using copy‑on‑write layers, allowing different distributed components to be layered and enabling the final image to be pushed to a Docker registry.

Container Image Caching

During sealer build a temporary Kubernetes cluster is launched; all images referenced by the user’s resources are pulled and cached into the cluster image, regardless of the orchestration method.

Sealer provides two mechanisms for private‑registry handling: a Docker‑compatible hack that prefers private images, and a proxy that intercepts Docker requests to fetch from the private registry when available.

Load Balancing

Sealer uses the lightweight lvscare IPVS‑based load balancer, which runs on nodes, monitors the API server, and automatically updates rules.

Runtime Support

Base images can target specific runtimes, for example:

FROM kubernetes:v1.18.3
RUN curl -L https://istio.io/downloadIstio | sh -

or for k3s:

FROM k3s:v1.18.3
RUN curl -L https://istio.io/downloadIstio | sh -

Infrastructure Management

Sealer includes its own infrastructure manager; provisioning a six‑node Alibaba Cloud cluster takes about 30 seconds, reducing API calls and integrating with Clusterfile configurations.

Conclusion

Sealer simplifies the creation, distribution, and operation of Kubernetes cluster images, making it easy to deliver distributed SaaS applications, install complex software stacks, manage high‑availability clusters, and operate in both private‑cloud offline and public‑cloud environments.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Cloud NativeKubernetesSealerCluster Image
Alibaba Cloud Native
Written by

Alibaba Cloud Native

We publish cloud-native tech news, curate in-depth content, host regular events and live streams, and share Alibaba product and user case studies. Join us to explore and share the cloud-native insights you need.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment