Introduction: This article introduces how TO use ACK Distro as a basic image to build CNStack Community Edition and how the ACK Agile product of CNStack Community Edition can help users better use the capabilities of the container platform.

Author: Lin Shi

CNStack Community Edition (CNStack CE) is a member of ali Yunyun’s native Stack (CNStack) product family. CNStack Community Edition can be downloaded for free and can be deployed and run on limited resources. CNStack Community Edition is packaged and delivered using Sealer, using ACK Distro, a container service, as a Kubernetes base.

This article will show you :(1) how to build CNStack community edition using ACK Distro as a base image. You can see this process as an example of sealer packaging and delivering applications based on ACK Distro images. (2) How does CNStack Community Edition’s ACK Agile offering help users better use the capabilities of the container platform

Container service ACK Agile edition is the first aliyun native product integrated into CNStack community edition

Build CNStack Community Edition based on ACK Distro

The current CNStack Community edition release includes a “Container Services ACK Agile Edition” section that uses Sealer’s cluster mirroring technology to package and deliver products. The CNStack Community Edition cluster image structure of ACK Distro and Container Service ACK Agile is as follows.

Make CNStack community edition cluster image based on ACK Distro

CNStack Community Edition uses ACK Distro as the Kubernetes base image and packages the new cluster image with Sealer.

The community edition cluster uses the cluster image file Kubefile to do the following:

• Configure the environment as necessary before deploying ACK Distro (for example, create a local directory for the CNStack Community Edition application)
• Declare and deploy components and configurations for CNStack Community Edition
• Configure the ACK Distro cluster that has been deployed

Kubefile contains the following contents:

# Adopt ACK-Distro: V1.20.4-ACK-2 as the base mirror FROM Ack-agility-registry.cn-shanghai.cr.aliyuncs.com/ecp_builder/ackdistro:v1.20.4-ack-2 COPY imageList manifests the COPY Kubeadm-cluster-config.yaml.tmpl etc # prehook and posthook COPY plugin_localpv.yaml plugin COPY Plugin_iptables. Yaml plugin COPY plugin_clean.yaml plugin # chart and configuration file COPY of the component.. /component/charts/localpv charts COPY .. /component/charts/aecp-installer-operator charts COPY .. /component/charts/aecp charts COPY .. /component/charts/cluster-addon-configuration charts COPY .. # / component/clusterconfig yaml manifests deployment components CMD helm install localpv charts/localpv CMD helm install Aecp - Installer-operator Charts/AECp - Installer-operator CMD helm install AECp Charts/AECp # CMD kubectl create NS cluster-local CMD kubectl-n kube-system scale deploy hybridnet-webhook --replicas=1 CMD kubectl -n kube-system scale deploy hybridnet-manager --replicas=1 CMD kubectl taint nodes $(hostname | tr A-Z a-z) node-role.kubernetes.io/master=:NoSchedule- CMD kubectl label nodes $(hostname | tr A-Z a-z) lb=nginx CMD kubectl label Nodes $(hostname | tr a-z a-z) addon - local repo = true # ready waiting for components. Depending on the machine performance, the waiting time is different. In our test scenario, the end of CMD for I in 'seq 0 1 2000' is about 3min. do if kubectl get addonconfiguration 2> /dev/null; then helm install cluster-addon-configuration charts/cluster-addon-configuration && break; fi; echo "wait CRD ready ... $i out of 2000 tries" && sleep 1; Done CMD kubectl manifests the apply - f/clusterconfig yaml # basis function need adapter scene of countless according to plate, so there is no use local functional opne - local storage pool. In the Clusterfile deployment mode, you can enable CMD helm uninstall-n kube-system open-local againCopy the code

Here are some of the main features CNStack Community Edition uses to build cluster images based on ACK Distro:

• The plugin plug-in
• Deploy components through helm
• Configure the cluster, for example, label node

The Plugin can be used to execute hooks before, after, and after cluster deployment. In the following example, plugin_localpv.yaml uses.spec.action: PreInit to declare that the preceding actions are performed before the cluster deployment starts. The action content is described in data. The directories created in the data description are used when the CNStack Community edition does not use additional data disks, and are used by volumes mounted to HostPath using containers. Note that these directories are used only when the open-local component is not used. If open-local is used, the components of CNStack community edition use local storage in the dynamic storage resource pool provided by open-local (how to use these directories will be described in the following chapters). Plugin_localpv. yaml reads as follows:

apiVersion: sealer.aliyun.com/v1alpha1
kind: Plugin
metadata:
  name: prepare_local_dir # Specify this plugin name,will dump in $rootfs/plugin dir.
spec:
  type: SHELL
  action: PreInit # PreInit PreInstall PostInstall
  data: |
    rm -rf /var/lib/cnstackce
    rm -rf /opt/aecp
    vgremove open-local-pool-0 --force || echo "No vg: open-local-pool-0 found. OK"
    mkdir -p /var/lib/cnstackce/data/storage-loki-0
    mkdir -p /var/lib/cnstackce/data/addon-package-standard-pv
    mkdir -p /var/lib/cnstackce/data/caas-api-pv
    mkdir -p /var/lib/cnstackce/data/caas-core-pv
    mkdir -p /var/lib/cnstackce/data/caas-db-caas-db-0
    mkdir -p /var/lib/cnstackce/data/grafana-pv
    mkdir -p /var/lib/cnstackce/data/prometheus-k8s-db-prometheus-k8s-0
    touch /var/lib/cnstackce/data/checker
Copy the code

All components of the container service ACK Agile version are deployed in the form of helm, which only needs to be reflected in Kubefile as (1) Copy helm Chart to the Charts directory; (2) Execute helm Install at deployment time. According to manifests by the ecp – installer/clusterconfig yaml declared in the parameters of the automatic deployment of other container services ACK agile version of the component.

Finally, in Kubefile, through CMD declaration to configure the cluster after the cluster deployment is complete, such as node marking (help container service ACK Agile select LB nodes and ingress entry), remove the stigma and other operations.

The CNStack community build directory is as follows. The entire directory is available at the end of this article.

[root@cnstackcebuilder]~# Tree Charts -L 3 Charts ├─ Build-cnStack-CE │ ├─ build.sh │ ├─ imageList │ ├─ Yaml. TMPL │ ├─ Kubeadm-cluster.config.tMPl │ ├─ Kubeadm-cluster.config.yaml Plugin_localpv. Yaml │ └ ─ ─ the readme. Md └ ─ ─ component ├ ─ ─ charts │ ├ ─ ─ aecp │ ├ ─ ─ aecp installer - operator │ ├ ─ ─ ├ ─ sci-imp, ├ ─ sci-impCopy the code

Run bash build.sh test001 directly under Charts/build-cnstack-CE (test001 is the tag name) and sealer tools will automatically download and package cluster images and build results can be queried via Sealer Images.

Flexible configuration through Clusterfile

The previous section describes the generated cluster image, which can be deployed in a single-machine environment with one click:

# get sealer tools wget - c "http://sealer.oss-cn-beijing.aliyuncs.com/sealers/sealer-v0.5.2-linux-amd64.tar.gz" && tar XVF. - Sealer - v0.5.2 - Linux - amd64. Tar. Gz - C/usr/bin sealer run registry.cn-qingdao.aliyuncs.com/sealer-apps/cnstack-ce:1.1.0 -m  `hostname -i` -p $passwdCopy the code

The above cluster image is directly deployed to the cluster, including the basic function set of CNStack Community Edition. Users of proprietary cloud products may have different requirements for product experience based on their own requirements:

• Some users want to play with the basics first, checking feature lists, managing interface styles, and so on. These users expect simple deployment, preferably one-click, and quick results.
• Some users want to experience as much functionality as possible, such as PoC, with the necessary resources
• Some users want to adapt container platform services to their production environment through careful configuration and resource planning.

Back to the cluster image we just made, the basic function set only requires the user to prepare an 8C12G VIRTUAL machine, without additional data disks, to complete the deployment. (The basic function set does not include advanced functions such as monitoring, logging, and elasticity.) The power of ACK Distro is to enable Clusterfile configuration with Sealer, enabling open-local dynamic storage pool management in ACK Distro, and modifying the default container service ACK Agile configuration in cluster mirroring, Deploy a version of the full feature set with advanced capabilities such as monitoring, logging, and resiliency.

CNStack Community Edition currently provides three deployment specifications, as shown in the following table:

Table: Current deployment scale of CNStack Community Edition

Here we describe how to enable the full feature set by modifying Clusterfile.

To enable open-local, configure VG resources on each node.

apiVersion: sealer.aliyun.com/v1alpha1 kind: Plugin metadata: name: prepare_vg # Specify this plugin name,will dump in $rootfs/plugin dir. spec: type: SHELL action: PreInit # PreInit PreInstall PostInstall # init data disk for open-local-lvm # VG_DEV must be set as an available data disk name (lsblk -p), e.g. VG_DEV=/dev/vdb data: | VG_DEV=#DataDiskDeviceName# yum install lvm2 -y vgremove open-local-pool-0 --force || echo "no open-local-pool-0 found, volume group Cleaning OK..." echo "start vgcreate. device name: $VG_DEV" vgcreate open-local-pool-0 $VG_DEV if [ $? -ne 0 ]; then echo "vgcreate failed" && exit 1; fi echo "vg preparation done with success."Copy the code

In the CNStack cluster image, we have disabled open-local and configured StorageClass as manual, so we need to redeploy open-local in Clusterfile through PostInstall Plugin. And configure the new StorageClass.

apiVersion: sealer.aliyun.com/v1alpha1
kind: Plugin
metadata:
  name: install-open-local # Specify this plugin name,will dump in $rootfs/plugin dir.
spec:
  type: SHELL
  action: PostInstall # PreInit PreInstall PostInstall
  'on': $MASTER_IP_1
  # install open-local
  data: |
    helm uninstall localpv
    helm install -n kube-system open-local charts/open-local
Copy the code

You can configure the deployment switch and parameters of the container Service ACK Agile by referring to the configuration object overwrite cluster image. In this example, change the SC of the container Service ACK Agile to open-local.

apiVersion: sealer.aliyun.com/v1alpha1
kind: Config
metadata:
  name: cluster-addon-sc
spec:
  path: charts/cluster-addon-configuration/values.yaml
  data: |
      dataStorageClass: open-local-lvm
Copy the code

As you can see from the examples above, flexibility in deployment specifications is not simply a matter of subfunctionality being added and subtracted — an irresponsible combination can lead to endless delivery and operational risks. CNStack community edition provides specifications through design verification, and in the deployment process, resource planning has been optimized scheme, you can rest assured to use.

Thanks to the flexibility of Sealer, ACK Distro, and supercomponents, CNStack Community edition has many more customizable dimensions, such as a more flexible product function mix and product configurations for different sizes of businesses, to come in future releases.

Build on the advantages of USING CNStack Community Edition in ACK Distro

It can help users build cloud native infrastructure

Container platform is a new interface for user applications to interact with IaaS. It is responsible for application publishing and maintenance on the top and infrastructure resource management on the bottom, and abstracts heterogeneous infrastructures in user data centers into infrastructures that are more conducive to implementing cloud native best practices. Industry best practices: observations, disaster recovery, cost optimization, microservice management, AI, and many other advanced IT solutions depend on an “as-expected”, reliable cloud-native infrastructure.

Figure: CNStack product capability

One of the capabilities of ACK Agile, the container service shown here, is to help users build a reliable cloud-native infrastructure. After years of experience with numerous customers’ proprietary cloud services, container Services ACK Agile has summarized a series of key lessons in building cloud native infrastructure, which are implemented in the CNStack Community Edition in the following two aspects:

1. Good delivery experience
2. ADAPTS to user IaaS

Good delivery experience

One of the top problems plaguing users in a proprietary cloud is the hype around sales and the start of delivery within a week. Cumbersome operational processes, functional dependencies that only a seasoned engineer could understand, long text error messages with no information, and no clear acceptance criteria were the main issues we encountered in proprietary cloud delivery scenarios. With CNStack Community Edition, we use Sealer as a packaging and delivery tool, leveraging ACK Distro’s ability to fit multiple IaaS to define the boundaries of deployment tasks at each stage and achieve one-click deployment of the minimum functional set version. Advanced features are described through Clusterfile a file & Quick one-click deployment.

ADAPTS to user IaaS

Given the complexity of user investment cycles and decisions on IT devices, IT is our goal to have CNStack Community Edition deployed and run smoothly in mainstream environments. User adaptation IaaS has two meanings:

1. The container platform can be deployed on the user inventory IaaS, so that heterogeneous IaaS can be abstracted into a unified resource object
2. Maintain reasonable cloud usage habits of users and reduce business change costs

If I look at ACK Distro and its storage and networking components as tools we offer that can function independently in the hands of different artisans, then CNStack Community Edition’s Container service ACK Agile is a well-crafted toolbox. To provide users with out-of-the-box container platform services that can adapt to user IaaS. We describe the efforts of ACK Agile in adapting IaaS to help users maintain the habit of using cloud from three dimensions of classical computing, storage and network:

• To calculate

• Container service ACK Agile uses the same Kubernetes component image as public cloud ACK, so it is the best fit for community compliance, security, and version compatibility

• Storage (open-local)

• For some users who do not have a reliable commercial storage solution, we can manage the node storage that users use to deploy Kubernetes as a resource pool

• On the premise of reserving some resources for ETCD, Docker and Kubelet, delivery will be carried out to ensure the stability of the runtime

• Hybridnet

• Overlay /underlay container network provides smooth coexistence/transformation capabilities, shielding the underlying infrastructure with overlay container network and connecting the underlying infrastructure with the underlay container network. This can be done to some extent. Provides high-performance, pass-through network capabilities

• Provides a unified model and plane for network control, manages overlay/underlay networks in a unified manner, and provides rich capabilities in address policy allocation and network resource management

Unlike public cloud infrastructures that have complete and stable apis, user IaaS have different apis and configuration requirements based on IaaS vendors, versions, compliance requirements, and o&M habits. Container service ACK Agile version has been adapted to Ali Cloud, Huawei Cloud, Telecom Cloud, EasyStack, VMWare, ZStack, etc. (Note: the community version has only been fully tested on CentOS of ECS/ physical machine, and more adaptations will be introduced in the later version)

Helps users manage infrastructure and applications simultaneously

CNStack Community Edition helps users manage their infrastructure and publish and operate applications that run on it. Container Services ACK Agile edition provides users with capabilities in application o&M, cluster O&M and platform management. Due to space constraints, we will briefly cover the list of features, which will be covered in a future article.

• Application operation and maintenance:
• Application release. You can publish your application to a cluster in a variety of ways
• Product warehouse. Support docking your own product warehouse, also support docking Ali cloud ACR
• Platform operation and maintenance:
• Helps administrators define multiple organizations and tenants so that platform resources can be used by more users while providing sufficient isolation to ensure security
• Cluster operation and maintenance:
• This section describes how to learn about the running status of clusters and applications, including resource list, monitoring of the whole market, and service logs

Stay tuned for more details on these features in the next article.

Future development of CNStack Community Edition

Serving the digital transformation of the enterprise through cloud Native technologies is CNStack’s mission. Currently, CNStack Community Edition, through Sealer, ACK Distro and Container Services ACK Agile edition, can help users build cloud-native base infrastructure and manage platforms and applications. However, if users want to enjoy the convenience brought by more cloud native, they still need more intermediate products such as EDAS (application management), message queue, monitoring, and more solutions such as edge, AI, big data, etc. As the CNStack Community Edition continues to be updated, we will continue to bring more capabilities to users, making it easier for users to access our products and services.

The original link

This article is the original content of Aliyun and shall not be reproduced without permission.