sealer

# Using Config

Using config, you can overwrite or merge any config files you want. Like chart values, docker daemon.json, kubeadm config file ...

# overwrite configuration

# Using config overwrite calico custom configuration

Cases of image registry.cn-qingdao.aliyuncs.com/sealer-io/kubernetes:v1.19.8:

# default custom-resources.yaml:
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
  name: default
spec:
  calicoNetwork:
    ipPools:
    - blockSize: 26
      cidr: 100.64.0.0/10
      encapsulation: IPIP
      natOutgoing: Enabled
      nodeSelector: all()
    nodeAddressAutodetectionV4:
      interface: "eth.*|en.*"

If the default IP automatic detection or CIDR modification is not met, append the modified configuration metadata to the Clusterfile and apply it:

apiVersion: sealer.cloud/v2
kind: Cluster
metadata:
  name: default-kubernetes-cluster
spec:
  image: registry.cn-qingdao.aliyuncs.com/sealer-io/kubernetes:v1.19.8
  ssh:
    passwd: xxx
  hosts:
    - ips: [192.168.0.2,192.168.0.3,192.168.0.4]
      roles: [master]
    - ips: [192.168.0.5]
      roles: [node]
...
---
apiVersion: sealer.aliyun.com/v1alpha1
kind: Config
metadata:
  name: calico
spec:
  path: etc/custom-resources.yaml
  data: |
    apiVersion: operator.tigera.io/v1
    kind: Installation
    metadata:
      name: default
    spec:
      calicoNetwork:
        ipPools:
        - blockSize: 26
          cidr: 100.64.0.0/10 #In line with the cluster network podCIDR
          encapsulation: IPIP
          natOutgoing: Enabled
          nodeSelector: all()
        nodeAddressAutodetectionV4:
          interface: "eth*|en*" #Change the IP automatic detection rule to a correct one

# Using config overwrite mysql chart values

Append you config metadata into Clusterfile and apply it like this:

apiVersion: sealer.aliyun.com/v1alpha1
kind: Cluster
metadata:
  name: my-cluster
spec:
  image: registry.cn-qingdao.aliyuncs.com/sealer-app/my-SAAS-all-inone:latest
  provider: BAREMETAL
...
---
apiVersion: sealer.aliyun.com/v1alpha1
kind: Config
metadata:
  name: mysql-config
spec:
  path: etc/mysql.yaml
  data: |
       mysql-user: root
       mysql-passwd: xxx

sealer apply -f Clusterfile

sealer will use the data to overwrite the file etc/mysql.yaml

When apply this Clusterfile, sealer will generate some values file for application config. Named etc/mysql-config.yaml etc/redis-config.yaml.

So if you want to use this config, Kubefile is like this:

FROM kuberentes:v1.19.9
...
CMD helm install mysql -f etc/mysql-config.yaml

# User defined docker systemd config

Of course, you can overwrite other config file in rootfs you want:

.
├── bin
│   ├── conntrack
│   ├── containerd-rootless-setuptool.sh
│   ├── containerd-rootless.sh
│   ├── crictl
│   ├── kubeadm
│   ├── kubectl
│   ├── kubelet
│   ├── nerdctl
│   └── seautil
├── cri
│   ├── containerd
│   ├── containerd-shim
│   ├── containerd-shim-runc-v2
│   ├── ctr
│   ├── docker
│   ├── dockerd
│   ├── docker-init
│   ├── docker-proxy
│   ├── rootlesskit
│   ├── rootlesskit-docker-proxy
│   ├── runc
│   └── vpnkit
├── etc
│   ├── 10-kubeadm.conf
│   ├── Clusterfile  # image default Clusterfile
│   ├── daemon.json
│   ├── docker.service
│   ├── kubeadm-config.yaml
│   └── kubelet.service
├── images
│   └── registry.tar  # registry docker image, will load this image and run a local registry in cluster
├── Kubefile
├── Metadata
├── README.md
├── registry # will mount this dir to local registry
│   └── docker
│       └── registry
├── scripts
│   ├── clean.sh
│   ├── docker.sh
│   ├── init-kube.sh
│   ├── init-registry.sh
│   ├── init.sh
│   └── kubelet-pre-start.sh
└── statics # yaml files, sealer will render values in those files
    └── audit-policy.yml

For example, overwrite the docker systemd config:

---
apiVersion: sealer.aliyun.com/v1alpha1
kind: Config
metadata:
  name: docker-config
spec:
  path: etc/docker.service
  data: |
    [Unit]
    Description=Docker Application Container Engine
    Documentation=https://docs.docker.com
    After=network.target

    [Service]
    Type=notify
    # the default is not to use systemd for cgroups because the delegate issues still
    # exists and systemd currently does not support the cgroup feature set required
    # for containers run by docker
    ExecStart=/usr/bin/dockerd
    ExecReload=/bin/kill -s HUP $MAINPID
    # Having non-zero Limit*s causes performance problems due to accounting overhead
    # in the kernel. We recommend using cgroups to do container-local accounting.
    LimitNOFILE=infinity
    LimitNPROC=infinity
    LimitCORE=infinity
    # Uncomment TasksMax if your systemd version supports it.
    # Only systemd 226 and above support this version.
    #TasksMax=infinity
    TimeoutStartSec=0
    # set delegate yes so that systemd does not reset the cgroups of docker containers
    Delegate=yes
    # kill only the docker process, not all processes in the cgroup
    KillMode=process

    [Install]
    WantedBy=multi-user.target

# Config Pre process

apiVersion: sealer.aliyun.com/v1alpha1
kind: Config
metadata:
  name: mysql-config
spec:
  path: etc/mysql.yaml
  process: value|toJson|toBase64|toSecret # pre process pipeline
  data:
      config:
         username: root
         passwd: xxx

Will convert value:

username:root
passwd:xxx

to json:

{
username:root,
passwd:xxx
}

to base64: ewp1c2VybmFtZTpyb290LApwYXNzd2Q6eHh4Cn0K

then write to etc/mysql.yaml, the file content will be:

config: ewp1c2VybmFtZTpyb290LApwYXNzd2Q6eHh4Cn0K

If strategy is tojson|tobase64 the hole data will convert to json then convert to base64.

You can freely combine these processors.

If process is tosecret, convert data will be inserted into the secret file specified by path.

This feature is useful for kubernetes secret.

# deep merge configuration (YAML format)

# merge calico custom configuration using Config feature

To image registry.cn-qingdao.aliyuncs.com/sealer-io/kubernetes:v1.19.8, for example:

The calico IP automatic detection rule configuration needs to be modified only by merging the configuration:

apiVersion: sealer.cloud/v2
kind: Cluster
metadata:
  name: default-kubernetes-cluster
spec:
  image: registry.cn-qingdao.aliyuncs.com/sealer-io/kubernetes:v1.19.8
  ssh:
    passwd: xxx
  hosts:
    - ips: [192.168.0.2,192.168.0.3,192.168.0.4]
      roles: [master]
    - ips: [192.168.0.5]
      roles: [node]
...
---
apiVersion: sealer.aliyun.com/v1alpha1
kind: Config
metadata:
  name: calico
spec:
  strategy: merge #merge Config, default value is overwrite
  path: etc/custom-resources.yaml
  data: |
    spec:
      calicoNetwork:
        nodeAddressAutodetectionV4:
          interface: "enp*" #change the automatic IP detection rule to a matching rule

Merge config supports only yaml configuration. spec.calicoNetwork.nodeAddressAutodetectionV4.interface="enp*" modify success。

Using Plugin