search

sealerio / sealer

Build, Share and Run Both Your Kubernetes Cluster and Distributed Applications (Project under CNCF)
http://sealer.cool
Apache License 2.0
2.06k stars 361 forks source link

CloudImage license #1145

Open fanux opened 2 years ago

allencloud commented 2 years ago

What is the purpose of CloudImage License? And what is the detailed demand of it?

Could you please attach more information? @fanux

fanux commented 2 years ago

ADP relies on this feature, and I will add a detailed design, mainly to encrypt the image through the private key, and decrypt the image through the public key when the license plug-in is successfully executed.

fanux commented 2 years ago

Build encrypt CloudImage

sealer build my-encrypt-image:latest . --private-key="xxxxxxxx"

decrypt CloudImage and use it

Clusterfile

apiVersion: sealer.cloud/v2
kind: Cluster
metadata:
  name: default-kubernetes-cluster
spec:
  image: kubernetes:v1.19.8
  ssh:
    passwd: xxx
  hosts:
    - ips: [ 192.168.0.2,192.168.0.3,192.168.0.4 ]
      roles: [ master ]
    - ips: [ 192.168.0.5 ]
      roles: [ node ]
---
apiVersion: sealer.aliyun.com/v1alpha1
kind: Plugin
metadata:
  name: taint
spec:
  type: LICENSE
  data: |
      "env": "env data, collet and encrypt by license tools, like iplist CPU model and quantity...",

The LICENSE plugin will check the env data and decrypt the CloudImage.