Luna Builder Requirements

Luna services requirements

General requirement is Luna-Configurator service, see service configuration for details.

Database requirements

It is required to provide access to redis database. Credential can be set using LUNA_BUILDER_REDIS_DB_ADDRESS setting.

S3 storage requirements

The luna-builder service can use s3 bucket as source for archive containing image data.

Read access is required for the specified bucket. Credentials can be set using BUILDER_S3 setting.

Kubernetes cluster requirements

The luna-builder service requires some access rights in kubernetes cluster whose provided by specified credentials.

Service provides a kubernetes mechanism for isolating groups of resources within a single cluster. This mechanism calls namespace.

Namespace has several restrictions:

  • Contain between 2 and 63 characters.

  • Contain only lowercase alphanumeric characters or -.

  • Start with an alphanumeric character.

  • End with an alphanumeric character.

  • Don’t start with kube- because it’s reserved kubernetes name.

For more information about namespace see kubernetes documentation.

By default service uses default namespace of kubernetes cluster, so it is required to grant creation/monitoring/deletion rights (including pod creation, deletion). It is recommended to ask kubernetes administrator to grant access for the above.

The simplest way to allow image creation and management is to execute next command for kubernetes:

kubectl create clusterrolebinding permissive-binding --clusterrole=cluster-admin --user=admin --user=kubelet --group=system:serviceaccounts

Warning

It is highly not recommended to use similar decisions in production. It is highly recommended that you negotiate with your Kubernetes cluster administrator and use the security policy for your Kubernetes cluster as required.

Docker registry requirements

The luna-builder service requires docker registry for image storage. The registry must be specified using LUNA_BUILDER_REGISTRY, see configurator requirements for details.

If those registry is insecure registry, it is also required to add it to LUNA_BUILDER_INSECURE_REGISTRIES setting.

The registry storage is determined by LUNA_BUILDER_REGISTRY setting of luna-builder. See service configuration for configuration details.

Builder - Archive requirements

Image creation is initiated by ./_static/api.html#operation/createImageBuild which is required link to archive which must contain Dockerfile for image build