Luna Builder Requirements

Luna services requirements

General requirement is Luna-Configurator service, see service configuration for details.

Database requirements

It is required to provide access to redis database. Credential can be set using LUNA_BUILDER_REDIS_DB_ADDRESS setting.

S3 storage requirements

The luna-builder service can use s3 bucket as source for archive containing image data.

Read access is required for the specified bucket. Credentials can be set using BUILDER_S3 setting.

System build requirements

This section describes the requirements and behavioral differences of the Luna Builder service depending on whether Kubernetes is enabled.

Kubernetes cluster requirements

The luna-builder service with setting USE_KUBERNETES = 1 requires access rights in the Kubernetes cluster provided by specified credentials.

Service provides a kubernetes mechanism for isolating groups of resources within a single cluster. This mechanism calls namespace.

Namespace has several restrictions:

  • Contain between 2 and 63 characters.

  • Contain only lowercase alphanumeric characters or -.

  • Start with an alphanumeric character.

  • End with an alphanumeric character.

  • Don’t start with kube- because it’s reserved kubernetes name.

For more information about namespace see kubernetes documentation.

By default the service uses default namespace of kubernetes cluster, so it is required to grant creation/monitoring/deletion rights (including pod creation, deletion). It is recommended to ask kubernetes administrator to grant access for the above.

The simplest way to allow image creation and management is to execute next command for kubernetes:

kubectl create clusterrolebinding permissive-binding --clusterrole=cluster-admin --user=admin --user=kubelet --group=system:serviceaccounts

Warning

It is highly not recommended to use similar decisions in production. It is highly recommended that you negotiate with your Kubernetes cluster administrator and use the security policy for your Kubernetes cluster as required.

Non-Kubernetes environment

When USE_KUBERNETES = 0, Kubernetes is not required and image builds are executed using locally installed kaniko. Other builder types are not supported in this mode.

In build image request it is required to specify:

{
    "archive": "...",
    "parameters": {
        "image_name": "...",
        "image_builder": "local_kaniko"
    }
}

The following parameters become are forbidden:

  • selector

  • namespace

The following settings become irrelevant and are ignored:

  • LUNA_BUILDER_BUILD_LIMITS

Features of build execution in this mode:

  • The build process runs inside the application container.

  • Regardless of the number of Sanic workers configured, only one build job can run in parallel, per container.

  • Container resource limits (CPU, memory, etc.) directly limit the builder performance.

  • Any restriction applied to the container environment proportionally affects image build throughput and execution time.

Docker registry requirements

The luna-builder service requires docker registry for image storage. The registry must be specified using LUNA_BUILDER_REGISTRY, see configurator requirements for details.

If those registry is insecure registry, it is also required to add it to LUNA_BUILDER_INSECURE_REGISTRIES setting.

The registry storage is determined by LUNA_BUILDER_REGISTRY setting of luna-builder. See service configuration for configuration details.

Builder - Archive requirements

Image creation is initiated by ./_static/api.html#operation/createImageBuild which is required link to archive which must contain Dockerfile for image build