Skip to content

Install Helm charts#

Sample Helm charts for each service are located in the luna_v.5.62.3/extras/helms/ directory.

Helm chart setting#

The supplied Helm charts are not suitable for full operation in the production loop. You need to customize the charts according to your business logic before installing them.

Navigate to the charts directory:

cd /var/lib/luna/luna_v.5.62.3/extras/helms/

Configure in the luna-<service-name>/values.yaml files all the necessary parameters, especially paying attention to:

  • resources section for specifying resources (e.g. CPU and memory) for the service containers.
  • ingress section to configure routing of incoming traffic to the service.
  • pullSecrets parameter in the image section to specify the secret to be used when extracting the container image from the registry (see "Create Docker registry authentication secret" in the "Additional information" section).

Note: It is recommended to configure the nginx.ingress.kubernetes.io/proxy-body-size annotation to the API service (or any other service to which image requests are sent) depending on the size requirements of the images being transmitted. The API service Helm chart gives an example of how to use this annotation.

These settings play an important role in ensuring the performance and availability of your application in a productive environment.

GPU setup for Remote SDK#

Note: Skip this section if you do not intend to use the GPU.

GPU usage for the Remote SDK service is enabled by passing the appropriate key in the resources section of the values.yaml file of the corresponding Helm chart.

For example, you can configure access to a single GPU as follows:

resources:
  limits:
    cpu: 5000m
    memory: 10Gi
    nvidia.com/gpu: 1
  requests:
    cpu: 5000m
    memory: 10Gi
    nvidia.com/gpu: 1

Note: Also, to enable estimations/detections on the GPU, the necessary settings must be set (see "GPU settings"). If necessary, you can use the EXTEND_CMD variable to pass the tagged settings.

env: 
  - name: EXTEND_CMD
    value: " --LUNA_REMOTE_SDK_RUNTIME_SETTINGS gpu"

Configuring access for Lambda#

Note: Skip this section if you are not going to use the Lambda service.

For the Lambda service to work properly, access to Kubernetes resources must be properly configured to ensure the security and efficient management of the service. This can be done, for example, by defining roles and role bindings using the Role Based Access Control (RBAC) mechanism.

The example below shows how to configure accesses using RBAC in Kubernetes for the Lambda service:

  • Define an object of type ServiceAccount, which represents the identifier used by the service to interact with the Kubernetes API server:
apiVersion: v1
kind: ServiceAccount
metadata:
  name: lambda-user
  • Define a Role object type that defines a set of permissions for the resources your service will work with:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: production
  name: lambda-admin-role
rules:
- apiGroups: ["", "apps", "networking.k8s.io"]
  resources: ["deployments", "pods", "pods/log", "pods/status", "services", "services/proxy", "ingresses"]
  verbs: ["get", "watch", "list", "create", "delete", "patch"]

Here, services/proxy means the ability to send requests to the /lambdas/\{lambda_id\}/proxy resource of the Lambda service.

  • Define a RoleBinding object type that binds a role to the created ServiceAccount type, determining which resources and operations are available to the Lambda service:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: admin-lambda
  namespace: production
subjects:
- kind: ServiceAccount
  name: lambda-user
  namespace: production
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: lambda-admin-role

Start installation of Helm charts#

Navigate to the directory with the Helm charts.

cd /var/lib/luna/luna_v.5.62.3/extras/helms

Run the Helm charts installation for the required services using the following commands:

helm install --wait --timeout 10m luna-configurator ./luna-configurator
helm install --wait --timeout 10m luna-image-store ./luna-image-store
helm install --wait --timeout 10m luna-licenses ./luna-licenses
helm install --wait --timeout 10m luna-faces ./luna-faces
helm install --wait --timeout 10m luna-events ./luna-events
helm install --wait --timeout 10m luna-python-matcher ./luna-python-matcher
helm install --wait --timeout 10m luna-remote-sdk ./luna-remote-sdk
helm install --wait --timeout 10m luna-handlers ./luna-handlers
helm install --wait --timeout 10m luna-sender ./luna-sender
helm install --wait --timeout 10m luna-tasks-worker ./luna-tasks-worker
helm install --wait --timeout 10m luna-tasks ./luna-tasks
helm install --wait --timeout 10m luna-accounts ./luna-accounts
helm install --wait --timeout 10m luna-lambda ./luna-lambda
helm install --wait --timeout 10m luna-api ./luna-api
helm install --wait --timeout 10m luna-admin ./luna-admin
helm install --wait --timeout 10m luna-backport3 ./luna-backport3
helm install --wait --timeout 10m luna-backport4 ./luna-backport4

Before starting the UI 4 and UI 3 services, you must perform additional actions in the Helm charts:

  • Update the LUNA_API_URL parameter for both Helm charts, which is the internal address of Backport 3 and Backport 4 respectively.
  • Update the BASIC_AUTH parameter for Helm chart UI 4, specifying the authorization data for an account of user type in login:password format encoded in Base64.

It is necessary to create an account of type "user" using the "create account" request to the API service or using the Admin service.

Run the Helm charts installation for the UI 4 and UI 3 services using the following commands:

helm install --wait --timeout 10m luna3-ui ./luna3-ui
helm install --wait --timeout 10m luna4-ui ./luna4-ui

After installing Helm charts, it is recommended that you thoroughly test LUNA PLATFORM in an environment that meets your performance and security requirements.