Install Helm charts#
Sample Helm charts for each service are located in the luna_v.5.62.3/extras/helms/
directory.
Helm chart setting#
The supplied Helm charts are not suitable for full operation in the production loop. You need to customize the charts according to your business logic before installing them.
Navigate to the charts directory:
cd /var/lib/luna/luna_v.5.62.3/extras/helms/
Configure in the luna-<service-name>/values.yaml
files all the necessary parameters, especially paying attention to:
resources
section for specifying resources (e.g. CPU and memory) for the service containers.ingress
section to configure routing of incoming traffic to the service.pullSecrets
parameter in theimage
section to specify the secret to be used when extracting the container image from the registry (see "Create Docker registry authentication secret" in the "Additional information" section).
Note: It is recommended to configure the nginx.ingress.kubernetes.io/proxy-body-size
annotation to the API service (or any other service to which image requests are sent) depending on the size requirements of the images being transmitted. The API service Helm chart gives an example of how to use this annotation.
These settings play an important role in ensuring the performance and availability of your application in a productive environment.
GPU setup for Remote SDK#
Note: Skip this section if you do not intend to use the GPU.
GPU usage for the Remote SDK service is enabled by passing the appropriate key in the resources
section of the values.yaml
file of the corresponding Helm chart.
For example, you can configure access to a single GPU as follows:
resources:
limits:
cpu: 5000m
memory: 10Gi
nvidia.com/gpu: 1
requests:
cpu: 5000m
memory: 10Gi
nvidia.com/gpu: 1
Note: Also, to enable estimations/detections on the GPU, the necessary settings must be set (see "GPU settings"). If necessary, you can use the EXTEND_CMD
variable to pass the tagged settings.
env:
- name: EXTEND_CMD
value: " --LUNA_REMOTE_SDK_RUNTIME_SETTINGS gpu"
Configuring access for Lambda#
Note: Skip this section if you are not going to use the Lambda service.
For the Lambda service to work properly, access to Kubernetes resources must be properly configured to ensure the security and efficient management of the service. This can be done, for example, by defining roles and role bindings using the Role Based Access Control (RBAC) mechanism.
The example below shows how to configure accesses using RBAC in Kubernetes for the Lambda service:
- Define an object of type
ServiceAccount
, which represents the identifier used by the service to interact with the Kubernetes API server:
apiVersion: v1
kind: ServiceAccount
metadata:
name: lambda-user
- Define a
Role
object type that defines a set of permissions for the resources your service will work with:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: production
name: lambda-admin-role
rules:
- apiGroups: ["", "apps", "networking.k8s.io"]
resources: ["deployments", "pods", "pods/log", "pods/status", "services", "services/proxy", "ingresses"]
verbs: ["get", "watch", "list", "create", "delete", "patch"]
Here, services/proxy
means the ability to send requests to the /lambdas/\{lambda_id\}/proxy
resource of the Lambda service.
- Define a
RoleBinding
object type that binds a role to the createdServiceAccount
type, determining which resources and operations are available to the Lambda service:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: admin-lambda
namespace: production
subjects:
- kind: ServiceAccount
name: lambda-user
namespace: production
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: lambda-admin-role
Start installation of Helm charts#
Navigate to the directory with the Helm charts.
cd /var/lib/luna/luna_v.5.62.3/extras/helms
Run the Helm charts installation for the required services using the following commands:
helm install --wait --timeout 10m luna-configurator ./luna-configurator
helm install --wait --timeout 10m luna-image-store ./luna-image-store
helm install --wait --timeout 10m luna-licenses ./luna-licenses
helm install --wait --timeout 10m luna-faces ./luna-faces
helm install --wait --timeout 10m luna-events ./luna-events
helm install --wait --timeout 10m luna-python-matcher ./luna-python-matcher
helm install --wait --timeout 10m luna-remote-sdk ./luna-remote-sdk
helm install --wait --timeout 10m luna-handlers ./luna-handlers
helm install --wait --timeout 10m luna-sender ./luna-sender
helm install --wait --timeout 10m luna-tasks-worker ./luna-tasks-worker
helm install --wait --timeout 10m luna-tasks ./luna-tasks
helm install --wait --timeout 10m luna-accounts ./luna-accounts
helm install --wait --timeout 10m luna-lambda ./luna-lambda
helm install --wait --timeout 10m luna-api ./luna-api
helm install --wait --timeout 10m luna-admin ./luna-admin
helm install --wait --timeout 10m luna-backport3 ./luna-backport3
helm install --wait --timeout 10m luna-backport4 ./luna-backport4
Before starting the UI 4 and UI 3 services, you must perform additional actions in the Helm charts:
- Update the
LUNA_API_URL
parameter for both Helm charts, which is the internal address of Backport 3 and Backport 4 respectively. - Update the
BASIC_AUTH
parameter for Helm chart UI 4, specifying the authorization data for an account of user type inlogin:password
format encoded in Base64.
It is necessary to create an account of type "user" using the "create account" request to the API service or using the Admin service.
Run the Helm charts installation for the UI 4 and UI 3 services using the following commands:
helm install --wait --timeout 10m luna3-ui ./luna3-ui
helm install --wait --timeout 10m luna4-ui ./luna4-ui
After installing Helm charts, it is recommended that you thoroughly test LUNA PLATFORM in an environment that meets your performance and security requirements.