Configure Wave build
This guide covers extending your existing Wave installation on Kubernetes to support container build capabilities. This enables Wave's full feature set including container building, freezing, and advanced caching.
Prerequisites
Before extending Wave for build support, ensure you have:
- Existing Wave installation - Basic Wave deployment already running in augmentation-only mode
- AWS EKS cluster - Build capabilities require AWS-specific integrations
- EFS filesystem - Configured and accessible from your EKS cluster for shared build storage
- Cluster admin permissions - Required to create RBAC policies and storage resources
Create Kubernetes Service Account & RBAC Policies
Wave's build service needs permissions to create and manage build pods. Create the necessary RBAC configuration:
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: wave-sa
  namespace: wave
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: wave-role
rules:
  - apiGroups: [""]
    resources: [pods, pods/status, pods/log, pods/exec]
    verbs: [get, list, watch, create, delete]
  - apiGroups: ["batch"]
    resources: [jobs, jobs/status]
    verbs: [get, list, watch, create, delete]
  - apiGroups: [""]
    resources: [configmaps, secrets]
    verbs: [get, list]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: wave-rolebind
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: wave-role
subjects:
  - kind: ServiceAccount
    name: wave-sa
    namespace: wave
Configure EFS Storage
Wave builds require shared storage accessible across multiple pods. Configure EFS with the AWS EFS CSI driver:
Storage Class
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: efs-wave-sc
provisioner: efs.csi.aws.com
parameters:
  provisioningMode: efs-ap
  fileSystemId: "REPLACE_ME_EFS_ID"
  directoryPerms: "0755"
Persistent Volume
apiVersion: v1
kind: PersistentVolume
metadata:
  name: wave-build-pv
spec:
  capacity:
    storage: 500Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: efs-wave-sc
  csi:
    driver: efs.csi.aws.com
    volumeHandle: "REPLACE_ME_EFS_ID"
Persistent Volume Claim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  namespace: wave
  name: wave-build-pvc
  labels:
    app: wave-app
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 500Gi
  storageClassName: efs-wave-sc
Configuration Notes:
- Replace REPLACE_ME_EFS_IDwith your actual EFS filesystem ID
- EFS must be in the same VPC as your EKS cluster
- Ensure EFS security groups allow NFS traffic from EKS worker nodes
Update Wave Configuration
Update your existing Wave ConfigMap to enable build features and configure storage paths:
kind: ConfigMap
apiVersion: v1
metadata:
  name: wave-cfg
  namespace: wave
  labels:
    app: wave-cfg
data:
  config.yml: |
    wave:
      # Enable build service
      build:
        enabled: true
        workspace: '/build/work'
        # Optional: Configure build timeouts
        timeout: '1h'
        # Optional: Configure resource limits for build pods
        resources:
          requests:
            memory: '1Gi'
            cpu: '500m'
          limits:
            memory: '4Gi'
            cpu: '2000m'
      # Enable other build-dependent features
      mirror:
        enabled: true
      scan:
        enabled: true
      blobCache:
        enabled: true
      # Existing database, redis, and platform configuration...
      db:
        uri: "jdbc:postgresql://your-postgres-host:5432/wave"
        user: "wave_user"
        password: "your_secure_password_here"
      redis:
        uri: "redis://your-redis-host:6379"
      tower:
        endpoint:
          url: "https://your-platform-instance.com/api"
      # Kubernetes-specific configuration for builds
      k8s:
        namespace: wave
        serviceAccount: wave-sa
        # Optional: Configure build pod settings
        buildPod:
          image: 'quay.io/buildah/stable:latest'
          nodeSelector:
            wave-builds: "true"
Update Wave Deployment
Modify your existing Wave deployment to include the service account and EFS storage:
apiVersion: apps/v1
kind: Deployment
metadata:
  name: wave
  namespace: wave
  labels:
    app: wave-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wave-app
  template:
    metadata:
      labels:
        app: wave-app
    spec:
      serviceAccountName: wave-sa  # Add service account
      containers:
        - image: your-registry.com/wave:latest
          name: wave-app
          ports:
            - containerPort: 9090
              name: http
          env:
            - name: MICRONAUT_ENVIRONMENTS
              value: "postgres,redis,k8s"  # Add k8s environment
            - name: WAVE_JVM_OPTS
              value: "-Xmx3g -Xms1g -XX:+UseG1GC"
          resources:
            requests:
              memory: "4Gi"
              cpu: "1000m"
            limits:
              memory: "4Gi"
              cpu: "2000m"
          workingDir: "/work"
          volumeMounts:
            - name: wave-cfg
              mountPath: /work/config.yml
              subPath: "config.yml"
            - name: build-storage  # Add EFS mount
              mountPath: /build
          readinessProbe:
            httpGet:
              path: /health
              port: 9090
            initialDelaySeconds: 30
            timeoutSeconds: 10
          livenessProbe:
            httpGet:
              path: /health
              port: 9090
            initialDelaySeconds: 60
            timeoutSeconds: 10
      volumes:
        - name: wave-cfg
          configMap:
            name: wave-cfg
        - name: build-storage  # Add EFS volume
          persistentVolumeClaim:
            claimName: wave-build-pvc
      restartPolicy: Always
Deploy the Updates
Apply the configuration changes to enable build support:
# Apply RBAC configuration
kubectl apply -f wave-rbac.yaml
# Apply storage configuration
kubectl apply -f wave-storage.yaml
# Update the ConfigMap
kubectl apply -f wave-configmap.yaml
# Update the deployment
kubectl apply -f wave-deployment.yaml
# Verify the deployment
kubectl get pods -n wave
kubectl logs -f deployment/wave -n wave
# Check that EFS is mounted correctly
kubectl exec -it deployment/wave -n wave -- df -h /build
Verify Build Functionality
Test that Wave build capabilities are working:
- Check Wave health endpoint for build service status
- Monitor logs for build service initialization messages
- Test a simple build through the Wave API or Platform integration
curl http://wave-service.wave.svc.cluster.local:9090/health
kubectl logs -f deployment/wave -n wave | grep -i build
Recommended Production Enhancements
Dedicated Node Pools
Create dedicated node pools for Wave build workloads to isolate build processes and optimize resource allocation:
Build Pod Resource Management
Configure resource quotas and limits for build pods:
apiVersion: v1
kind: ResourceQuota
metadata:
  name: wave-build-quota
  namespace: wave
spec:
  hard:
    requests.cpu: "10"
    requests.memory: 20Gi
    limits.cpu: "20"
    limits.memory: 40Gi
    pods: "10"
Monitoring and Alerting
Set up monitoring for build operations:
- Build success/failure rates
- Build duration metrics
- EFS storage usage
- Node resource utilization
- Build queue length
Security Considerations
- EFS Access Points - Use EFS access points to isolate build workspaces
- Network Policies - Restrict network access for build pods
- Pod Security Standards - Apply appropriate security contexts to build pods
- Image Scanning - Enable security scanning for built images
- RBAC Minimization - Regularly review and minimize Wave's cluster permissions
Troubleshooting
Common issues and solutions:
- EFS mount failures - Check security groups and VPC configuration
- Build pod creation failures - Verify RBAC permissions and node selectors
- Storage access issues - Ensure EFS access points are configured correctly
- Build timeouts - Adjust build timeout settings based on workload requirements
For additional configuration options and advanced features, see Configuring Wave.