This feature is available for BYOC Pro clusters only with trusted mode enabled. To enable trusted mode, submit a support ticket through StreamNative support.
- Include custom dependencies and libraries
- Use specific versions of runtime environments
- Customize the execution environment for your workloads
- Package application-specific configurations
Custom runner images provide low-level control over the execution environment. Incorrect image configuration affects the normal operation of Pulsar functions and IO connectors. Test thoroughly in development environments before deploying to production.
Prerequisites
- BYOC Pro cluster with trusted mode enabled
- Docker installed and configured
- Access to a Docker registry (Docker Hub, private registry, etc.)
- Basic understanding of Dockerfile syntax and container concepts
Base Images
StreamNative provides official base images for different runtime environments:Java Functions
Python Functions
Use the appropriate base image version that matches your StreamNative Cloud cluster version. Check the release notes for compatibility information.
Building Custom Images
1. Create Dockerfile
Create a Dockerfile that extends the StreamNative base image:Always use
--chown=$UID:$GID
when copying files. The $UID
and $GID
environment variables are provided by StreamNative base images and ensure proper file permissions. Do not change these values.2. Build and Push Image
3. Deploy Function with Custom Image
Use therunnerImage
parameter in custom-runtime-options
:
Examples
Java Function with Custom Dependencies
Configuration with Other Trusted Mode Options
Combine custom images with other trusted mode configurations:Best Practices
Security
- Use minimal base images to reduce attack surface
- Scan images for vulnerabilities before deployment
- Use private registries for proprietary code
- Follow principle of least privilege for container permissions
Performance
- Optimize image layers for efficient caching
- Remove unnecessary files and packages
- Use multi-stage builds for smaller final images
- Consider image pull time in high-throughput scenarios
Maintenance
- Tag images with semantic versions
- Maintain compatibility with StreamNative base image updates
- Document custom dependencies and configurations
- Test images thoroughly before production deployment
Troubleshooting
Common Issues
Image Pull Failures- Verify registry credentials and access permissions
- Check network connectivity from cluster to registry
- Ensure image tag exists and is properly formatted
- Verify
--chown=$UID:$GID
is used for all COPY operations - Check that files have correct permissions within the image
- Ensure service account has proper Kubernetes permissions
- Validate base image compatibility with cluster version
- Check that required dependencies are properly installed
- Verify classpath and module path configurations