Compute
Configure a Chalk cluster and environment to enable Compute.
Before using Chalk Compute, complete the following setup.
Before starting, ensure the following cloud permissions are granted.
Chalk uses a container registry to build and store images for sandboxes and functions. Grant the following permissions on the container registry you’d like to use:
AWS ECR — grant to the Chalk management role:
ecr:GetAuthorizationTokenecr:DescribeImages, ecr:BatchCheckLayerAvailability, ecr:BatchGetImage,
ecr:GetDownloadUrlForLayer (pull), ecr:InitiateLayerUpload, ecr:UploadLayerPart,
ecr:CompleteLayerUpload, ecr:PutImage (push)Google GAR — grant roles/artifactregistry.writer on the repository to the workload service account
that runs docker image building.
Chalk volumes are backed by an object storage bucket. The following permissions are required on the bucket you’d like to use:
GCP: The service account used by background persistence (configured via “Service Account Name”)
needs roles/storage.objectAdmin on the bucket, plus iam.serviceAccounts.signBlob on the service
account.
AWS: Background persistence obtains AWS credentials through IRSA. The IAM role needs
s3:GetObject, s3:PutObject, s3:DeleteObject, and s3:ListBucket on the bucket.
In the team navigation (click on the Chalk logo in the top left of the page), go to Registries and create a new container registry (Link Registry). Select the registry type, provide the repository path, and link a cloud account.
| Type | Example path |
|---|---|
| AWS ECR | 123456789012.dkr.ecr.us-east-1.amazonaws.com/custom/compute |
| Google GAR | us-docker.pkg.dev/my-project/custom-images/compute |
| Azure ACR | myregistry.azurecr.io/custom/compute |
In the team navigation click on Clusters, and select the cluster. This will open the Settings tab. Under Container Registry Binding, select the registry created in step 1 and click Save Binding. This sets the default registry used by sandboxes and functions on the cluster.
Create the bucket first if you haven’t already, then navigate to your environment via Projects and select it. In the environment sidebar, go to Settings → Shared Resources. Open the background persistence configuration, navigate to the Writers sidebar, and select the cluster manager writer. Under Additional Variables, add:
| Key | Value |
|---|---|
CHALK_VOLUME_BUCKET | s3://your-volumes-bucket (or gs:// for GCS) |
The function queue is optional; skip this section if you don’t need it.
In the environment sidebar, go to Infrastructure → Resource Configuration and add
a function-queue service entry in the Default resource group. A reasonable starting configuration
would be:
| Resource | Value |
|---|---|
| CPU | 1 |
| Memory | 1Gi |
| Replicas | 1 |
The function queue requires a dataplane Redis instance. In the team navigation click on Clusters, select the cluster, and open the Settings tab. Under Dataplane Redis, set the Redis mode to Managed. CPU and memory can be adjusted under Advanced if needed; the defaults are 1 CPU and 10Gi memory. Click Save.