Advanced control plane configurations

Note

This section applies for self-hosted only.

Helm chart values

The NVIDIA Run:ai control plane installation can be customized to support your environment via Helm values files or Helm install flags. Make sure to restart the relevant NVIDIA Run:ai pods so they can fetch the new configurations.

Key

Change

Description

global.ingress.ingressClass

Ingress class

NVIDIA Run:ai default is using NGINX. If your cluster has a different ingress controller, you can configure the ingress class to be created by NVIDIA Run:ai

global.ingress.tlsSecretName

TLS secret name

NVIDIA Run:ai requires the creation of a secret with domain certificate. If the runai-backend namespace already had such a secret, you can set the secret name here

<service-name>.podLabels

Pod labels

Set NVIDIA Run:ai and 3rd party services' Pod Labels in a format of key/value pairs.

<service-name> resources: limits: cpu: 500m memory: 512Mi requests: cpu: 250m memory: 256Mi

Pod request and limits

Set NVIDIA Run:ai and 3rd party services' resources

disableIstioSidecarInjection.enabled

Disable Istio sidecar injection

Disable the automatic injection of Istio sidecars across the entire NVIDIA Run:ai Control Plane services.

global.affinity

System nodes

Sets the system nodes where NVIDIA Run:ai system-level services are scheduled. Default: Prefer to schedule on nodes that are labeled with node-role.kubernetes.io/runai-system

global.customCA.enabled

Certificate authority

Enables the use of a custom Certificate Authority (CA) in your deployment. When set to true, the system is configured to trust a user-provided CA certificate for secure communication.

Additional 3rd party configurations (optional)

The NVIDIA Run:ai control plane chart includes multiple sub-charts of 3rd party components:

PostgreSQL - Data store
Thanos - Metrics Store
Keycloakx - Identity & Access Management
Grafana - Analytics Dashboard
Redis - Caching (Disabled, by default)

Tip

Click on any component, to view it's chart values and configurations

If you have opted to connect to an external PostgreSQL database, refer to the additional configurations table below. Adjust the following parameters based on your connection details:

Disable PostgreSQL deployment - postgresql.enabled
NVIDIA Run:ai connection details - global.postgresql.auth
Grafana connection details - grafana.dbUser, grafana.dbPassword

PostgreSQL

Key

Change

Description

postgresql.enabled

PostgreSQL installation

If set to false the PostgreSQL will not be installed

global.postgresql.auth.host

PostgreSQL host

Hostname or IP address of the PostgreSQL server

global.postgresql.auth.port

PostgreSQL port

Port number on which PostgreSQL is running

global.postgresql.auth.username

PostgreSQL username

Username for connecting to PostgreSQL

global.postgresql.auth.password

PostgreSQL password

Password for the PostgreSQL user specified by global.postgresql.auth.username

global.postgresql.auth.postgresPassword

PostgreSQL default admin password

Password for the built-in PostgreSQL superuser (postgres)

global.postgresql.auth.existingSecret

Postgres Credentials (secret)

Existing secret name with authentication credentials

global.postgresql.auth.dbSslMode

Postgres connection SSL mode

Set the SSL mode, see list in Protection Provided in Different Modes, prefer mode is not supported

postgresql.primary.initdb.password

PostgreSQL default admin password

Set the same password as in global.postgresql.auth.postgresPassword (if changed)

postgresql.primary.persistence.storageClass

Storage class

The installation to work with a specific storage class rather than the default one

Thanos

Note

This section applies for Kubernetes only.

Key

Change

Description

thanos.receive.persistence.storageClass

Storage class

The installation to work with a specific storage class rather than the default one

Keycloakx

Key

Change

Description

keycloakx.adminUser

User name of the internal identity provider administrator

This user is the administrator of Keycloak

keycloakx.adminPassword

Password of the internal identity provider administrator

This password is for the administrator of Keycloak

keycloakx.existingSecret

Keycloakx Credentials (secret)

Existing secret name with authentication credentials

global.keycloakx.host

KeyCloak (NVIDIA Run:ai internal identity provider) host path

Override the DNS for Keycloak. This can be used to access Keycloak from outside the NVIDIA Run:ai Control Plane cluster via ingress

The keycloakx.adminUser can only be set during the initial installation. The admin password, however, can also be changed later through the Keycloak UI, but you must also update the keycloakx.adminPassword value in the Helm chart using helm upgrade. Failing to update the Helm values after changing the password can lead to control plane services encountering errors.

Grafana

Key

Change

Description

grafana.db.existingSecret

Grafana database connection credentials (secret)

Existing secret name with authentication credentials

grafana.dbUser

Grafana database username

Username for accessing the Grafana database

grafana.dbPassword

Grafana database password

Password for the Grafana database user

grafana.admin.existingSecret

Grafana admin default credentials (secret)

Existing secret name with authentication credentials

grafana.adminUser

Grafana username

Override the NVIDIA Run:ai default user name for accessing Grafana

grafana.adminPassword

Grafana password

Override the NVIDIA Run:ai default password for accessing Grafana

Redis

Key

Change

Description

redisCache.auth.password

Redis (Runai internal cache mechanism) applicative password

Override the default password

redisCache.auth.existingSecret

Redis credentials (secret)

Existing secret name with authentication credentials

PreviousNode roles NextAdvanced cluster configurations

Last updated 21 days ago