Cluster System Requirements
After provisioning the tenant’s Kubernetes cluster, the next step is to install the required system components to support the NVIDIA Run:ai platform.
The NVIDIA Run:ai cluster is deployed as a Kubernetes application. This section outlines the minimum hardware and software requirements that must be installed and configured on each tenant cluster before deploying the NVIDIA Run:ai components.
Hardware Requirements
The following hardware requirements are for the Kubernetes cluster nodes. By default, all NVIDIA Run:ai cluster services run on all available nodes. For production deployments, you may want to set node roles, to separate between system and worker nodes, reduce downtime and save CPU cycles on expensive GPU Machines.
Architecture
x86 – Supported for both Kubernetes and OpenShift deployments.
ARM – Supported for Kubernetes only. ARM is currently not supported for OpenShift.
NVIDIA Run:ai Cluster - System Nodes
This configuration is the minimum requirement you need to install and use NVIDIA Run:ai cluster.
CPU
10 cores
Memory
20GB
Disk space
50GB
Note
To designate nodes to NVIDIA Run:ai system services, follow the instructions as described in System nodes.
NVIDIA Run:ai Cluster - Worker Nodes
The NVIDIA Run:ai cluster supports x86 and ARM (see the below note) CPUs, and NVIDIA GPUs from the T, V, A, L, H, B, GH and GB architecture families. For the list of supported GPU models, see Supported NVIDIA Data Center GPUs and Systems.
The following configuration represents the minimum hardware requirements for installing and operating the NVIDIA Run:ai cluster on worker nodes. Each node must meet these specifications:
CPU
2 cores
Memory
4GB
Note
To designate nodes to NVIDIA Run:ai workloads, follow the instructions as described in Worker nodes.
Software Requirements
The following software requirements must be fulfilled on the Kubernetes cluster.
Operating System
Any Linux operating system supported by both Kubernetes and NVIDIA GPU Operator
NVIDIA Run:ai cluster on Google Kubernetes Engine (GKE) supports both Ubuntu and Container Optimized OS (COS). COS is supported only with NVIDIA GPU Operator 24.6 or newer, and NVIDIA Run:ai cluster version 2.19 or newer. NVIDIA Run:ai cluster on Oracle Kubernetes Engine (OKE) supports only Ubuntu.
Internal tests are being performed on Ubuntu 22.04 and CoreOS for OpenShift.
Kubernetes Distribution
NVIDIA Run:ai cluster requires Kubernetes. The following Kubernetes distributions are supported:
Vanilla Kubernetes
OpenShift Container Platform (OCP)
NVIDIA Base Command Manager (BCM)
Rancher Kubernetes Engine (RKE1)
Rancher Kubernetes Engine 2 (RKE2)
For existing Kubernetes clusters, see the following Kubernetes version support matrix for the latest NVIDIA Run:ai cluster releases:
v2.22 (latest)
1.31 to 1.33
4.15 to 4.19
For information on supported versions of managed Kubernetes, it's important to consult the release notes provided by your Kubernetes service provider. There, you can confirm the specific version of the underlying Kubernetes platform supported by the provider, ensuring compatibility with NVIDIA Run:ai. For an up-to-date end-of-life statement see Kubernetes Release History or OpenShift Container Platform Life Cycle Policy.
Container Runtime
NVIDIA Run:ai supports the following container runtimes. Make sure your Kubernetes cluster is configured with one of these runtimes:
Containerd (default in Kubernetes)
CRI-O (default in OpenShift)
Kubernetes Pod Security Admission
NVIDIA Run:ai supports restricted policy for Pod Security Admission (PSA) on OpenShift only. Other Kubernetes distributions are only supported with privileged policy.
For NVIDIA Run:ai on OpenShift to run with PSA restricted policy:
Label the
runainamespace as described in Pod Security Admission with the following labels:
pod-security.kubernetes.io/audit=privileged
pod-security.kubernetes.io/enforce=privileged
pod-security.kubernetes.io/warn=privilegedThe workloads submitted through NVIDIA Run:ai should comply with the restrictions of PSA restricted policy. This can be enforced using Policies.
NVIDIA Run:ai Namespace
The NVIDIA Run:ai must be installed in a namespace or project (OpenShift) called runai. Use the following to create the namespace/project:
kubectl create ns runaiKubernetes Ingress Controller
NVIDIA Run:ai cluster requires Kubernetes Ingress Controller to be installed on the Kubernetes cluster.
OpenShift, RKE and RKE2 come pre-installed ingress controller.
Internal tests are being performed on NGINX, Rancher NGINX, OpenShift Router, and Istio.
Make sure that a default ingress controller is set.
There are many ways to install and configure different ingress controllers. A simple example to install and configure NGINX ingress controller using helm:
Run the following commands:
For cloud deployments, both the internal IP and external IP are required.
For on-prem deployments, only the external IP is needed.
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm upgrade -i nginx-ingress ingress-nginx/ingress-nginx \
--namespace nginx-ingress --create-namespace \
--set controller.kind=DaemonSet \
--set controller.service.externalIPs="{<INTERNAL-IP>,<EXTERNAL-IP>}" # Replace <INTERNAL-IP> and <EXTERNAL-IP> with the internal and external IP addresses of one of the nodesFully Qualified Domain Name (FQDN)
You must have a Fully Qualified Domain Name (FQDN) to install NVIDIA Run:ai control plane (ex: runai.mycorp.local). This cannot be an IP. The domain name must be accessible inside the organization's private network.
Wildcard FQDN for Inference (Optional)
In order to make inference serving endpoints available externally to the cluster, configure a wildcard DNS record (*.runai-inference.mycorp.local) that resolves to the cluster’s public IP address, or to the cluster's load balancer IP address in on-prem environments. This ensures each inference workload receives a unique subdomain under the wildcard domain.
TLS Certificates
You must have a TLS certificate that is associated with the FQDN for HTTPS access. Create a Kubernetes Secret named runai-cluster-domain-tls-secret in the runai namespace and include the path to the TLS --cert and its corresponding private --key by running the following:
kubectl create secret tls runai-cluster-domain-tls-secret -n runai \
--cert /path/to/fullchain.pem \ # Replace /path/to/fullchain.pem with the actual path to your TLS certificate
--key /path/to/private.pem # Replace /path/to/private.pem with the actual path to your private keyNVIDIA GPU Operator
NVIDIA Run:ai Cluster requires NVIDIA GPU Operator to be installed on the Kubernetes Cluster, supports version 22.9 to 25.3.
See the Installing the NVIDIA GPU Operator, followed by notes below:
Use the default
gpu-operatornamespace . Otherwise, you must specify the target namespace using the flagrunai-operator.config.nvidiaDcgmExporter.namespaceas described in customized cluster installation.NVIDIA drivers may already be installed on the nodes. In such cases, use the NVIDIA GPU Operator flags
--set driver.enabled=false. DGX OS is one such example as it comes bundled with NVIDIA Drivers.For distribution-specific additional instructions see below:
For troubleshooting information, see the NVIDIA GPU Operator Troubleshooting Guide.
Prometheus
NVIDIA Run:ai cluster requires Prometheus to be installed on the Kubernetes cluster.
OpenShift comes pre-installed with prometheus
For RKE2 see Enable Monitoring instructions to install Prometheus
There are many ways to install Prometheus. A simple example to install the community Kube-Prometheus Stack using helm, run the following commands:
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
helm install prometheus prometheus-community/kube-prometheus-stack \
-n monitoring --create-namespace --set grafana.enabled=falseAdditional Software Requirements
Additional NVIDIA Run:ai capabilities, Distributed Training and Inference require additional Kubernetes applications (frameworks) to be installed on the cluster.
Distributed Training
Distributed training enables training of AI models over multiple nodes. This requires installing a distributed training framework on the cluster. The following frameworks are supported:
There are several ways to install each framework. A simple method of installation example is the Kubeflow Training Operator which includes TensorFlow, PyTorch, XGBoost and JAX.
It is recommended to use Kubeflow Training Operator v1.9.2, and MPI Operator v0.6.0 or later for compatibility with advanced workload capabilities, such as Stopping a workload and Scheduling rules.
To install the Kubeflow Training Operator for TensorFlow, PyTorch, XGBoost and JAX frameworks, run the following command:
kubectl apply -k "github.com/kubeflow/training-operator.git/manifests/overlays/standalone?ref=v1.9.2"To install the MPI Operator for MPI v2, run the following command:
kubectl apply --server-side -f https://raw.githubusercontent.com/kubeflow/mpi-operator/v0.6.0/deploy/v2beta1/mpi-operator.yamlNote
If you require both the MPI Operator and Kubeflow Training Operator, follow the steps below:
Install the Kubeflow Training Operator as described above.
Disable and delete MPI v1 in the Kubeflow Training Operator by running:
kubectl patch deployment training-operator -n kubeflow --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args", "value": ["--enable-scheme=tfjob", "--enable-scheme=pytorchjob", "--enable-scheme=xgboostjob", "--enable-scheme=jaxjob"]}]'
kubectl delete crd mpijobs.kubeflow.orgInstall the MPI Operator as described above.
Inference
Inference enables serving of AI models. This requires the Knative Serving framework to be installed on the cluster and supports Knative versions 1.11 to 1.18. Follow the Installing Knative instructions. Once installed, follow the below steps.
Configure Knative to use the NVIDIA Run:ai Scheduler and other features using the following command:
kubectl patch configmap/config-autoscaler \ --namespace knative-serving \ --type merge \ --patch '{"data":{"enable-scale-to-zero":"true"}}' && \ kubectl patch configmap/config-features \ --namespace knative-serving \ --type merge \ --patch '{"data":{"kubernetes.podspec-schedulername":"enabled","kubernetes.podspec-nodeselector": "enabled", "kubernetes.podspec-affinity":"enabled","kubernetes.podspec-tolerations":"enabled","kubernetes.podspec-volumes-emptydir":"enabled","kubernetes.podspec-securitycontext":"enabled","kubernetes.containerspec-addcapabilities":"enabled","kubernetes.podspec-persistent-volume-claim":"enabled","kubernetes.podspec-persistent-volume-write":"enabled","multi-container":"enabled","kubernetes.podspec-init-containers":"enabled"}}'Optional: If inference serving endpoints should be accessible outside the cluster:
Patch the Knative service and assign the DNS for inference workloads to the Knative ingress service:
# Replace <runai-inference.mycorp.local> with your FQDN for Inference (without the wildcard) kubectl patch configmap/config-domain \ --namespace knative-serving \ --type merge \ --patch '{"data":{"<runai-inference.mycorp.local>":""}}'Following the Configure external domain encryption instructions to configure TLS for the Knative ingress.
Autoscaling
NVIDIA Run:ai allows for autoscaling a deployment according to the below metrics:
Latency (milliseconds)
Throughput (requests/sec)
Concurrency (requests)
Using a custom metric (for example, Latency) requires installing the Kubernetes Horizontal Pod Autoscaler (HPA). Use the following command to install. Make sure to update the {VERSION} in the below command with a supported Knative version.
kubectl apply -f https://github.com/knative/serving/releases/download/knative-{VERSION}/serving-hpa.yamlDistributed Inference
NVIDIA Run:ai supports distributed inference (multi-node) deployments using the Leader Worker Set (LWS). To enable this capability, you must install the LWS Helm chart on your cluster:
CHART_VERSION=0.6.2
helm install lws oci://registry.k8s.io/lws/charts/lws \
--version=$CHART_VERSION \
--namespace lws-system \
--create-namespace \
--wait --timeout 300sLast updated