Contact support

Advanced Control Plane Configurations

Helm Chart Values

The NVIDIA Run:ai control plane installation can be customized to support your environment via Helm values files or Helm install flags. Make sure to restart the relevant NVIDIA Run:ai pods so they can fetch the new configurations.

Key
Change
Description

global.ingress.ingressClass

Ingress class

NVIDIA Run:ai default is using NGINX. If your cluster has a different ingress controller, you can configure the ingress class to be created by NVIDIA Run:ai

global.ingress.tlsSecretName

TLS secret name

NVIDIA Run:ai requires the creation of a secret with domain certificate. If the runai-backend namespace already had such a secret, you can set the secret name here

<component>resources:limits:     cpu: 500m     memory: 512Mirequests:     cpu: 250m     memory: 256Mi

Pod request and limits

Set NVIDIA Run:ai and 3rd party services' resources

disableIstioSidecarInjection.enabled

Disable Istio sidecar injection

Disable the automatic injection of Istio sidecars across the entire NVIDIA Run:ai Control Plane services.

global.affinity

System nodes

Sets the system nodes where the NVIDIA Run:ai control plane services are scheduled.

global.customCA.enabled

Certificate authority

Enables the use of a custom Certificate Authority (CA) in your deployment. When set to true, the system is configured to trust a user-provided CA certificate for secure communication.

Additional Third-Party Configurations

The NVIDIA Run:ai control plane chart includes multiple sub-charts of third-party components:

  • Data store - PostgreSQL (postgresql)

  • Metrics Store - Thanos (thanos)

  • Identity & Access Management - Keycloakx (keycloakx)

  • Analytics Dashboard - Grafana (grafana)

  • Caching - KeyDB (redisCache)

  • Queue - KeyDB (redisQueue)

Tip

Click on any component to view its chart values and configurations.

PostgreSQL

If you have opted to connect to an external PostgreSQL database, refer to the additional configurations table below. Adjust the following parameters based on your connection details:

  1. Disable PostgreSQL deployment - postgresql.enabled

  2. NVIDIA Run:ai connection details - global.postgresql.auth

  3. Grafana connection details - grafana.dbUser, grafana.dbPassword

Key
Change
Description

postgresql.enabled

PostgreSQL installation

If set to false, PostgreSQL will not be installed.

global.postgresql.auth.host

PostgreSQL host

Hostname or IP address of the PostgreSQL server.

global.postgresql.auth.port

PostgreSQL port

Port number on which PostgreSQL is running.

global.postgresql.auth.username

PostgreSQL username

Username for connecting to PostgreSQL.

global.postgresql.auth.password

PostgreSQL password

Password for the PostgreSQL user specified by global.postgresql.auth.username.

global.postgresql.auth.postgresPassword

PostgreSQL default admin password

Password for the built-in PostgreSQL superuser (postgres).

global.postgresql.auth.existingSecret

Postgres Credentials (secret)

Existing secret name with authentication credentials.

global.postgresql.auth.dbSslMode

Postgres connection SSL mode

Set the SSL mode. See the full list in Protection Provided in Different Modes. Prefer mode is not supported.

postgresql.primary.initdb.password

PostgreSQL default admin password

Set the same password as in global.postgresql.auth.postgresPassword (if changed).

postgresql.primary.persistence.storageClass

Storage class

The installation is configured to work with a specific storage class instead of the default one.

Thanos

Note

This section applies to Kubernetes only.

Key
Change
Description

thanos.receive.persistence.storageClass

Storage class

The installation is configured to work with a specific storage class instead of the default one.

Keycloakx

The keycloakx.adminUser can only be set during the initial installation. The admin password can be changed later through the Keycloak UI, but you must also update the keycloakx.adminPassword value in the Helm chart using helm upgrade. Failing to update the Helm values after changing the password can lead to control plane services encountering errors.

Key
Change
Description

keycloakx.adminUser

User name of the internal identity provider administrator

This user is the administrator of Keycloak.

keycloakx.adminPassword

Password of the internal identity provider administrator

This password is for the administrator of Keycloak.

keycloakx.existingSecret

Keycloakx Credentials (secret)

Existing secret name with authentication credentials.

global.keycloakx.host

KeyCloak (NVIDIA Run:ai internal identity provider) host path

Override the DNS for Keycloak. This can be used to access access Keycloack externally to the cluster.

Grafana

Key
Change
Description

grafana.db.existingSecret

Grafana database connection credentials (secret)

Existing secret name with authentication credentials.

grafana.dbUser

Grafana database username

Username for accessing the Grafana database.

grafana.dbPassword

Grafana database password

Password for the Grafana database user.

grafana.admin.existingSecret

Grafana admin default credentials (secret)

Existing secret name with authentication credentials.

grafana.adminUser

Grafana username

Override the NVIDIA Run:ai default user name for accessing Grafana.

grafana.adminPassword

Grafana password

Override the NVIDIA Run:ai default password for accessing Grafana.

KeyDB (Redis)

Note

redisCache is disabled by default.

Key
Change
Description

redisCache.auth.password

Redis (NVIDIA Run:ai internal cache mechanism) applicative password

Override the default password.

redisCache.auth.existingSecret

Redis credentials (secret)

Existing secret name with authentication credentials.

PreviousNode RolesNextAdvanced Cluster Configurations

Last updated