# Git and S3 Sidecar Containers

NVIDIA Run:ai enables AI practitioners to integrate with S3 or Git as data sources. When using a custom CA, sidecar containers used for S3 or Git integrations do not automatically inherit the CA configured at the cluster level. This requires manually building a custom container for each integration based on the default NVIDIA Run:ai image while incorporating the local CA certificates.

1. [Build tag and publish](https://docs.docker.com/get-started/docker-concepts/building-images/build-tag-and-publish-an-image/) the images for the S3 / Git integrations using the following Dockerfile:

   ```bash
   #FROM gcr.io/run-ai-prod/goofys:master # S3
   #FROM registry.k8s.io/git-sync/git-sync:v4.4.0 # Git
   USER root
   ADD <ca_bundle_path> /usr/local/share/ca-certificates/ # example: anchors/
   RUN chmod 644 -R /usr/local/share/ca-certificates/ && update-ca-certificates
   WORKDIR /
   ENTRYPOINT ["sh"]
   CMD ["/usr/bin/run.sh"]
   ```
2. Edit the cluster configurations for images used by NVIDIA Run:ai following the [S3 and Git sidecar images](https://run-ai-docs.nvidia.com/self-hosted/2.21/infrastructure-setup/cluster-config#s3-and-git-sidecar-images) instructions.