# Customized Installation

This section explains the available configurations for customizing the NVIDIA Run:ai control plane and cluster installation.

## Control Plane Helm Chart Values

The NVIDIA Run:ai control plane installation can be customized to support your environment via Helm [values files](https://helm.sh/docs/chart_template_guide/values_files/) or [Helm install](https://helm.sh/docs/helm/helm_install/) flags. See [Advanced control plane configurations](https://run-ai-docs.nvidia.com/self-hosted/2.22/infrastructure-setup/advanced-setup/control-plane-config).

## Cluster Helm Chart Values

The NVIDIA Run:ai cluster installation can be customized to support your environment via Helm [values files](https://helm.sh/docs/chart_template_guide/values_files/) or [Helm install](https://helm.sh/docs/helm/helm_install/) flags.

These configurations are saved in the `runaiconfig` Kubernetes object and can be edited post-installation as needed. For more information, see [Advanced cluster configurations](https://run-ai-docs.nvidia.com/self-hosted/2.22/infrastructure-setup/advanced-setup/cluster-config).

The following table lists the available Helm chart values that can be configured to customize the NVIDIA Run:ai cluster installation.

<table><thead><tr><th width="374">Key</th><th>Description</th></tr></thead><tbody><tr><td><code>global.image.registry</code> <em>(string)</em></td><td>Global Docker image registry<br>Default: <code>""</code></td></tr><tr><td><code>global.additionalImagePullSecrets</code> <em>(list)</em></td><td>List of image pull secrets references<br>Default: <code>[]</code></td></tr><tr><td><code>global.additionalJobLabels</code> <em>(object)</em></td><td>Set NVIDIA Run:ai and 3rd party services' <a href="https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/">Pod Labels</a> in a format of key/value pairs.<br>Default: <code>""</code></td></tr><tr><td><code>global.additionalJobAnnotations</code> <em>(object)</em></td><td>Set NVIDIA Run:ai and 3rd party services' <a href="https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/">Annotations</a> in a format of key/value pairs.<br>Default: <code>""</code></td></tr><tr><td><code>spec.researcherService.ingress.tlsSecret</code> <em>(string)</em></td><td>Existing secret key where cluster <a href="../system-requirements#tls-certificate">TLS certificates </a>are stored (non-OpenShift)<br>Default: <code>runai-cluster-domain-tls-secret</code></td></tr><tr><td><code>spec.researcherService.route.tlsSecret</code> <em>(string)</em></td><td>Existing secret key where cluster <a href="../system-requirements#tls-certificate">TLS certificates</a> are stored (OpenShift only)<br>Default: <code>""</code></td></tr><tr><td><code>spec.prometheus.spec.image</code> <em>(string)</em></td><td>Due to a <a href="https://github.com/prometheus-community/helm-charts/issues/4734">known issue</a> In the Prometheus Helm chart, the <code>imageRegistry</code> setting is ignored. To pull the image from a different registry, you can manually specify the Prometheus image reference.<br>Default: <code>quay.io/prometheus/prometheus</code></td></tr><tr><td><code>spec.prometheus.spec.imagePullSecrets</code> <em>(string)</em></td><td>List of image pull secrets references in the <code>runai</code> namespace to use for pulling Prometheus images (relevant for air-gapped installations).<br>Default: <code>[]</code></td></tr><tr><td><code>global.customCA.enabled</code></td><td>Enables the use of a custom Certificate Authority (CA) in your deployment. When set to <code>true</code>, the system is configured to trust a user-provided CA certificate for secure communication.</td></tr><tr><td><code>openShift.securityContextConstraints.create</code></td><td>Enables the deployment of Security Context Constraints (SCC). Disable for CIS compliance.<br>Default: <code>true</code></td></tr><tr><td><code>global.tolerations</code> <em>(list)</em></td><td>Configure <a href="https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/">Kubernetes tolerations</a> for NVIDIA Run:ai system-level services</td></tr><tr><td><code>global.affinity</code> <em>(object)</em></td><td>Sets the system nodes where NVIDIA Run:ai system-level services are scheduled. Using <code>global.affinity</code> will overwrite the <a href="../../../infrastructure-setup/advanced-setup/node-roles">node roles</a> set using the Administrator CLI (runai-adm).<br>Default: Prefer to schedule on nodes that are labeled with <code>node-role.kubernetes.io/runai-system</code></td></tr><tr><td><code>controlPlane.existingSecret</code></td><td>Specifies the name of the existing Kubernetes secret where the cluster’s <code>clientSecret</code> used for secure connection with the control plane is stored.</td></tr><tr><td><code>controlPlane.secretKeys.clientSecret</code></td><td>Specifies the key within the <code>controlPlane.existingSecret</code> that stores the cluster’s <code>clientSecret</code> used for secure connection with the control plane.</td></tr></tbody></table>