# Install the Control Plane ## System and Network Requirements Before installing the NVIDIA Run:ai control plane, validate that the [system requirements](/self-hosted/2.23/getting-started/installation/install-using-helm/cp-system-requirements.md) and [network requirements ](/self-hosted/2.23/getting-started/installation/install-using-helm/network-requirements.md)are met. For air-gapped environments, make sure you have the [software artifacts ](/self-hosted/2.23/getting-started/installation/install-using-helm/preparations.md#software-artifacts)prepared. ## Permissions As part of the installation, you will be required to install the NVIDIA Run:ai control plane [Helm chart](https://helm.sh/). The Helm charts require Kubernetes administrator permissions. You can review the exact objects that are created by the charts using the `--dry-run` on both helm charts. ## Installation {% hint style="info" %} **Note** * To customize the installation based on your environment, see [Advanced control plane configurations](/self-hosted/2.23/infrastructure-setup/advanced-setup/control-plane-config.md). * PostgreSQL and Keycloakx are installed with default usernames and passwords. To change the default credentials, see [Additional third-party configurations](/self-hosted/2.23/infrastructure-setup/advanced-setup/control-plane-config.md#additional-third-party-configurations). {% endhint %} ### NVIDIA Run:ai version It’s recommended to install the latest NVIDIA Run:ai release. If you need to install a specific version, you can browse the available versions using the following commands:
Connected Run the following command: ```bash helm search repo -l runai-backend ```
Air-gapped Run the following command to browse all available air-gapped packages using the token provided by NVIDIA Run:ai. To download and extract a specific version, and to upload the container images to your private registry, see the [Preparations](/self-hosted/2.23/getting-started/installation/install-using-helm/preparations.md) section. ```bash curl -H "Authorization: Bearer " "https://runai.jfrog.io/artifactory/api/storage/runai-airgapped-prod/?list" ```
### Kubernetes
Connected Run the following command and update the values as described below: 1. Replace `global.domain=` with the one obtained [here](/self-hosted/2.23/getting-started/installation/install-using-helm/cp-system-requirements.md#fully-qualified-domain-name-fqdn): 2. Set `tenantsManager.config.adminUsername=` to the administrator's email address. 3. Set `tenantsManager.config.adminPassword=` to the initial administrator password. The password must meet the following requirements: * Minimum Length: Passwords must be at least 8 characters long. * Digits: Must contain at least 1 numeric digit (0-9). * Lowercase Characters: Must contain at least 1 lowercase letter (a-z). * Uppercase Characters: Must contain at least 1 uppercase letter (A-Z). * Special Characters: Must contain at least 1 special character (e.g., !, @, #, $). ```bash helm repo add runai-backend https://runai.jfrog.io/artifactory/cp-charts-prod helm repo update helm upgrade -i runai-backend -n runai-backend runai-backend/control-plane \ --set global.domain= \ --set tenantsManager.config.adminUsername= \ --set tenantsManager.config.adminPassword="" ``` For example: 
helm repo add runai-backend https://runai.jfrog.io/artifactory/cp-charts-prod
helm repo update
helm upgrade -i runai-backend -n runai-backend runai-backend/control-plane \ 
    --set global.domain=runai.mycorp.local \
    --set tenantsManager.config.adminUsername=email@local.com \
    --set tenantsManager.config.adminPassword="myPassw0rd\!"
**Note:** Use the `--dry-run` flag to gain an understanding of what is being installed before the actual installation.
Air-gapped To run the following command, make sure to replace the following. The `custom-env.yaml` is created when [preparing the installation script](/self-hosted/2.23/getting-started/installation/install-using-helm/preparations.md): {% hint style="warning" %} **Prerequisite** If your internal registry requires authentication, you must create the `runai-reg-creds` imagePullSecret before proceeding. See [Private Docker Registry](/self-hosted/2.23/getting-started/installation/install-using-helm/preparations.md#private-docker-registry) in Preparations. {% endhint %} 1. `control-plane-.tgz` - The full filename of the control plane Helm chart (e.g., `control-plane-2.24.58.tgz`), located in the `chart` folder of the extracted software artifacts. 2. `global.domain=` - The domain name set [here](/self-hosted/2.23/getting-started/installation/install-using-helm/cp-system-requirements.md#fully-qualified-domain-name-fqdn) 3. `global.customCA.enabled=true` as described [here](/self-hosted/2.23/getting-started/installation/install-using-helm/cp-system-requirements.md#local-certificate-authority) 4. Set `tenantsManager.config.adminUsername=` to the administrator's email address. 5. Set `tenantsManager.config.adminPassword=` to the initial administrator password. The password must meet the following requirements: * Minimum Length: Passwords must be at least 8 characters long. * Digits: Must contain at least 1 numeric digit (0-9). * Lowercase Characters: Must contain at least 1 lowercase letter (a-z). * Uppercase Characters: Must contain at least 1 uppercase letter (A-Z). * Special Characters: Must contain at least 1 special character (e.g., !, @, #, $). Run the following command from the root of the extracted software artifacts directory: ```shellscript helm upgrade -i runai-backend ./chart/control-plane-.tgz \ --set global.domain= \ --set global.customCA.enabled=true \ --set tenantsManager.config.adminUsername= \ --set tenantsManager.config.adminPassword="" \ -n runai-backend -f custom-env.yaml ``` For example: ```shellscript helm upgrade -i runai-backend ./chart/control-plane-.tgz \ --set global.domain= \ --set global.customCA.enabled=true \ --set tenantsManager.config.adminUsername=email@local.com \ --set tenantsManager.config.adminPassword="myPassw0rd\!" \ -n runai-backend -f custom-env.yaml ``` **Note:** Use the `--dry-run` flag to gain an understanding of what is being installed before the actual installation.
### OpenShift
Connected Run the following command and update the values as described below: 1. The `` is the subdomain configured for the OpenShift cluster 2. Set `tenantsManager.config.adminUsername=` to the administrator's email address. 3. Set `tenantsManager.config.adminPassword=` to the initial administrator password. The password must meet the following requirements: * Minimum Length: Passwords must be at least 8 characters long. * Digits: Must contain at least 1 numeric digit (0-9). * Lowercase Characters: Must contain at least 1 lowercase letter (a-z). * Uppercase Characters: Must contain at least 1 uppercase letter (A-Z). * Special Characters: Must contain at least 1 special character (e.g., !, @, #, $). ```shellscript helm repo add runai-backend https://runai.jfrog.io/artifactory/cp-charts-prod helm repo update helm upgrade -i runai-backend -n runai-backend runai-backend/control-plane \ --set global.domain=runai.apps. \ --set global.config.kubernetesDistribution=openshift \ --set tenantsManager.config.adminUsername= \ --set tenantsManager.config.adminPassword="" ``` For example: ```shellscript helm repo add runai-backend https://runai.jfrog.io/artifactory/cp-charts-prod helm repo update helm upgrade -i runai-backend -n runai-backend runai-backend/control-plane \ --set global.domain=runai.apps.mycorp.local \ --set global.config.kubernetesDistribution=openshift \ --set tenantsManager.config.adminUsername=email@local.com \ --set tenantsManager.config.adminPassword="myPassw0rd\!" ```
Air-gapped To run the following command, make sure to replace the following. The `custom-env.yaml` is created when [preparing the installation script:](/self-hosted/2.23/getting-started/installation/install-using-helm/preparations.md#software-artifacts) {% hint style="warning" %} **Prerequisite** If your internal registry requires authentication, you must create the `runai-reg-creds` imagePullSecret before proceeding. See [Private Docker Registry](/self-hosted/2.23/getting-started/installation/install-using-helm/preparations.md#private-docker-registry) in Preparations. {% endhint %} 1. `control-plane-.tgz` - The full filename of the control plane Helm chart (e.g., `control-plane-2.24.49.tgz`), located in the `chart` folder of the extracted software artifacts. 2. `` - The domain configured for the OpenShift cluster. To find out the OpenShift cluster domain, run `oc get routes -A` 3. `global.customCA.enabled=true` as described [here](/self-hosted/2.23/getting-started/installation/install-using-helm/cp-system-requirements.md#local-certificate-authority) 4. Set `tenantsManager.config.adminUsername=` to the administrator's email address. 5. Set `tenantsManager.config.adminPassword=` to the initial administrator password. The password must meet the following requirements: * Minimum Length: Passwords must be at least 8 characters long. * Digits: Must contain at least 1 numeric digit (0-9). * Lowercase Characters: Must contain at least 1 lowercase letter (a-z). * Uppercase Characters: Must contain at least 1 uppercase letter (A-Z). * Special Characters: Must contain at least 1 special character (e.g., !, @, #, $). Run the following command from the root of the extracted software artifacts directory: ```bash helm upgrade -i runai-backend ./chart/control-plane-.tgz -n runai-backend \ --set global.domain=runai.apps. \ --set global.config.kubernetesDistribution=openshift \ --set global.customCA.enabled=true \ --set tenantsManager.config.adminUsername= \ --set tenantsManager.config.adminPassword="" \ -f custom-env.yaml ``` For example: ```shellscript helm upgrade -i runai-backend ./chart/control-plane-.tgz -n runai-backend \ --set global.domain=runai.apps.mycorp.local \ --set global.config.kubernetesDistribution=openshift \ --set global.customCA.enabled=true \ --set tenantsManager.config.adminUsername=email@local.com \ --set tenantsManager.config.adminPassword="myPassw0rd\!" \ -f custom-env.yaml ``` **Note:** Use the `--dry-run` flag to gain an understanding of what is being installed before the actual installation.
## Connect to NVIDIA Run:ai User Interface 1. Open your browser and go to: {% tabs %} {% tab title="Kubernetes" %} `https://` {% endtab %} {% tab title="OpenShift" %} `https://runai.apps.` {% endtab %} {% endtabs %} 2. Log in using the administrator credentials provided during installation. It is recommended to change the password after the first login. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://run-ai-docs.nvidia.com/self-hosted/2.23/getting-started/installation/install-using-helm/install-control-plane.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.