| Fields | Description | Value type | Supported NVIDIA Run:ai workload type |
|---|---|---|---|
| args | When set, contains the arguments sent along with the command. These override the entry point of the image in the created workload | string |
|
| command | A command to serve as the entry point of the container running the workload | string |
|
| createHomeDir | Instructs the system to create a temporary home directory for the user within the container. Data stored in this directory is not saved when the container exists. When the runAsUser flag is set to true, this flag defaults to true as well | boolean |
|
| environmentVariables | Set of environmentVariables to populate the container running the workload | itemized |
|
| image | Specifies the image to use when creating the container running the workload | string |
|
| imagePullPolicy | Specifies the pull policy of the image when starting t a container running the created workload. Options are: Always, Never, or IfNotPresent | string |
|
| imagePullSecrets | Specifies a list of references to Kubernetes secrets in the same namespace used for pulling container images. | array |
|
| workingDir | Container’s working directory. If not specified, the container runtime default is used, which might be configured in the container image | string |
|
| nodeType | Nodes (machines) or a group of nodes on which the workload runs | string |
|
| nodePools | A prioritized list of node pools for the scheduler to run the workload on. The scheduler always tries to use the first node pool before moving to the next one when the first is not available. | array |
|
| annotations | Set of annotations to populate into the container running the workload | itemized |
|
| labels | Set of labels to populate into the container running the workload | itemized |
|
| terminateAfterPreemtpion | Indicates whether the job should be terminated, by the system, after it has been preempted | boolean |
|
| autoDeletionTimeAfterCompletionSeconds | Specifies the duration after which a finished workload (Completed or Failed) is automatically deleted. If this field is set to zero, the workload becomes eligible to be deleted immediately after it finishes. | integer |
|
| terminationGracePeriodSeconds | The duration, in seconds, that a workload is allowed to continue running after a preemption request before it is forcibly terminated. The grace period acts as a buffer that allows the workload to reach a safe checkpoint before termination. The default value is 30 seconds and is limited by a system policy to 300 seconds (5 minutes) across all workloads. Administrators can override the default by creating a new policy at the desired scope. See System policies for more details. | integer |
|
| backoffLimit | Specifies the number of retries before marking a workload as failed | integer |
|
| restartPolicy | Specify the restart policy of the workload pods. Default is empty, which is determine by the framework default Enum: "Always" "Never" "OnFailure" | string |
|
| cleanPodPolicy | Specifies which pods will be deleted when the workload reaches a terminal state (completed/failed). The policy can be one of the following values:
| string | Distributed training |
| completions | Used with Hyperparameter Optimization. Specifies the number of successful pods the job should reach to be completed. The Job is marked as successful once the specified amount of pods has succeeded. | integer | Standard training |
| parallelism | Used with Hyperparameters Optimization. Specifies the maximum desired number of pods the workload should run at any given time. | itemized | Standard training |
| exposedUrls | Specifies a set of exported URLs (e.g. ingress) from the container running the created workload. | itemized |
|
| relatedUrls | Specifies a set of URLs related to the workload. For example, a URL to an external server providing statistics or logging about the workload. | itemized |
|
| PodAffinitySchedulingRule | Indicates if we want to use the Pod affinity rule as: the “hard” (required) or the “soft” (preferred) option. | string |
|
| podAffinityTopology | Specifies the Pod Affinity Topology to be used for scheduling the job. | string |
|
| category | Specifies the workload category assigned to the workload. Categories are used to classify and monitor different types of workloads within the NVIDIA Run:ai platform. | string |
|
| sshAuthMountPath | Specifies the directory where SSH keys are mounted | string | Distributed training (MPI only) |
| mpiLauncherCreationPolicy | Define s whether the MPI Launcher is created in parallel with the workers, or if its creation is postponed until all workers are in Ready state. This prevents failures when the launcher attempts to connect to workers that are not yet ready. Enum: | string | Distributed training (MPI only) |
| privileged | Grants the container full access to the host, bypassing almost all container isolation; the container acts like root. Default is false. This parameter is governed by a system policy, which enforces privileged: false by default and marks it as non-editable (canEdit: false). Containers cannot run in privileged mode unless an administrator explicitly updates the system policy to allow it. See System policies for more details. | boolean |
|
| ports | Specifies a set of ports exposed from the container running the created workload. More information in Ports fields below. | itemized |
|
| preemptibility | Specifies whether the workload can be preempted by higher-priority workloads. Valid values are preemptible and non-preemptible. |
| |
| probes | Specifies the ReadinessProbe to use to determine if the container is ready to accept traffic. More information in Probes fields below | - |
|
| tolerations | Toleration rules which apply to the pods running the workload. Toleration rules guide (but do not require) the system to which node each pod can be scheduled to or evicted from, based on matching between those rules and the set of taints defined for each Kubernetes node. | itemized |
|
| priorityClass | Specifies the priority class of the workload. The default values are:
You can change it to any of the following valid values to adjust the workload's scheduling behavior: | string |
|
| nodeAffinityRequired | If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. | array |
|
| startupPolicy | Determines when the worker pods should start during workload initialization.
Default: "LeaderCreated" | string | Distributed inference (API only) |
| workers | Specifies the number of worker nodes to run. If set to 0, only the leader node will run, and no worker pods will be created. In this case, worker spec is not required. Default: 0 | integer | Distributed inference (API only) |
| replicas | Specifies the number of leader-worker sets to deploy. Each replica represents a group consisting of one leader pod and multiple worker pods. For example, setting replicas: 3 will create 3 independent groups, each with its own leader and corresponding set of workers. Default: 1 | integer | Distributed inference (API only) |
| replicas | The number of replicas to deploy. Default: 1 | integer | NVIDIA NIM services (API only) |
| leader | Defines the pod specification for the leader. Must always be provided, regardless of the number of workers. | - | Distributed inference (API only) |
| worker | Defines the pod specification for the workers. Required only if the number of workers is greater than 0. | - | Distributed inference (API only) |
| multiNode | Defines whether the NIM service runs as a multi-node deployment. If workers is set to 1 or more, the service runs in multi-node. | - | NVIDIA NIM services (API only) |
| ngcAuthSecret | The name of a Kubernetes secret containing the NGC access credentials. The secret must contain a key named NGC_API_KEY with the API key as the value. | integer | NVIDIA NIM services (API only) |
| storage | Contains all the fields related to storage configurations. More information in Storage fields below. | - |
|
| security | Contains all the fields related to security configurations. More information in Security fields below. | - |
|
| compute | Contains all the fields related to compute configurations. More information in Compute fields below. | - |
|
| tty | Whether this container should allocate a TTY for itself, also requires 'stdin' to be true | boolean |
|
| stdin | Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF | boolean |
|
| numWorkers | the number of workers that will be allocated for running the workload. | integer | Distributed training |
| distributedFramework | The distributed training framework used in the workload. Enum: "MPI" "PyTorch" "TF" "XGBoost" "JAX" | string | Distributed training |
| slotsPerWorker | Specifies the number of slots per worker used in hostfile. Defaults to 1. (applicable only for MPI) | integer | Distributed training (MPI only) |
| minReplicas | The lower limit for the number of worker pods to which the training job can scale down. (applicable only for PyTorch) | integer | Distributed training (PyTorch only) |
| maxReplicas | The upper limit for the number of worker pods that can be set by the autoscaler. Cannot be smaller than MinReplicas. (applicable only for PyTorch) | integer | Distributed training (PyTorch only) |
| servingPort | Specifies the port for accessing the inference service. See Serving Port Fields. | - |
|
| autoscaling | Specifies the minimum and maximum number of replicas to be scaled up and down to meet the changing demands of inference services. See Autoscaling Fields. | - |
|
| servingConfiguration | Specifies the inference workload serving configuration. See Serving Configuration Fields. | - | Inference |
| Fields | Description | Value type | Supported NVIDIA Run:ai workload type |
|---|---|---|---|
| container | The port that the container running the workload exposes. | string |
|
| serviceType | Specifies the default service exposure method for ports. the default shall be used for ports which do not specify service type. Options are: LoadBalancer, NodePort or ClusterIP. For more information see the External Access to Containers guide. | string |
|
| external | The external port which allows a connection to the container port. If not specified, the port is auto-generated by the system. | integer |
|
| toolType | The tool type that runs on this port. | string |
|
| toolName | A name describing the tool that runs on this port. | string |
|
| Fields | Description | Value type | Supported NVIDIA Run:ai workload type |
|---|---|---|---|
| readiness | Specifies the Readiness Probe to use to determine if the container is ready to accept traffic. | - |
|
| Spec readiness fields | Description | Value type |
|---|---|---|
| initialDelaySeconds | Number of seconds after the container has started before liveness or readiness probes are initiated. | integer |
| periodSeconds | How often (in seconds) to perform the probe | integer |
| timeoutSeconds | Number of seconds after which the probe times out | integer |
| successThreshold | Minimum consecutive successes for the probe to be considered successful after having failed | integer |
| failureThreshold | When a probe fails, the number of times to try before giving up | integer |
| Fields | Description | Value type | Supported NVIDIA Run:ai workload type |
|---|---|---|---|
| uidGidSource | Indicates the way to determine the user and group ids of the container. The options are:
For more information, see User identity in containers. | string |
|
| capabilities | The capabilities field allows adding a set of unix capabilities to the container running the workload. Capabilities are Linux distinct privileges traditionally associated with superuser which can be independently enabled and disabled | array |
|
| seccompProfileType | Indicates which kind of seccomp profile is applied to the container. The options are:
| string |
|
| runAsNonRoot | Indicates that the container must run as a non-root user. | boolean |
|
| readOnlyRootFilesystem | If true, mounts the container's root filesystem as read-only. | boolean |
|
| runAsUid | Specifies the Unix user id with which the container running the created workload should run. | integer |
|
| runasGid | Specifies the Unix Group ID with which the container should run. | integer |
|
| supplementalGroups | Comma separated list of groups that the user running the container belongs to, in addition to the group indicated by runAsGid. | string |
|
| allowPrivilegeEscalation | Allows the container running the workload and all launched processes to gain additional privileges after the workload starts | boolean |
|
| hostIpc | Whether to enable hostIpc. Defaults to false. | boolean |
|
| hostNetwork | Whether to enable host network. | boolean |
|
| Fields | Description | Value type | Supported NVIDIA Run:ai workload type |
|---|---|---|---|
| cpuCoreRequest | CPU units to allocate for the created workload (0.5, 1, .etc). The workload receives at least this amount of CPU. Note that the workload is not scheduled unless the system can guarantee this amount of CPUs to the workload. | number |
|
| cpuCoreLimit | Limitations on the number of CPUs consumed by the workload (0.5, 1, .etc). The system guarantees that this workload is not able to consume more than this amount of CPUs. | number |
|
| cpuMemoryRequest | The amount of CPU memory to allocate for this workload (1G, 20M, .etc). The workload receives at least this amount of memory. Note that the workload is not scheduled unless the system can guarantee this amount of memory to the workload | quantity |
|
| cpuMemoryLimit | Limitations on the CPU memory to allocate for this workload (1G, 20M, .etc). The system guarantees that this workload is not be able to consume more than this amount of memory. The workload receives an error when trying to allocate more memory than this limit. | quantity |
|
| largeShmRequest | A large /dev/shm device to mount into a container running the created workload (shm is a shared file system mounted on RAM). | boolean |
|
| gpuRequestType | Sets the unit type for GPU resources requests to either portion or memory. Only if gpuDeviceRequest = 1, the request type can be stated as portion or memory. | string |
|
| gpuPortionRequest | Specifies the fraction of GPU to be allocated to the workload, between 0 and 1. For backward compatibility, it also supports the number of gpuDevices larger than 1, currently provided using the gpuDevices field. | number |
|
| gpuDeviceRequest | Specifies the number of GPUs to allocate for the created workload. Only if gpuDeviceRequest = 1, the gpuRequestType can be defined. | integer |
|
| gpuPortionLimit | When a fraction of a GPU is requested, the GPU limit specifies the portion limit to allocate to the workload. The range of the value is from 0 to 1. | number |
|
| gpuMemoryRequest | Specifies GPU memory to allocate for the created workload. The workload receives this amount of memory. Note that the workload is not scheduled unless the system can guarantee this amount of GPU memory to the workload. | quantity |
|
| gpuMemoryLimit | Specifies a limit on the GPU memory to allocate for this workload. Should be no less than the gpuMemory. | quantity |
|
| extendedResources | Specifies values for extended resources. Extended resources are third-party devices (such as high-performance NICs, FPGAs, or InfiniBand adapters) that you want to allocate to your Job. | itemized |
|
| Fields | Description | Value type | Supported NVIDIA Run:ai workload type |
|---|---|---|---|
| dataVolume | Set of data volumes to use in the workload. Each data volume is mapped to a file-system mount point within the container running the workload. | itemized |
|
| hostPath | Maps a folder to a file-system mount point within the container running the workload. | itemized |
|
| git | Details of the git repository and items mapped to it. | itemized |
|
| pvc | Specifies persistent volume claims to mount into a container running the created workload. | itemized |
|
| nfs | Specifies NFS volume to mount into the container running the workload. | itemized |
|
| s3 | Specifies S3 buckets to mount into the container running the workload. | itemized |
|
| configMapVolumes | Specifies ConfigMaps to mount as volumes into a container running the created workload. | itemized |
|
| secretVolume | Set of secret volumes to use in the workload. A secret volume maps a secret resource in the cluster to a file-system mount point within the container running the workload. | itemized |
|
| emptyDirVolume | A list of emptyDir volumes to mount in the workload. | itemized |
|
| hostPath fields | Description | Value type |
|---|---|---|
| name | Unique name to identify the instance. Primarily used for policy locked rules. | string |
| path | Local path within the controller to which the host volume is mapped. | string |
| readOnly | Force the volume to be mounted with read-only permissions. Defaults to false | boolean |
| mountPath | The path that the host volume is mounted to when in use. Enum:
| string |
| mountPropagation | Share this volume mount with other containers. If set to HostToContainer, this volume mount receives all subsequent mounts that are mounted to this volume or any of its subdirectories. In case of multiple hostPath entries, this field should have the same value for all of them. | string |
| Git fields | Description | Value type |
|---|---|---|
| repository | URL to a remote git repository. The content of this repository is mapped to the container running the workload | string |
| revision | Specific revision to synchronize the repository from | string |
| path | Local path within the workspace to which the S3 bucket is mapped | string |
| secretName | Optional name of Kubernetes secret that holds your git username and password | string |
| username | If secretName is provided, this field should contain the key, within the provided Kubernetes secret, which holds the value of your git username. Otherwise, this field should specify your git username in plain text (example: myuser). | string |
| Spec PVC fields | Description | Value type |
|---|---|---|
| claimName (mandatory) | A given name for the PVC. Allowed referencing it across workspaces | string |
| ephemeral | Use true to set PVC to ephemeral. If set to true, the PVC is deleted when the workspace is stopped. | boolean |
| path | Local path within the workspace to which the PVC bucket is mapped | string |
| readonly | Permits read only from the PVC, prevents additions or modifications to its content | boolean |
| ReadwriteOnce | Requesting claim that can be mounted in read/write mode to exactly 1 host. If none of the modes are specified, the default is readWriteOnce. | boolean |
| size | Requested size for the PVC. Mandatory when existing PVC is false | string |
| storageClass | Storage class name to associate with the PVC. This parameter may be omitted if there is a single storage class in the system, or you are using the default storage class. Further details at Kubernetes storage classes. | string |
| readOnlyMany | Requesting claim that can be mounted in read-only mode to many hosts | boolean |
| readWriteMany | Requesting claim that can be mounted in read/write mode to many hosts | boolean |
| nfs fields | Description | Value type |
|---|---|---|
| mountPath | The path that the NFS volume is mounted to when in use | string |
| path | Path that is exported by the NFS server | string |
| readOnly | Whether to force the NFS export to be mounted with read-only permissions | boolean |
| nfsServer | The hostname or IP address of the NFS server | string |
| s3 fields | Description | Value type |
|---|---|---|
| Bucket | The name of the bucket | string |
| path | Local path within the workspace to which the S3 bucket is mapped | string |
| url | The URL of the S3 service provider. The default is the URL of the Amazon AWS S3 service | string |
| emptyDirVolume fields | Description | Value type |
|---|---|---|
| name | Unique name to identify the instance. Primarily used for policy locked rules. | string |
| path | Local path within the workload to which the emptyDir volume is mapped. | string |
| medium | The type of storage medium for the volume. Use Memory for memory-backed storage, or leave empty for disk-backed storage. | string |
| sizeLimit | The total amount of local storage or memory required for the emptyDir volume. Specify using Kubernetes quantity format (for example, 1G, 500Mi). | string |
| exclude | If set to true, excludes this volume from the workload. | boolean |
| Fields | Description | Value type | Supported NVIDIA Run:ai workload type |
|---|---|---|---|
| container / port | Specifies the port that the container running the inference service exposes | integer |
|
| protocol | Specifies the protocol used by the port. Defaults to http. Enum: "http", "grpc" | string |
|
| authorizationType | Specifies the authorization type for serving port URL access. Defaults to public, which means no authorization is required. If set to authenticatedUsers, only authenticated NVIDIA Run:ai users are allowed to access the URL. If set to authorizedUsersOrGroups, only users or groups specified in authorizedUsers or authorizedGroups are allowed to access the URL. Supported from cluster version 2.19. Enum: "public", "authenticatedUsers", "authorizedUsersOrGroups" | string |
|
| authorizedUsers | Specifies the list of users that are allowed to access the URL. Note that authorizedUsers and authorizedGroups are mutually exclusive. | array |
|
| authorizedGroups | Specifies the list of groups that are allowed to access the URL. Note that authorizedUsers and authorizedGroups are mutually exclusive. | array |
|
| clusterLocalAccessOnly | Configures the serving port URL to be available only on the cluster-local network, and not externally. Defaults to false. | boolean | Inference |
| exposeExternally | Indicates whether the inference serving endpoint should be accessible outside the cluster. If set to true, the endpoint will be exposed externally. To enable external access, your administrator must configure the cluster as described in the inference requirements section. | boolean |
|
| exposedUrl | The custom URL to use for the serving port. If empty (default), an autogenerated URL will be used. | string |
|
| serviceType | The type of Kubernetes service to create for the inference deployment. Options include 'ClusterIP' (default), 'NodePort', 'LoadBalancer', and 'ExternalName'. Default: "ClusterIP" | string | NVIDIA NIM services (API only) |
| grpcPort | The GRPC port that the container running the inference service exposes. | integer | NVIDIA NIM services (API only) |
| metricsPort | The port where metrics are exposed, required only if it's different than the main port. | integer | NVIDIA NIM services (API only) |
| exposedProtocol | The protocol to use for the exposed URL. If grpcPort is set, this defaults to grpc. Otherwise, it defaults to http. Enum: "http" "grpc" | string | NVIDIA NIM services (API only) |
| Fields | Description | Value type | Supported NVIDIA Run:ai workload type |
|---|---|---|---|
| metricThresholdPercentage | Specifies the percentage of metric threshold value to use for autoscaling. Defaults to 70. Applicable only with the 'throughput' and 'concurrency' metrics. | number | Inference |
| minReplicas | Specifies the minimum number of replicas for autoscaling. Defaults to 1. Use 0 to allow scale-to-zero. | integer |
|
| maxReplicas | Specifies the maximum number of replicas for autoscaling. Defaults to minReplicas, or to 1 if minReplicas is set to 0. | integer |
|
| initialReplicas | Specifies the number of replicas to run when initializing the workload for the first time. Defaults to minReplicas, or to 1 if minReplicas is set to 0. | integer | Inference |
| activationReplicas | Specifies the number of replicas to run when scaling-up from zero. Defaults to minReplicas, or to 1 if minReplicas is set to 0. | integer | Inference |
| concurrencyHardLimit | Specifies the maximum number of requests allowed to flow to a single replica at any time. 0 means no limit. | integer | Inference |
| scaleToZeroRetentionSeconds | Specifies the minimum amount of time (in seconds) that the last replica will remain active after a scale-to-zero decision. Defaults to 0. Available only if minReplicas is set to 0. | integer | Inference |
| scaleDownDelaySeconds | Specifies the minimum amount of time (in seconds) that a replica will remain active after a scale-down decision | integer | Inference |
| scaleWindowSeconds | The time window for autoscaling decisions, in seconds. Defaults to 300 seconds. | integer | NVIDIA NIM services (API only) |
| metric | Specifies the metric to use for autoscaling. Mandatory if minReplicas < maxReplicas, except for the special case where minReplicas is set to 0 and maxReplicas is set to 1, as in this case autoscaling decisions are made according to network activity rather than metrics. Use one of the built-in metrics of 'throughput', 'concurrency' or 'latency', or any other available custom metric. Only the 'throughput' and 'concurrency' metrics support scale-to-zero. | string | Inference |
| metricThreshold | Specifies the threshold to use with the specified metric for autoscaling. Mandatory if metric is specified. | integer |
|
| Fields | Description | Value type | Supported NVIDIA Run:ai workload type |
|---|---|---|---|
| initializationTimeoutSeconds | Specifies the maximum time (in seconds) allowed for a workload to initialize and become ready. If the workload does not start within this time, it will be moved to failed state. | integer | Inference |
| requestTimeoutSeconds | Specifies the maximum time (in seconds) allowed to process an end-user request. If no response is returned within this time, the request will be ignored. | integer | Inference |
| Value type | Description | Supported rule type | Defaults |
|---|---|---|---|
| Boolean | A binary value that can be either True or False | true/false | |
| String | A sequence of characters used to represent text. It can include letters, numbers, symbols, and spaces | abc | |
| Itemized | An ordered collection of items (objects), which can be of different types (all items in the list are of the same type). For further information see the chapter below the table. | See below | |
| Integer | An Integer is a whole number without a fractional component. | 100 | |
| Number | Capable of having non-integer values | 10.3 | |
| Quantity | Holds a string composed of a number and a unit representing a quantity | 5M | |
| Array | Set of values that are treated as one, as opposed to Itemized in which each item can be referenced separately. |
|
| Resource | Source of the instance | Quantity | Source of the attribute quantity |
|---|---|---|---|
| default/cpu | Policy defaults | 5 | The default of this instance in the policy defaults section |
| added/cpu | Submission request | 3 | The default of the quantity attribute from the attributes section |
| added/memory | Submission request | 5M | Submission request |
| Rule types | Description | Supported value types |
|---|---|---|
| canAdd | Whether the submission request can add items to an itemized field other than those listed in the policy defaults for this field. | itemized |
| locked | Set of items that the workload is unable to modify or exclude. In this example, a workload policy default is given to HOME and USER, that the submission request cannot modify or exclude from the workload. | itemized |
| canEdit | Whether the submission request can modify the policy default for this field. In this example, it is assumed that the policy has default for imagePullPolicy. As canEdit is set to false, submission requests are not able to alter this default. | |
| required | When set to true, the workload must have a value for this field. The value can be obtained from policy defaults. If no value specified in the policy defaults, a value must be specified for this field in the submission request. | |
| min | The minimal value for the field | |
| max | The maximal value for the field | |
| step | The allowed gap between values for this field. In this example the allowed values are: 1, 3, 5, 7 | |
| options | Set of allowed values for this field | string |
| defaultFrom | Set a default value for a field that will be calculated based on the value of another field |