Control Plane System Requirements

The NVIDIA Run:ai control plane is a Kubernetes application. It has specific system and Kubernetes environment requirements that must be met before installation. These requirements ensure that the control plane services can be deployed successfully.

This section describes the minimum hardware, supported Kubernetes/OpenShift versions, and environment prerequisites required for the NVIDIA Run:ai control plane installation. Environment prerequisites include critical infrastructure components such as a properly configured Fully Qualified Domain Name (FQDN) with DNS resolution, TLS certificate configuration and ingress readiness.

Installer Machine

The machine running the installation script (typically the Kubernetes master) must have:

circle-info

Note

If you are installing an air-gapped version of NVIDIA Run:ai, the NVIDIA Run:ai software artifacts include the Helm binary.

Hardware Requirements

The following hardware requirements are for the NVIDIA Run:ai control plane system nodes. By default, all control plane services run on all available nodes in the control plane app cluster.

Architecture

  • x86 - Supported for Kubernetes and OpenShift

  • ARM - Supported for Kubernetes and OpenShift

NVIDIA Run:ai Control Plane - System Nodes

This configuration is the minimum requirement you need to install and use NVIDIA Run:ai control plane:

Component
Required Capacity

CPU

10 cores

Memory

12GB

Disk space

110GB

circle-info

Note

To designate nodes to NVIDIA Run:ai system services, follow the instructions as described in System nodes.

If NVIDIA Run:ai control plane is planned to be installed on the same Kubernetes cluster as the NVIDIA Run:ai cluster, make sure the cluster Hardware requirements are considered in addition to the NVIDIA Run:ai control plane hardware requirements.

Software Requirements

The following software requirements must be fulfilled.

Operating System

  • Any Linux operating system supported by both Kubernetes and NVIDIA GPU Operator

  • Internal tests are being performed on Ubuntu 22.04 and CoreOS for OpenShift.

Network Time Protocol

Nodes are required to be synchronized by time using NTP (Network Time Protocol) for proper system functionality.

Kubernetes Distribution

NVIDIA Run:ai control plane requires Kubernetes. The following Kubernetes distributions are supported:

  • Vanilla Kubernetes

  • OpenShift Container Platform (OCP)

  • Elastic Kubernetes Engine (EKS)

  • Google Kubernetes Engine (GKE)

  • Azure Kubernetes Service (AKS)

  • Oracle Kubernetes Engine (OKE)

  • Rancher Kubernetes Engine 2 (RKE2)

circle-info

Note

The latest release of the NVIDIA Run:ai control plane supports Kubernetes 1.33 to 1.35 and OpenShift 4.17 to 4.20.

See the following Kubernetes version support matrix for the latest NVIDIA Run:ai releases:

NVIDIA Run:ai version
Supported Kubernetes versions
Supported OpenShift versions

2.24 (latest)

1.33 to 1.35

4.17 to 4.20

2.23

1.31 to 1.34

4.16 to 4.19

2.22

1.31 to 1.33

4.15 to 4.19

2.21

1.30 to 1.32

4.14 to 4.18

2.20

1.29 to 1.32

4.14 to 4.17

2.19

1.28 to 1.31

4.12 to 4.17

For information on supported versions of managed Kubernetes, it's important to consult the release notes provided by your Kubernetes service provider. There, you can confirm the specific version of the underlying Kubernetes platform supported by the provider, ensuring compatibility with NVIDIA Run:ai. For an up-to-date end-of-life statement see Kubernetes Release Historyarrow-up-right or OpenShift Container Platform Life Cycle Policyarrow-up-right.

NVIDIA Run:ai Namespace

The NVIDIA Run:ai control plane uses a namespace or project (OpenShift) called runai-backend. Use the following to create the namespace/project:

Default Storage Class

circle-info

Note

Default storage class applies to Kubernetes only.

The NVIDIA Run:ai control plane requires a default storage class to create persistent volume claims for NVIDIA Run:ai storage. The storage class, as per Kubernetes standards, controls the reclaim behavior, whether the NVIDIA Run:ai persistent data is saved or deleted when the NVIDIA Run:ai control plane is deleted.

circle-info

Note

For a simple (non-production) storage class example see Kubernetes Local Storage Classarrow-up-right. The storage class will set the directory /opt/local-path-provisioner to be used across all nodes as the path for provisioning persistent volumes. Then set the new storage class as default:

Kubernetes Ingress Controller

The NVIDIA Run:ai control plane requires Kubernetes Ingress Controllerarrow-up-right to be installed on the Kubernetes cluster.

  • OpenShift and RKE2 come with a pre-installed ingress controller.

  • Make sure that a default ingress controller, global.ingress.ingressClass is set. For more details, see Advanced control plane configurations.

There are multiple ways to install and configure an ingress controller. The following example demonstrates how to install and configure the HAProxyarrow-up-right ingress controller using helmarrow-up-right.

chevron-rightVanilla Kuberneteshashtag
chevron-rightManaged Kubernetes (EKS, GKE, AKS)hashtag
chevron-rightOracle Kubernetes Engine (OKE)hashtag

Fully Qualified Domain Name (FQDN)

circle-info

Note

Fully Qualified Domain Name applies to Kubernetes only.

You must have a Fully Qualified Domain Name (FQDN) to install the NVIDIA Run:ai control plane (for example, runai.mycorp.local). This cannot be an IP. The FQDN must be resolvable within the organization's private network.

TLS Certificate

Kubernetes

You must have a TLS certificate that is associated with the FQDN for HTTPS access. Create a Kubernetes Secretarrow-up-right named runai-backend-tls in the runai-backend namespace and include the path to the TLS --cert and its corresponding private --key by running the following:

  • Replace /path/to/fullchain.pem with the actual path to your TLS certificate.

  • Replace /path/to/private.pem with the actual path to your private key.

OpenShift

NVIDIA Run:ai uses the OpenShift default Ingress router for serving. The TLS certificate configured for this router must be issued by a trusted CA. For more details, see the OpenShift documentation on configuring certificatesarrow-up-right.

Local Certificate Authority (CA)

A local certificate authority serves as the root certificate for organizations that cannot use publicly trusted certificate authority. Follow the steps below to configure the local certificate authority.

In air-gapped environments, you must configure and install the local CA's public key in the Kubernetes cluster. This is required for the installation to succeed:

  1. Add the public key to the runai-backend namespace:

  1. When installing the control plane, make sure the following flag is added to the helm command --set global.customCA.enabled=true. See Install control plane.

External Postgres Database (Optional)

The NVIDIA Run:ai control plane installation includes a default PostgreSQL database. However, you may opt to use an existing PostgreSQL database if you have specific requirements or preferences as detailed in External Postgres database configuration. Note that only PostgreSQL version 16 is supported.

Last updated