Skip to content

Commit c662ab7

Browse files
shivamerlashivamerla
authored
Add Support for Custom CA Certificates in NIMCacheReconciler for Proxy Environments (#112)
This PR introduces support for custom CA certificates in the NIMCacheReconciler, enabling secure communication in proxy environments and Kubernetes clusters that require custom certificates. Certificates are managed via a ConfigMap and are automatically mounted into the NIM cache job. This enhancement ensures compatibility with environments that use self-signed or custom CA certificates Signed-off-by: Shiva Krishna, Merla <[email protected]>
1 parent df9d2e5 commit c662ab7

14 files changed

+258
-8
lines changed

api/apps/v1alpha1/common_types.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,7 @@ type Autoscaling struct {
5858
HPA HorizontalPodAutoscalerSpec `json:"hpa,omitempty"`
5959
}
6060

61+
// HorizontalPodAutoscalerSpec defines the parameters required to setup HPA
6162
type HorizontalPodAutoscalerSpec struct {
6263
MinReplicas *int32 `json:"minReplicas,omitempty"`
6364
MaxReplicas int32 `json:"maxReplicas"`
@@ -93,7 +94,16 @@ type IngressPath struct {
9394
ServiceType string `json:"serviceType,omitempty"`
9495
}
9596

97+
// Probe defines attributes for startup/liveness/readiness probes
9698
type Probe struct {
9799
Enabled *bool `json:"enabled,omitempty"`
98100
Probe *corev1.Probe `json:"probe,omitempty"`
99101
}
102+
103+
// CertConfig defines the configuration for custom certificates.
104+
type CertConfig struct {
105+
// Name of the ConfigMap containing the certificate data.
106+
Name string `json:"name"`
107+
// MountPath is the path where the certificates should be mounted in the container.
108+
MountPath string `json:"mountPath"`
109+
}

api/apps/v1alpha1/nimcache_types.go

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,8 +41,13 @@ type NIMCacheSpec struct {
4141
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
4242
// NodeSelectors are the node selector labels to schedule the caching job.
4343
NodeSelectors map[string]string `json:"gpuSelectors,omitempty"`
44-
UserID *int64 `json:"userID,omitempty"`
45-
GroupID *int64 `json:"groupID,omitempty"`
44+
// UserID is the user ID for the caching job
45+
UserID *int64 `json:"userID,omitempty"`
46+
// GroupID is the group ID for the caching job
47+
GroupID *int64 `json:"groupID,omitempty"`
48+
// CertConfig is the name of the ConfigMap containing the custom certificates.
49+
// for secure communication.
50+
CertConfig *CertConfig `json:"certConfig,omitempty"`
4651
}
4752

4853
// NIMSource defines the source for caching NIM model

api/apps/v1alpha1/zz_generated.deepcopy.go

Lines changed: 20 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

bundle/manifests/apps.nvidia.com_nimcaches.yaml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,13 +49,31 @@ spec:
4949
spec:
5050
description: NIMCacheSpec defines the desired state of NIMCache
5151
properties:
52+
certConfig:
53+
description: |-
54+
CertConfig is the name of the ConfigMap containing the custom certificates.
55+
for secure communication.
56+
properties:
57+
mountPath:
58+
description: MountPath is the path where the certificates should
59+
be mounted in the container.
60+
type: string
61+
name:
62+
description: Name of the ConfigMap containing the certificate
63+
data.
64+
type: string
65+
required:
66+
- mountPath
67+
- name
68+
type: object
5269
gpuSelectors:
5370
additionalProperties:
5471
type: string
5572
description: NodeSelectors are the node selector labels to schedule
5673
the caching job.
5774
type: object
5875
groupID:
76+
description: GroupID is the group ID for the caching job
5977
format: int64
6078
type: integer
6179
resources:
@@ -259,6 +277,7 @@ spec:
259277
type: object
260278
type: array
261279
userID:
280+
description: UserID is the user ID for the caching job
262281
format: int64
263282
type: integer
264283
required:

bundle/manifests/apps.nvidia.com_nimpipelines.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -552,6 +552,8 @@ spec:
552552
type: string
553553
type: object
554554
livenessProbe:
555+
description: Probe defines attributes for startup/liveness/readiness
556+
probes
555557
properties:
556558
enabled:
557559
type: boolean
@@ -1108,6 +1110,8 @@ spec:
11081110
x-kubernetes-list-type: atomic
11091111
type: object
11101112
readinessProbe:
1113+
description: Probe defines attributes for startup/liveness/readiness
1114+
probes
11111115
properties:
11121116
enabled:
11131117
type: boolean
@@ -1335,6 +1339,8 @@ spec:
13351339
enabled:
13361340
type: boolean
13371341
hpa:
1342+
description: HorizontalPodAutoscalerSpec defines the
1343+
parameters required to setup HPA
13381344
properties:
13391345
behavior:
13401346
description: |-
@@ -1947,6 +1953,8 @@ spec:
19471953
type: object
19481954
type: object
19491955
startupProbe:
1956+
description: Probe defines attributes for startup/liveness/readiness
1957+
probes
19501958
properties:
19511959
enabled:
19521960
type: boolean

bundle/manifests/apps.nvidia.com_nimservices.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -502,6 +502,8 @@ spec:
502502
type: string
503503
type: object
504504
livenessProbe:
505+
description: Probe defines attributes for startup/liveness/readiness
506+
probes
505507
properties:
506508
enabled:
507509
type: boolean
@@ -1050,6 +1052,8 @@ spec:
10501052
x-kubernetes-list-type: atomic
10511053
type: object
10521054
readinessProbe:
1055+
description: Probe defines attributes for startup/liveness/readiness
1056+
probes
10531057
properties:
10541058
enabled:
10551059
type: boolean
@@ -1273,6 +1277,8 @@ spec:
12731277
enabled:
12741278
type: boolean
12751279
hpa:
1280+
description: HorizontalPodAutoscalerSpec defines the parameters
1281+
required to setup HPA
12761282
properties:
12771283
behavior:
12781284
description: |-
@@ -1867,6 +1873,8 @@ spec:
18671873
type: object
18681874
type: object
18691875
startupProbe:
1876+
description: Probe defines attributes for startup/liveness/readiness
1877+
probes
18701878
properties:
18711879
enabled:
18721880
type: boolean

config/crd/bases/apps.nvidia.com_nimcaches.yaml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,13 +49,31 @@ spec:
4949
spec:
5050
description: NIMCacheSpec defines the desired state of NIMCache
5151
properties:
52+
certConfig:
53+
description: |-
54+
CertConfig is the name of the ConfigMap containing the custom certificates.
55+
for secure communication.
56+
properties:
57+
mountPath:
58+
description: MountPath is the path where the certificates should
59+
be mounted in the container.
60+
type: string
61+
name:
62+
description: Name of the ConfigMap containing the certificate
63+
data.
64+
type: string
65+
required:
66+
- mountPath
67+
- name
68+
type: object
5269
gpuSelectors:
5370
additionalProperties:
5471
type: string
5572
description: NodeSelectors are the node selector labels to schedule
5673
the caching job.
5774
type: object
5875
groupID:
76+
description: GroupID is the group ID for the caching job
5977
format: int64
6078
type: integer
6179
resources:
@@ -259,6 +277,7 @@ spec:
259277
type: object
260278
type: array
261279
userID:
280+
description: UserID is the user ID for the caching job
262281
format: int64
263282
type: integer
264283
required:

config/crd/bases/apps.nvidia.com_nimpipelines.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -552,6 +552,8 @@ spec:
552552
type: string
553553
type: object
554554
livenessProbe:
555+
description: Probe defines attributes for startup/liveness/readiness
556+
probes
555557
properties:
556558
enabled:
557559
type: boolean
@@ -1108,6 +1110,8 @@ spec:
11081110
x-kubernetes-list-type: atomic
11091111
type: object
11101112
readinessProbe:
1113+
description: Probe defines attributes for startup/liveness/readiness
1114+
probes
11111115
properties:
11121116
enabled:
11131117
type: boolean
@@ -1335,6 +1339,8 @@ spec:
13351339
enabled:
13361340
type: boolean
13371341
hpa:
1342+
description: HorizontalPodAutoscalerSpec defines the
1343+
parameters required to setup HPA
13381344
properties:
13391345
behavior:
13401346
description: |-
@@ -1947,6 +1953,8 @@ spec:
19471953
type: object
19481954
type: object
19491955
startupProbe:
1956+
description: Probe defines attributes for startup/liveness/readiness
1957+
probes
19501958
properties:
19511959
enabled:
19521960
type: boolean

config/crd/bases/apps.nvidia.com_nimservices.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -502,6 +502,8 @@ spec:
502502
type: string
503503
type: object
504504
livenessProbe:
505+
description: Probe defines attributes for startup/liveness/readiness
506+
probes
505507
properties:
506508
enabled:
507509
type: boolean
@@ -1050,6 +1052,8 @@ spec:
10501052
x-kubernetes-list-type: atomic
10511053
type: object
10521054
readinessProbe:
1055+
description: Probe defines attributes for startup/liveness/readiness
1056+
probes
10531057
properties:
10541058
enabled:
10551059
type: boolean
@@ -1273,6 +1277,8 @@ spec:
12731277
enabled:
12741278
type: boolean
12751279
hpa:
1280+
description: HorizontalPodAutoscalerSpec defines the parameters
1281+
required to setup HPA
12761282
properties:
12771283
behavior:
12781284
description: |-
@@ -1867,6 +1873,8 @@ spec:
18671873
type: object
18681874
type: object
18691875
startupProbe:
1876+
description: Probe defines attributes for startup/liveness/readiness
1877+
probes
18701878
properties:
18711879
enabled:
18721880
type: boolean

deployments/helm/k8s-nim-operator/crds/apps.nvidia.com_nimcaches.yaml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,13 +49,31 @@ spec:
4949
spec:
5050
description: NIMCacheSpec defines the desired state of NIMCache
5151
properties:
52+
certConfig:
53+
description: |-
54+
CertConfig is the name of the ConfigMap containing the custom certificates.
55+
for secure communication.
56+
properties:
57+
mountPath:
58+
description: MountPath is the path where the certificates should
59+
be mounted in the container.
60+
type: string
61+
name:
62+
description: Name of the ConfigMap containing the certificate
63+
data.
64+
type: string
65+
required:
66+
- mountPath
67+
- name
68+
type: object
5269
gpuSelectors:
5370
additionalProperties:
5471
type: string
5572
description: NodeSelectors are the node selector labels to schedule
5673
the caching job.
5774
type: object
5875
groupID:
76+
description: GroupID is the group ID for the caching job
5977
format: int64
6078
type: integer
6179
resources:
@@ -259,6 +277,7 @@ spec:
259277
type: object
260278
type: array
261279
userID:
280+
description: UserID is the user ID for the caching job
262281
format: int64
263282
type: integer
264283
required:

deployments/helm/k8s-nim-operator/crds/apps.nvidia.com_nimpipelines.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -552,6 +552,8 @@ spec:
552552
type: string
553553
type: object
554554
livenessProbe:
555+
description: Probe defines attributes for startup/liveness/readiness
556+
probes
555557
properties:
556558
enabled:
557559
type: boolean
@@ -1108,6 +1110,8 @@ spec:
11081110
x-kubernetes-list-type: atomic
11091111
type: object
11101112
readinessProbe:
1113+
description: Probe defines attributes for startup/liveness/readiness
1114+
probes
11111115
properties:
11121116
enabled:
11131117
type: boolean
@@ -1335,6 +1339,8 @@ spec:
13351339
enabled:
13361340
type: boolean
13371341
hpa:
1342+
description: HorizontalPodAutoscalerSpec defines the
1343+
parameters required to setup HPA
13381344
properties:
13391345
behavior:
13401346
description: |-
@@ -1947,6 +1953,8 @@ spec:
19471953
type: object
19481954
type: object
19491955
startupProbe:
1956+
description: Probe defines attributes for startup/liveness/readiness
1957+
probes
19501958
properties:
19511959
enabled:
19521960
type: boolean

0 commit comments

Comments
 (0)