Available flags:
-h, –help
-v, –version
Available Commands:
Completion - Generates the autocompletion script for ./cnpctl_Linux_x86_64 for the specified shell. See each sub-command’s help for details on how to use the generated script.
Usage:
./cnpctl_Linux_x86_64 completion [command]
Available Commands:
bash - Generate the autocompletion script for bash
fish - Generate the autocompletion script for fish
powershell -Generate the autocompletion script for powershell
zsh - Generate the autocompletion script for zsh
Flags:
-h, –help - Help for completion
Create/Install - Creates the NVIDIA cloud-native platform.
-d, –directory - String, if non-empty, write working files to this directory. (default “.”)
-f, –filename - String, the path to a file that contains the configuration to apply.
-h, –help - Help for create
-kubeconfig - String, the path to the kubeconfig file to use for CLI requests. By default, the installer will look for a KUBECONFIG environment variable to determine the location of kubeconfig, followed by the default $HOME/.kube/config location, unless the kubeconfig location is specified manually via this flag.
-v, –verbose - Enables more detailed logging for debugging purposes.
Delete - Deletes the NVIDIA cloud-native platform.
Usage:
./cnpctl_Linux_x86_64 delete [flags]
Aliases:
delete, destroy
Flags:
-d, –directory - String, if non-empty, write working files to this directory. (default “.”)
-h, –help - Help for delete
-kubeconfig –kubeconfig - String, the path to the kubeconfig file to use for CLI requests. By default, the installer will look for a KUBECONFIG environment variable to determine the location of kubeconfig, followed by the default $HOME/.kube/config location, unless the kubeconfig location is specified manually via this flag.
-v, –verbose - Increase the verbosity.
The CNPack installer can be configured at install time with a configuration file. This file allows all components of the platform to be enabled/disabled and configured to meet different use cases.
There is currently no dependency checking on the configuration file. If a component is disabled that is required for a different component, the installation will fail.
The configuration file below is a YAML formatted file that has a structure similar to that of a Kubernetes resource. Below is all of the configuration options with documentation on how to use them.
apiVersion: v1alpha1
kind: nvidiaplatform
spec:
# The platform block contains general configuration that is important to all components
platform:
# Required value specifying the Wildcard Domain to configure for ingress.
wildcardDomain: *.my-cluster.my-domain.com
# Required value to specify the port to configure for ingress.
externalPort: 443
# Optional infrastructure provider configuration for AWS EKS
eks:
# The region in-which the cluster is installed.
region: us-west-1
# The ingress block configures the ingress controller
ingress:
# Whether this component should be enabled Default is True.
enabled: True
# The postgres block configures the postgres operator
postgres:
# Whether this component should be enabled Default is True.
enabled: True
# The certManager block configures the certificate management system
certManager:
# Whether this component should be enabled Default is True.
enabled: True
# Optional configuration for the AWS Private CA service integration.
#
# Dependencies:
# - EKS Infrastructure provider configuration (spec.platform.eks)
awsPCA:
# Whether this component should be enabled Default is True.
enabled: True
# The ARN required to communicate with the AWS Private CA service.
arn: ...
# The common name of the configured Private CA.
commonName: my-cert.my-domain.com
# The domain name of the configured Private CA.
domainName: my-domain.com
# The trustManager block configures the trust bundle management system
#
# Dependencies:
# - cert-manager
trustManager:
# Whether this component should be enabled Default is True.
enabled: True
# The keycloack block configures Keycloak as an OIDC provider
#
# Dependencies:
# - cert-manager
# - postgres
# - ingress
keycloak:
# Whether this component should be enabled Default is True.
enabled: True
# The persitent value claim spec options to be used to request database storage. All Kubernets PVC Spec values are supported, but only the most typical are shown here.
databaseStorage:
# The access modes supported by your storage provider.
accessModes:
- ReadWriteOnce
# The volume mode supported by your storage provider.
volumeMode: Filesystem
# The amount of storage requested.
resources:
requests:
storage: 10G
# The name of your storage class.
storageClassName: local-path
# Optional value to override the hostname used to expose keycloak.
customHostname: my-host.my-cluster.my-domain.com
# Optional value to set the initial admin password to a specified value. By default, a random pasword will be generated.
initialAdminPassword: My-Secret-Password-1
# The prometheus block configures the Prometheus metrics service
#
# Dependencies:
# - cert-manager
prometheus:
# Whether this component should be enabled Default is True.
enabled: True
# The persitent value claim spec options to be used to request Prometheus storage. All Kubernets PVC Spec values are supported, but only the most typical are shown here.
databaseStorage:
# The access modes supported by your storage provider.
accessModes:
- ReadWriteOnce
# The volume mode supported by your storage provider.
volumeMode: Filesystem
# The amount of storage requested.
resources:
requests:
storage: 10G
# The name of your storage class.
storageClassName: local-path
# Optional configuration for connecting Prometheus to an AWS Managed Prometheus instance.
awsRemoteWrite:
# The URL of the AWS managed prometheus service.
url: https://...
# The ARN required to communicate with the AWS Managed Prometheus Service.
arn: ...
# The grafana block configures the Grafana dashboard service
#
# Dependencies:
# - prometheus
# - cert-manager
# - ingress
grafana:
# Whether this component should be enabled Default is True.
enabled: True
# Optional value to override the hostname used to expose grafana.
customHostname: my-host.my-cluster.my-domain.com
# The elastic block configures the Elastic Cloud on Kubernetes operator
elastic:
# Whether this component should be enabled Default is True.
enabled: True
# The fluentbit block configures the fluentbit log aggregation service
#
# Dependencies:
# - Infrastructure provider configuration (spec.platform.eks)
fluentbit:
# Whether this component should be enabled Default is True.
enabled: True
As a part of the deployment of the HAProxy ingress controller, a secret has been created in the nvidia-platform namespace, called nvidia-ingress-kubernetes-ingress-default-cert, that contains the TLS cert and TLS key used for the wildcard domain name. This certificate can be replaced by a signed certificate of the user’s choosing that is signed for the wildcard domain name of .my-cluster.my-domain.com.