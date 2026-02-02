Deploying containers on top of the BlueField DPU requires the following setup sequence:

Pull the container .yaml configuration files. Modify the container's .yaml configuration file. Deploy the container. The image is automatically pulled from NGC.

Some of the steps must only be performed once, while others are required before the deployment of each container.

What follows is an example of the overall setup sequence using the DOCA Firefly container as an example.

Note This step pulls the .yaml configurations from NGC. If you have already performed this step for other DOCA containers you may skip to the next section.

To pull the latest resource version, download the NVIDIA NGC CLI.

Some containers require specific configuration steps for the resources used by the application running inside the container and modifications for the .yaml configuration file of the container itself.

Refer to the container-specific instructions listed under the container's relevant page on NGC.

The DOCA NGC resource downloaded in section "Pull Container YAML Configurations" contains a configs directory under which a dedicated folder per DOCA version is located. For example, 2.0.2 will include all currently available .yaml configuration files for DOCA 2.0.2 containers.

Copy Copied! doca_container_configs_2. 0 .2v1 ├── configs │ ├── 1.2 . 0 │ │ ... │ └── 2.0 . 2 │ ├── doca_application_recognition.yaml │ ├── doca_blueman.yaml │ ├── doca_devel.yaml │ ├── doca_devel_cuda.yaml │ ├── doca_firefly.yaml │ ├── doca_flow_inspector.yaml │ ├── doca_hbn.yaml │ ├── doca_ips.yaml │ ├── doca_snap.yaml │ ├── doca_telemetry.yaml │ └── doca_url_filter.yaml

In addition, the resource also contains a scripts directory under which services may choose to provide additional helper-scripts and configuration files to use with their services.

The folder structure of the scripts directory is as follows:

Copy Copied! + doca_container_configs_2. 0 .2v1 +-+ configs | +-- ... +-+ scripts +-+ doca_firefly <== Name of DOCA Service +-+ doca_hbn <== Name of DOCA Service | +-+ 1.3 . 0 | | +-- ... <== Files for the DOCA HBN version "1.3.0" | +-+ 1.4 . 0 | | +-- ... <== Files for the DOCA HBN version "1.4.0"

A user wishing to deploy an older version of the DOCA service would still have access to the suitable YAML file (per DOCA release under configs ) and scripts (under the service-specific version folder which resides under scripts ).

Once the desired .yaml file is updated, simply copy the configuration file to Kubelet's input folder. Here is an example using the doca_firefly.yaml , corresponding to the DOCA Firefly service.

Copy Copied! cp doca_firefly.yaml /etc/kubelet.d

Kubelet automatically pulls the container image from NGC and spawns a pod executing the container. In this example, the DOCA Firelfy service starts executing right away and its printouts would be seen via the container's logs.

When deploying a new container, it is recommended to follow this procedure to ensure successful completion of each step in the deployment:

View currently active pods and their IDs: Copy Copied! sudo crictl pods Info It may take up to 20 seconds for the pod to start. When deploying a new container, search for a matching line in the command's output: Copy Copied! POD ID CREATED STATE NAME NAMESPACE ATTEMPT RUNTIME 06bd84c07537e 4 seconds ago Ready doca-firefly-my-dpu default 0 ( default ) If a matching line fails to appear, it is recommended to view Kubelet's logs to get more information about the error: Copy Copied! sudo journalctl -u kubelet --since -5m Once the issue is resolved, proceed to the next steps. Info For more troubleshooting information and tips, refer to the matching section in our Troubleshooting Guide. Verify that the container image is successfully downloaded from NGC into the DPU's container registry (download time may vary based on the size of the container image): Copy Copied! sudo crictl images Example output: Copy Copied! IMAGE TAG IMAGE ID SIZE k8s.gcr.io/pause 3.9 829e9de338bd5 268kB nvcr.io/nvidia/doca/doca_firefly 1.1 . 0 -doca2. 0.2 134cb22f34611 87 .4MB View currently active containers and their IDs: Copy Copied! sudo crictl ps Once again, find a matching line for the deployed container (boot time may vary depending on the container's image size): Copy Copied! CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID POD b505a05b7dc23 134cb22f34611 4 minutes ago Running doca-firefly 0 06bd84c07537e doca-firefly-my-dpu In case of failure, to see a line matching the container, check the list of all recent container deployments: Copy Copied! sudo crictl ps -a It is possible that the container encountered an error during boot and exited right away: Copy Copied! CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID POD de2361ec15b61 134cb22f34611 1 second ago Exited doca-firefly 1 4aea5f5adc91d doca-firefly-my-dpu During the container's lifetime, and for a short timespan after it exits, once can view the containers logs as were printed to the standard output: Copy Copied! sudo crictl logs <container-id> In this case, the user can learn from the log that the wrong configuration was passed to the container: Copy Copied! $ sudo crictl logs de2361ec15b61 Starting DOCA Firefly - Version 1.1 . 0 ... Requested the following PTP interface : p10 Failed to find interface "p10" . Aborting

The recommended way to stop a pod and its containers is as follows: