This guide shows you how to deploy the NVIDIA DPF Operator prepared for the Zero Trust mode, which is designed for bare-metal infrastructure with NVIDIA BlueField-3 DPUs.

To follow this guide, you need the following:

A Kubernetes cluster with administrative access for DPF Operator deployment

Bare-metal infrastructure with NVIDIA DPUs and BMC access

Network access to the NVIDIA NGC Catalog for downloading DPF Operator charts and container images

For detailed requirements, ensure your system meets these prerequisites:

System Prerequisites : See the DPF System Prerequisites for complete hardware and system requirements.

Helm Dependencies: See the Helm Prerequisites Guide for required Helm charts that must be installed before the DPF Operator.

Deploy the DPF Operator to your Kubernetes cluster

Understand Zero Trust mode architecture and security model

Verify successful installation and readiness for DPU provisioning

Set up foundation for secure bare-metal DPU management

In Zero Trust mode:

The host is considered an untrusted entity towards the data center network

DPUs are managed through their Baseboard Management Controller (BMC) via Redfish protocol

All management traffic occurs over the DPU's out-of-band (OOB) network for secure isolation

The DPU acts as a security barrier between the host and the network infrastructure

The host sees the DPU as a standard NIC with no access to the internal DPU management plane

DPUs are provisioned and can run accelerated network services with hardware-level isolation

First, add the NVIDIA DPF Helm repository to access the DPF Operator charts:

Copy Copied! helm repo add --force-update dpf-repository https://helm.ngc.nvidia.com/nvidia/doca helm repo update





Note Ensure you have completed the Helm Prerequisites Guide before proceeding with the DPF Operator installation.

Deploy the DPF Operator to your Kubernetes cluster using Helm:

Copy Copied! helm upgrade -- install -n dpf-operator-system dpf-operator dpf-repository/dpf-operator --version=v25.10.1

The command above does the following:

Creates the dpf-operator-system namespace if it doesn't exist

Installs the DPF Operator version v25.10.1 from the NVIDIA repository

Configures the operator to manage DPU resources across your cluster

Check that the DPF Operator has been successfully deployed and is running:

Copy Copied! kubectl rollout status deployment --namespace dpf-operator-system dpf-operator-controller-manager

The output should be similar to:

Copy Copied! deployment "dpf-operator-controller-manager" successfully rolled out

You can also verify all components are running:

Copy Copied! kubectl get pods -n dpf-operator-system

This minimal setup provides a foundation for DPF Zero Trust mode. To proceed with DPU provisioning and making the DPUs act as passthrough devices, explore the DPU Passthrough in DPF Zero Trust guide. For further Zero Trust mode use cases, refer to the DPF Zero Trust Use Cases documentation.

If you need to remove the DPF Operator from your cluster:

1. Uninstall the DPF Operator:

Copy Copied! helm uninstall dpf-operator -n dpf-operator-system

2. Remove the namespace:

Copy Copied! kubectl delete ns dpf-operator-system



