Managing NeMo Entity Store

About NeMo Entity Store

NVIDIA NeMo Entity Store manages the registration objects, or pointers, of the model data in your cluster. It serves as the central registry for the organizational entities, like namespaces and projects. The rest of the NeMo microservices rely on this registry to look up model information.

Refer to the NeMo Platform documentation for more details on the entity concept and managing entities. The NeMo Entity Store and NeMo Data Store work together to store entity and dataset information about your models and should be deployed together.

Prerequisites

• All the common NeMo microservice prerequisites.

• A NeMo Data Store deployed on your cluster. The NeMo Entity Store and NeMo Data Store work closely together to hold information about the model entities on your cluster. Include your NeMo Data Store as the spec.datastore.endpoint in your NeMo Entity Store custom resource.

Note

You can use the NeMo Dependencies Ansible Playbook to deploy all the following NeMo Entity Store microservice dependencies.

Storage

• A PostgreSQL database. This is used to store entities and metadata. Refer to the Helm installation guide for more information on installing PostgreSQL.

Kubernetes

• Create a secret for your database user by creating a file called nemo-entitystore-secrets.yaml, with inputs like the following example:

  apiVersion: v1
  stringData:
    password: <nespass>
  kind: Secret
  metadata:
    name: entity-store-pg-existing-secret
    namespace: nemo
  type: Opaque
  

  Apply the manifest:

  $ kubectl apply -n nemo -f nemo-entitystore-secrets.yaml
  

Deploying a NeMo Entity Store

Update the following sample scripts <inputs> with values for your cluster configuration.

1. Create a file, such as nemo-entitystore.yaml, with your NeMo Entity Store custom resource configuration, like the following example.

   ---
   apiVersion: apps.nvidia.com/v1alpha1
   kind: NemoEntitystore
   metadata:
     name: nemoentitystore-sample
     namespace: nemo
   spec:
     image:
       repository: nvcr.io/nvidia/nemo-microservices/entity-store
       tag: "25.06"
       pullPolicy: IfNotPresent
       pullSecrets:
         - ngc-secret
     expose:
       service:
         type: ClusterIP
         port: 8000
     databaseConfig:
       databaseName: <nesdb> 
       host: <entity-store-pg-postgresql>.<nemo>.svc.cluster.local
       port: 5432
       credentials:
         user: <nesuser>
         secretName: <entity-store-pg-existing-secret>
         passwordKey: <password>
     datastore:
       endpoint: http://<nemodatastore-sample>.<nemo>.svc.cluster.local:8000
   

   Refer to the Configuring a NeMo Entity Store section for more details on configuration options.

2. Apply the manifest:

   $ kubectl apply -n nemo -f nemo-entitystore.yaml
   

3. Optional: View information about the NeMo Entity Stores:

   $ kubectl describe nemoentitystore.apps.nvidia.com -n nemo
   

   Partial Output

   ...
    Conditions:
        Last Transition Time:  2025-02-09T12:41:27Z
        Message:               deployment "nemoentitystore-sample" successfully rolled out
   
        Reason:                Ready
        Status:                True
        Type:                  Ready
        Last Transition Time:  2025-02-09T12:40:37Z
        Message:
        Reason:                Ready
        Status:                False
        Type:                  Failed
      State:                   Ready
   

Verify NeMo Entity Store

1. List the NeMo Entity Store services.

   $ kubectl get services -n nemo
   

   Example output

   nemoentitystore-sample     ClusterIP   XX.XXX.XXX.XXX   <none>        8000/TCP               31m
   

2. Start a pod that has access to the curl command. Substitute any pod that has the command and meets your organization’s security requirements:

   $ kubectl run --rm -it -n default curl --image=curlimages/curl:latest -- ash
   

   After the pod starts, you are connected to the ash shell in the pod.

3. Verify NeMo Entity Store.

   curl -X GET "http://nemoentitystore-sample.nemo:8000/v1/base-urls"
   

Configuring a NeMo Entity Store

Using the NIM Operator, an Entity Store is deployed as a custom resource, nemoentitystores.apps.nvidia.com.

The following table shows more information about the commonly modified fields for the NeMo Entity Store custom resource.

Field	Description	Default Value
spec.annotations	Specifies to add the user-supplied annotations to the pod.	None
spec.databaseConfig (required)	Specifies the external PostgreSQL configuration details.	None
spec.databaseConfig.credentials.passwordKey	Specifies the password key used in the database credentials secret.	password
spec.databaseConfig.credentials.secretName (required)	Specifies the secret name for the database credentials.	None
spec.databaseConfig.credentials.user (required)	Specifies the user for the database.	None
spec.databaseConfig.databaseName (required)	Specifies the name for the database.	None
spec.databaseConfig.host (required)	Specifies the host for the database.	None
spec.databaseConfig.port	Specifies the port for the database.	5432
spec.datastore.endpoint (required)	Specifies the NeMo Data Store endpoint.	None
spec.env	Specifies custom environment fields to be used for the NeMo Entity Store deployment. Use environment variables to set the internal DNS URL for a NeMo Data Store endpoint. Configuring a valid Data Store URL is required for the Entity Store to function correctly. - name: BASE_URL_DATASTORE value: http://<DATASTORE-SERVICE-NAME>.<DATASTORE-NAMESPACE>.svc.cluster.local:3000	None
spec.expose (required)	Specifies attributes to expose a service for this NeMo microservice.	None
spec.expose.ingress.enabled	When set to true, the Operator creates a Kubernetes Ingress resource for the NeMo Entity Store. Specify the ingress specification in the spec.expose.ingress.spec field. If you have an ingress controller, values like the following sample configures an ingress for the / endpoint. ingress: enabled: true spec: ingressClassName: nginx host: nemo-entitystore.example.com paths: - path: / pathType: Prefix	false
spec.expose.service.port (required)	Specifies the network port number for the NeMo Entity Store microservice.	8000
spec.expose.service.type	Specifies the Kubernetes service type to create for the NeMo microservice.	ClusterIP
spec.groupID	Specifies the group for the pods. This value is used to set the security context of the pod in the runAsGroup and fsGroup fields.	2000
spec.image (required)	Specifies repository, tag, and pull policy for the container image.	None
spec.labels	Specifies the user-supplied labels to add to the pod.	None
spec.metrics.enabled	When set to true, the Operator configures a Prometheus service monitor for the service. Use the spec.metrics.serviceMonitor field to configure a service monitor. Refer to the Observability page for more details.	false
spec.replicas	Specifies the number of replicas to have on the cluster.	None
spec.resources.requests	Specifies the memory and CPU request.	None
spec.resources.limits	Specifies the memory and CPU limits.	None

Next Steps

• Managing NeMo Data Store

• Managing NeMo Evaluator

• Refer to the NeMo microservices documentation for details on

  • Entity management tutorials

  • The NeMo Entity Store OpenAPI Reference