diff --git a/docs/admin/config/advanced-cluster-config.md b/docs/admin/config/advanced-cluster-config.md index 9cd58b5e59..2e63d62c29 100644 --- a/docs/admin/config/advanced-cluster-config.md +++ b/docs/admin/config/advanced-cluster-config.md @@ -52,6 +52,21 @@ The following configurations allow you to enable or disable features, control pe | spec.runai-scheduler.args.verbosity (int) | Configures the level of detail in the logs generated by the scheduler service | 4 | | pod-grouper.args.gangScheduleArgoWorkflow (boolean) | Groups all pods of a single ArgoWorkflow workload into a single Pod-Group for gang scheduling. | true | +### S3 and Git sidecar images +For air-gapped environments, when [working with a Local Certificate Authority](./org-cert.md), it is required to replace the default sidecar images in order to use the Git and S3 data source integrations. Use the following configurations: + +``` yaml +spec: + workload-controller: + s3FileSystemImage: + name: goofys + registry: runai.jfrog.io/op-containers-prod + tag: 3.12.24 + gitSyncImage: + name: git-sync + registry: registry.k8s.io + tag: v4.4.0 +``` ### Run:ai Managed Nodes @@ -65,7 +80,7 @@ Label the nodes using the below: The below example shows how to include NVIDIA GPUs only and exclude all other GPU types in a cluster with mixed nodes, based on product type GPU label: -``` bash +``` yaml spec: global: managedNodes: diff --git a/docs/admin/config/org-cert.md b/docs/admin/config/org-cert.md index dea2cac6a5..1a2313e517 100644 --- a/docs/admin/config/org-cert.md +++ b/docs/admin/config/org-cert.md @@ -37,5 +37,20 @@ kubectl -n openshift-monitoring create secret generic runai-ca-cert \ * Install the Run:ai operator, add the following flag to the helm command `--set global.customCA.enabled=true` +### Git and S3 +Run:ai enables AI practitioners to integrate with S3 or Git as data sources. +When using a custom CA, sidecar containers used for S3 or Git integrations do not automatically inherit the CA configured at the cluster level. This requires manually building a custom container for each integration based on the default Run:ai image while incorporating the local CA certificates. +1. [Build tag and publish](https://docs.docker.com/get-started/docker-concepts/building-images/build-tag-and-publish-an-image/) the images for the S3 / Git integrations using the following Dockerfile: +``` +#FROM gcr.io/run-ai-prod/goofys:master # S3 +#FROM registry.k8s.io/git-sync/git-sync:v4.4.0 # Git +USER root +ADD /usr/local/share/ca-certificates/ # example: anchors/ +RUN chmod 644 -R /usr/local/share/ca-certificates/ && update-ca-certificates +WORKDIR / +ENTRYPOINT ["sh"] +CMD ["/usr/bin/run.sh"] +``` +2. Edit the cluster configurations for images used by Run:ai following the [S3 and Git sidecar images](./advanced-cluster-config.md#s3-and-git-sidecar-images) instructions.