NVIDIA Infra Controller (NICo) delivers zero-touch lifecycle automation for bare-metal systems that secures datacenter infrastructure at its foundation.
It is an API-based microservice that provides site-local, zero-trust, bare-metal lifecycle management with DPU-enforced isolation. NICo automates the complexity of the bare-metal lifecycle to fast-track building next generation AI Cloud offerings.
- Go to the NVIDIA Infra Controller overview to get an overview of NICo architecture and capabilities.
- Or jump to the Quick Start Guide to start setting up your site for NICo.
- Check out Local Development with DevSpace to run NICo locally with mock systems.
helm-prereqs/setup.sh deploys the full NVIDIA Infra Controller stack onto a bare-metal Kubernetes cluster in three layers:
| Layer | What it installs | Helm release |
|---|---|---|
| Common services | MetalLB, cert-manager, Vault, external-secrets, PostgreSQL | via helmfile in helm-prereqs/ |
| NICo Core | NVIDIA Infra Controller (this repo's helm/ chart) |
nico in nico-system |
| NICo REST | NVIDIA Infra Controller's REST API, Temporal, Keycloak, site-agent | nico-rest + nico-rest-site-agent in nico-rest |
- A running Kubernetes cluster with
KUBECONFIGset helm,helmfile,kubectl,jqinstalled- Images pushed to your container registry
# 1. Build all container images from this clone, then push them to your registry.
# See docs/manuals/building_nico_containers.md for the build-host prerequisites.
export IMAGE_REGISTRY=my-registry.example.com/infra-controller
make images IMAGE_REGISTRY="${IMAGE_REGISTRY}" # NICo Core (nico) + REST service images
# Then: docker push "${IMAGE_REGISTRY}/nico:latest"
# docker push "${IMAGE_REGISTRY}/nico-rest-api:latest" # ...and the other nico-rest-* images
# 2. Set environment variables
export KUBECONFIG=/path/to/kubeconfig
export NICO_IMAGE_REGISTRY="${IMAGE_REGISTRY}"
export NICO_CORE_IMAGE_TAG=NICO_CORE_TAG # e.g. 2.0.0-pr-58-g38a54a3f
export NICO_REST_IMAGE_TAG=NICO_REST_TAG # e.g. 2.0.0-pr-58-g38a54a3f
# export REGISTRY_PULL_SECRET=RAW_API_KEY # optional; raw key for authenticated registries
# 3. Customize site-specific values
# Edit helm-prereqs/values/nico-core.yaml:
# nico-api.hostname — your site's external API hostname
# nico-api.siteConfig — network pools, VLAN ranges, IB config, MetalLB VIPs
# Edit helm-prereqs/values/metallb-config.yaml:
# IPAddressPool, BGPPeer — your site's VIP ranges and TOR switch config
# Edit helm-prereqs/values.yaml:
# siteName — short site identifier
# 4. Run setup — installs common services, NICo Core, and NICo REST in order
cd helm-prereqs
./setup.sh # interactive — prompts before deploying Core and REST
./setup.sh -y # non-interactive — deploys everything (CI/CD)To tear everything down:
cd helm-prereqs
./clean.shSee helm-prereqs/README.md for the full reference: PKI architecture, PostgreSQL setup, phase-by-phase description, secrets reference, and troubleshooting.
This software is considered experimental and is a preview release. Use at your own risk in production environments. The software is provided "as is" without warranties of any kind. Features, APIs, and configurations may change without notice in future releases. For production deployments, thoroughly test in non-critical environments first.