VMware Private AI Foundation with NVIDIA requires access to the container images on the NVIDIA NGC catalog. For disconnected environments, as a DevOps engineer, you must manually upload these images to the Harbor Supervisor Service.

Procedure

  1. Install the Harbor Supervisor Service certificate on the client machine.
    1. Log into Harbor as an administrator.
    2. Navigate to Administration > Configuration and click the System Settings tab.
    3. To download the registry root certificate, click Download.
    4. Copy the ca.crt file that you downloaded to the client machine with Docker installed.
    5. On the client machine, the /etc/docker/certs.d/private-registry-FQDN/ folder, create a directory path for the private registry.
    6. Move the ca.crt file to the folder you created.
    7. Restart the docker daemon. 
      sudo systemctl restart docker.service
    8. To verify that the TLS certificate is trusted, log in to Harbor by using Docker. 
      docker login harborfqdn.example.com
  2. Log in to the NVIDIA NGC registry by using Docker with a user name $oauthtoken and the NGC API key. 
    docker login nvcr.io
  3. Pull the desired image from the NVIDIA NGC registry.
    For example, to pull a Triton Inference Server image, run this command. 
    docker pull nvcr.io/nvidia/tritonserver:24.04-py3-igpu
  4. Export the container image to a .tar file. 
    docker save > tritonserver.tar nvcr.io/nvidia/tritonserver:24.04-py3-igpu
  5. Copy the .tar file to the machine that has access to the disconnected Harbor Supervisor Service
  6. Load the container image on the machine with network access to the Harbor Supervisor Service. 
    docker load < tritonserver.tar
  7. Tag the image. 
    docker tag image:tag <harbor_address>/paif-n/tritonserver:24.04-py3-igpu
  8. Push the image to a project in Harbor. 
    docker push <harbor_address>/paif-n/tritonserver:24.04-py3-igpu