fix: dynamo deploy helm chart cleanup (#727)

831bc725 · mohammedabdulwahhab · GitHub · eac3cf1f · 831bc725 · 831bc725
Unverified Commit 831bc725 authored Apr 17, 2025 by mohammedabdulwahhab Committed by GitHub Apr 17, 2025
9 changed files
--- a/Earthfile
+++ b/Earthfile
@@ -174,10 +174,10 @@ all-test:
    BUILD ./deploy/dynamo/operator+test
 all-docker:
-    ARG CI_REGISTRY_IMAGE=my-registry
+    ARG DOCKER_SERVER=my-registry
-    ARG CI_COMMIT_SHA=latest
+    ARG IMAGE_TAG=latest
-    BUILD ./deploy/dynamo/operator+docker --CI_REGISTRY_IMAGE=$CI_REGISTRY_IMAGE --CI_COMMIT_SHA=$CI_COMMIT_SHA
+    BUILD ./deploy/dynamo/operator+docker --DOCKER_SERVER=$DOCKER_SERVER --IMAGE_TAG=$IMAGE_TAG
-    BUILD ./deploy/dynamo/api-store+docker --CI_REGISTRY_IMAGE=$CI_REGISTRY_IMAGE --CI_COMMIT_SHA=$CI_COMMIT_SHA
+    BUILD ./deploy/dynamo/api-store+docker --DOCKER_SERVER=$DOCKER_SERVER --IMAGE_TAG=$IMAGE_TAG
 all-lint:
    BUILD ./deploy/dynamo/operator+lint
@@ -189,6 +189,6 @@ all:
 # For testing
 custom:
-    ARG CI_REGISTRY_IMAGE=my-registry
+    ARG DOCKER_SERVER=my-registry
-    ARG CI_COMMIT_SHA=latest
+    ARG IMAGE_TAG=latest
    BUILD +all-test
--- a/deploy/dynamo/api-store/Earthfile
+++ b/deploy/dynamo/api-store/Earthfile
@@ -30,12 +30,12 @@ uv-base:
    RUN uv sync --frozen --no-install-project --no-dev --no-install-workspace --no-editable
 docker:
-    ARG CI_REGISTRY_IMAGE=my-registry
+    ARG DOCKER_SERVER=my-registry
-    ARG CI_COMMIT_SHA=latest
+    ARG IMAGE_TAG=latest
    ARG IMAGE=dynamo-api-store
    FROM +uv-base
    # Copy project files
    COPY ai_dynamo_store ai_dynamo_store
    RUN uv pip install .
    ENTRYPOINT ["ai-dynamo-store"]
-    SAVE IMAGE --push $CI_REGISTRY_IMAGE/$IMAGE:$CI_COMMIT_SHA
+    SAVE IMAGE --push $DOCKER_SERVER/$IMAGE:$IMAGE_TAG
\ No newline at end of file
--- a/deploy/dynamo/helm/README.md
+++ b/deploy/dynamo/helm/README.md
@@ -30,12 +30,12 @@ You can build and push Docker images for the Dynamo cloud components (API server
 First, set the required environment variables:
 ```bash
-export CI_REGISTRY_IMAGE=<CONTAINER_REGISTRY>/<ORGANIZATION>
+export DOCKER_SERVER=<CONTAINER_REGISTRY>
-export CI_COMMIT_SHA=<TAG>
+export IMAGE_TAG=<TAG>
 ```
 As a description of the placeholders:
- `<CONTAINER_REGISTRY>/<ORGANIZATION>`: Your container registry and organization name (e.g., `nvcr.io/myorg`, `docker.io/myorg`, etc.)
+- `<CONTAINER_REGISTRY>`: Your container registry (e.g., `nvcr.io`, `docker.io/<your-username>`, etc.)
 - `<TAG>`: The tag you want to use for the image (e.g., `latest`, `0.0.1`, etc.)
 Note: Make sure you're logged in to your container registry before pushing images. For example:
@@ -45,56 +45,68 @@ docker login <CONTAINER_REGISTRY>
 You can build each component individually or build all components at once:
-#### Option 1: Build All Components at Once
+#### Build and push platform components
 ```bash
-earthly --push +all-docker --CI_REGISTRY_IMAGE=$CI_REGISTRY_IMAGE --CI_COMMIT_SHA=$CI_COMMIT_SHA
+earthly --push +all-docker --DOCKER_SERVER=$DOCKER_SERVER --IMAGE_TAG=$IMAGE_TAG
 ```
-#### Option 2: Build Components Individually
+## Deploy Dynamo Cloud Platform
+### Prerequisites
+Before deploying Dynamo Cloud, ensure your Kubernetes cluster meets the following requirements:
+#### 1. Istio Installation
+Dynamo Cloud requires Istio for service mesh capabilities. Verify Istio is installed and running:
-1. **API Store**
 ```bash
-cd deploy/dynamo/api-store
+# Check if Istio is installed
-earthly --push +docker --CI_REGISTRY_IMAGE=$CI_REGISTRY_IMAGE --CI_COMMIT_SHA=$CI_COMMIT_SHA
+kubectl get pods -n istio-system
+# Expected output should show running Istio pods
+# istiod-* pods should be in Running state
 ```
-2. **Operator**
+#### 2. PVC Support with Default Storage Class
+Dynamo Cloud requires Persistent Volume Claim (PVC) support with a default storage class. Verify your cluster configuration:
 ```bash
-cd deploy/dynamo/operator
+# Check if default storage class exists
-earthly --push +docker --CI_REGISTRY_IMAGE=$CI_REGISTRY_IMAGE --CI_COMMIT_SHA=$CI_COMMIT_SHA
+kubectl get storageclass
-```
-## Deploy Dynamo Cloud Platform
+# Expected output should show at least one storage class marked as (default)
+# Example:
+# NAME                 PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
+# standard (default)   kubernetes.io/gce-pd    Delete          Immediate              true                   1d
+```
-Pre-requisite: make sure your terminal is set in the `deploy/dynamo/helm/` directory.
+### Installation
+1. Set the required environment variables:
 ```bash
-cd deploy/dynamo/helm
+export DOCKER_USERNAME=<your-docker-username>
-export KUBE_NS=hello-world    # change this to whatever you want!
+export DOCKER_PASSWORD=<your-docker-password>
+export DOCKER_SERVER=<your-docker-server>
+export IMAGE_TAG=<TAG>  # Use the same tag you used when building the images
+export NAMESPACE=dynamo-cloud    # change this to whatever you want!
 ```
-1. [One-time Action] Create a new kubernetes namespace and set it as your default. Create image pull secrets if needed.
+2. [One-time Action] Create a new kubernetes namespace and set it as your default. Create image pull secrets if needed.
 ```bash
-kubectl create namespace $KUBE_NS
+cd deploy/dynamo/helm
-kubectl config set-context --current --namespace=$KUBE_NS
+kubectl create namespace $NAMESPACE
+kubectl config set-context --current --namespace=$NAMESPACE
 # [Optional] if needed, create image pull secrets
 kubectl create secret docker-registry docker-imagepullsecret \
-  --docker-server=<your-registry> \
+  --docker-server=$DOCKER_SERVER \
-  --docker-username=<your-username> \
+  --docker-username=$DOCKER_USERNAME \
-  --docker-password=<your-password> \
+  --docker-password=$DOCKER_PASSWORD \
-  --namespace=$KUBE_NS
+  --namespace=$NAMESPACE
 ```
-2. Deploy the helm chart using the deploy script:
+3. Deploy the helm chart using the deploy script:
 ```bash
-export NGC_TOKEN=$NGC_API_TOKEN
-export NAMESPACE=$KUBE_NS
-export CI_COMMIT_SHA=<TAG>  # Use the same tag you used when building the images
-export CI_REGISTRY_IMAGE=<CONTAINER_REGISTRY>/<ORGANIZATION>  # Use the same registry/org you used when building the images
-export RELEASE_NAME=$KUBE_NS
 ./deploy.sh
 ```
\ No newline at end of file
--- a/deploy/dynamo/helm/deploy.sh
+++ b/deploy/dynamo/helm/deploy.sh
@@ -21,21 +21,27 @@ set -euo pipefail
 HELM_CMD=$(which helm)
 # Set default values only if not already set
-export NAMESPACE="${NAMESPACE:=cai-system}"  # Default namespace
+export NAMESPACE="${NAMESPACE:=dynamo-cloud}"  # Default namespace
-export NGC_TOKEN="${NGC_TOKEN:=<your-ngc-token>}"  # Default NGC token
+export RELEASE_NAME="${RELEASE_NAME:=${NAMESPACE}}"  # Default release name is same as namespace
-export CI_REGISTRY_IMAGE="${CI_REGISTRY_IMAGE:=<your-registry>/<your-org>}"  # Default registry/org
+export DOCKER_USERNAME="${DOCKER_USERNAME:=<your-docker-username>}"  # Default docker username
-export CI_COMMIT_SHA="${CI_COMMIT_SHA:=250e2e0f93f7af3d83a4a0ff992e56956f7651f2}"  # Default commit SHA
+export DOCKER_PASSWORD="${DOCKER_PASSWORD:=<your-docker-password>}"  # Default docker password
-export RELEASE_NAME="${RELEASE_NAME:=dynamo-platform}"  # Default release name
+export DOCKER_SERVER="${DOCKER_SERVER:=<your-docker-server>}"  # Default docker server
-export DYNAMO_INGRESS_SUFFIX="${DYNAMO_INGRESS_SUFFIX:=}"
+export IMAGE_TAG="${IMAGE_TAG:=latest}"  # Default image tag
+export DYNAMO_INGRESS_SUFFIX="${DYNAMO_INGRESS_SUFFIX:=dynamo-cloud.com}"
 # Check if required variables are set
-if [ "$NGC_TOKEN" = "<your-ngc-token>" ]; then
+if [ "$DOCKER_USERNAME" = "<your-docker-username>" ]; then
-    echo "Error: Please set your NGC_TOKEN in the script or via environment variable"
+    echo "Error: Please set your DOCKER_USERNAME in the script or via environment variable"
    exit 1
 fi
-if [ "$CI_REGISTRY_IMAGE" = "<your-registry>/<your-org>" ]; then
+if [ "$DOCKER_PASSWORD" = "<your-docker-password>" ]; then
-    echo "Error: Please set your CI_REGISTRY_IMAGE in the script or via environment variable"
+    echo "Error: Please set your DOCKER_PASSWORD in the script or via environment variable"
+    exit 1
+fi
+if [ "$DOCKER_SERVER" = "<your-docker-server>" ]; then
+    echo "Error: Please set your DOCKER_SERVER in the script or via environment variable"
    exit 1
 fi
@@ -76,15 +82,16 @@ cd ..
 # Generate the values file
 echo "Generating values file with:"
 echo "NAMESPACE: $NAMESPACE"
-echo "CI_COMMIT_SHA: $CI_COMMIT_SHA"
-echo "CI_REGISTRY_IMAGE: $CI_REGISTRY_IMAGE"
-echo "NGC_TOKEN: [HIDDEN]"
 echo "RELEASE_NAME: $RELEASE_NAME"
+echo "IMAGE_TAG: $IMAGE_TAG"
+echo "DOCKER_USERNAME: $DOCKER_USERNAME"
+echo "DOCKER_SERVER: $DOCKER_SERVER"
+echo "DOCKER_PASSWORD: [HIDDEN]"
 echo "generated file contents:"
-envsubst '${NAMESPACE} ${NGC_TOKEN} ${CI_COMMIT_SHA} ${RELEASE_NAME} ${DYNAMO_INGRESS_SUFFIX} ${CI_REGISTRY_IMAGE}' < dynamo-platform-values.yaml
+envsubst '${NAMESPACE} ${RELEASE_NAME} ${DOCKER_USERNAME} ${DOCKER_PASSWORD} ${DOCKER_SERVER} ${IMAGE_TAG} ${DYNAMO_INGRESS_SUFFIX}' < dynamo-platform-values.yaml
-envsubst '${NAMESPACE} ${NGC_TOKEN} ${CI_COMMIT_SHA} ${RELEASE_NAME} ${DYNAMO_INGRESS_SUFFIX} ${CI_REGISTRY_IMAGE}' < dynamo-platform-values.yaml > generated-values.yaml
+envsubst '${NAMESPACE} ${RELEASE_NAME} ${DOCKER_USERNAME} ${DOCKER_PASSWORD} ${DOCKER_SERVER} ${IMAGE_TAG} ${DYNAMO_INGRESS_SUFFIX}' < dynamo-platform-values.yaml > generated-values.yaml
 echo ""
 echo "Generated values file saved as generated-values.yaml"

--- a/deploy/dynamo/helm/dynamo-platform-values.yaml
+++ b/deploy/dynamo/helm/dynamo-platform-values.yaml
@@ -12,117 +12,54 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-existingImagePullSecret: nvcrimagepullsecret
 # Global values used across charts
 global:
-  NGC_API_KEY: ${NGC_TOKEN}
+  NGC_API_KEY: ${DOCKER_PASSWORD}
 dynamo-operator:
-  enabled: true
  natsAddr: "nats://${RELEASE_NAME}-nats:4222"
  etcdAddr: "${RELEASE_NAME}-etcd:2379"
  istioVirtualServiceEnabled: false
  ingressControllerClassName: ""
  namespaceRestriction:
-    enabled: true
    targetNamespace: ${NAMESPACE}
  controllerManager:
    manager:
      image:
-        repository: ${CI_REGISTRY_IMAGE}/dynamo-operator
+        repository: ${DOCKER_SERVER}/dynamo-operator
-        tag: ${CI_COMMIT_SHA}
+        tag: ${IMAGE_TAG}
-      args:
-        - --health-probe-bind-address=:8081
-        - --metrics-bind-address=127.0.0.1:8080
  dynamo:
    dynamoIngressSuffix: ${DYNAMO_INGRESS_SUFFIX}
-    yatai:
-      endpoint: http://dynamo-store
-      clusterName: default
-    yataiSystem:
-      namespace: ""
-    internalImages:
-      bentoDownloader: quay.io/bentoml/bento-downloader:0.0.5
-      kaniko: quay.io/bentoml/kaniko:debug
-      buildkit: quay.io/bentoml/buildkit:master
-      buildkitRootless: quay.io/bentoml/buildkit:master-rootless
-      metricsTransformer: quay.io/bentoml/yatai-bento-metrics-transformer:0.0.4
-      debugger: quay.io/bentoml/bento-debugger:0.0.8
-      monitorExporter: quay.io/bentoml/bentoml-monitor-exporter:0.0.3
-      proxy: quay.io/bentoml/bentoml-proxy:0.0.1
-    disableAutomateBentoImageBuilder: false
-    enableRestrictedSecurityContext: false
-    disableYataiComponentRegistration: false
    dockerRegistry:
-      server: 'nvcr.io/nvidian/nim-llm-dev'
+      server: ${DOCKER_SERVER}
-      inClusterServer: ''
+      username: ${DOCKER_USERNAME}
-      username: '$oauthtoken'
+      password: ${DOCKER_PASSWORD}
-      passwordExistingSecretName: 'nvcrimagepullsecret'
-      secure: true
-      bentoRepositoryName: yatai-bentos
-    bentoImageBuildEngine: buildkit
-    addNamespacePrefixToImageName: false
-    estargz:
-      enabled: false
-    kaniko:
-      cacheRepo: ''
-      snapshotMode: ''
 dynamo-api-store:
-  enabled: true
  namespaceRestriction:
    enabled: true
    targetNamespace: ${NAMESPACE}
  istio:
-    host: ${NAMESPACE}.dev.aire.nvidia.com
+    host: ${NAMESPACE}.${DYNAMO_INGRESS_SUFFIX}
-  dynamo:
-    env:
-      resource_scope: "user"
  image:
-    repository: ${CI_REGISTRY_IMAGE}/dynamo-api-store
+    repository: ${DOCKER_SERVER}/dynamo-api-store
-    tag: ${CI_COMMIT_SHA}
+    tag: ${IMAGE_TAG}
    pullPolicy: IfNotPresent
  imagePullSecrets:
-    - name: nvcrimagepullsecret
-    - name: docker-imagepullsecret
-    - name: gitlab-imagepull
  ingress:
-    enabled: true
-    className: nginx
    hosts:
-      - host: ${NAMESPACE}.dev.aire.nvidia.com
+      - host: ${NAMESPACE}.${DYNAMO_INGRESS_SUFFIX}
        paths:
          - path: /
            pathType: Prefix
-  postgresql:
-    primary:
-      persistence:
-        enabled: false
-  minio:
-    persistence:
-      enabled: true
-      size: 5Gi
-      storageClass: "local-path"
-    apiIngress:
-      enabled: false
-      ingressClassName: nginx
-      hostname: minio.example.com
-      pathType: Prefix
 etcd:
  enabled: true
  persistence:
    enabled: true
-    storageClass: "local-path"
+    storageClass: ""
    size: 1Gi
  preUpgrade:
    enabled: false
@@ -135,4 +72,4 @@ nats:
      fileStore:
        pvc:
          size: 1Gi
-          storageClassName: "local-path"
+          storageClassName: ""
\ No newline at end of file
--- a/deploy/dynamo/helm/platform/components/operator/templates/buildkit.yaml
+++ b/deploy/dynamo/helm/platform/components/operator/templates/buildkit.yaml
@@ -101,7 +101,6 @@ spec:
      spec:
        accessModes:
          - ReadWriteOnce
-        storageClassName: local-path
        resources:
          requests:
            storage: 1000Gi

--- a/deploy/dynamo/helm/platform/values.yaml
+++ b/deploy/dynamo/helm/platform/values.yaml
@@ -13,32 +13,100 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Used to generate top-level secrets (overridden by custom-values.yaml)
-existingSecret: ""
-existingImagePullSecret: ""
-ngcAPIKey: YOUR-NGC-API-KEY
 imagePullSecrets:
-  - name: nvcrimagepullsecret
-    registry: nvcr.io
-    username: $oauthtoken
-    password: YOUR-NGC-API-KEY
 # Subcharts
 dynamo-operator:
-  enabled: false
+  enabled: true
  imagePullSecrets:
    - name: gitlab-imagepull
    - name: nvcrimagepullsecret
    - name: docker-imagepullsecret
+  natsAddr: ""
+  etcdAddr: ""
+  namespaceRestriction:
+    enabled: true
+    targetNamespace: ""
  controllerManager:
    manager:
      image:
-        repository: gitlab-master.nvidia.com:5005/aire/microservices/nmp/dynamo-operator
+        repository: ""
        tag: "latest"
-dynamo-api-server:
+      args:
-  enabled: false
+        - --health-probe-bind-address=:8081
+        - --metrics-bind-address=127.0.0.1:8080
+  dynamo:
+    yatai:
+      endpoint: http://dynamo-store
+      clusterName: default
+    yataiSystem:
+      namespace: ""
+    internalImages:
+      bentoDownloader: quay.io/bentoml/bento-downloader:0.0.5
+      kaniko: quay.io/bentoml/kaniko:debug
+      buildkit: quay.io/bentoml/buildkit:master
+      buildkitRootless: quay.io/bentoml/buildkit:master-rootless
+      metricsTransformer: quay.io/bentoml/yatai-bento-metrics-transformer:0.0.4
+      debugger: quay.io/bentoml/bento-debugger:0.0.8
+      monitorExporter: quay.io/bentoml/bentoml-monitor-exporter:0.0.3
+      proxy: quay.io/bentoml/bentoml-proxy:0.0.1
+    disableAutomateBentoImageBuilder: false
+    enableRestrictedSecurityContext: false
+    disableYataiComponentRegistration: false
+    dockerRegistry:
+      server: ""
+      inClusterServer: ""
+      username: ""
+      password: ""
+      secure: true
+      bentoRepositoryName: yatai-bentos
+    bentoImageBuildEngine: buildkit
+    addNamespacePrefixToImageName: false
+    estargz:
+      enabled: false
+    kaniko:
+      cacheRepo: ""
+      snapshotMode: ""
+dynamo-api-store:
+  enabled: true
+  namespaceRestriction:
+    enabled: true
+    targetNamespace: ""
+  istio:
+    host: ""
+  dynamo:
+    env:
+      resource_scope: "user"
+  image:
+    repository: ""
+    tag: "latest"
+    pullPolicy: IfNotPresent
  imagePullSecrets:
-    - name: gitlab-imagepull
+  ingress:
-    - name: nvcrimagepullsecret
+    enabled: true
-    - name: docker-imagepullsecret
+    className: nginx
+    hosts:
+      - host: ""
+        paths:
+          - path: /
+            pathType: Prefix
+  postgresql:
+    primary:
+      persistence:
+        enabled: false
+  minio:
+    persistence:
+      enabled: true
+      size: 5Gi
+      storageClass: ""
+    apiIngress:
+      enabled: false
+      ingressClassName: nginx
+      hostname: minio.example.com
+      pathType: Prefix
 etcd:
  enabled: false
  replicaCount: 1

--- a/deploy/dynamo/operator/Earthfile
+++ b/deploy/dynamo/operator/Earthfile
@@ -37,12 +37,12 @@ test:
    SAVE ARTIFACT cover.out
 docker:
-    ARG CI_REGISTRY_IMAGE=my-registry
+    ARG DOCKER_SERVER=my-registry
-    ARG CI_COMMIT_SHA=latest
+    ARG IMAGE_TAG=latest
    ARG IMAGE_SUFFIX=dynamo-operator
    FROM gcr.io/distroless/static-debian11
    WORKDIR /
    COPY +build/manager .
    USER 65532:65532
    CMD ["./manager"]
-    SAVE IMAGE --push $CI_REGISTRY_IMAGE/$IMAGE_SUFFIX:$CI_COMMIT_SHA
+    SAVE IMAGE --push $DOCKER_SERVER/$IMAGE_SUFFIX:$IMAGE_TAG
--- a/docs/guides/dynamo_deploy/dynamo_cloud.md
+++ b/docs/guides/dynamo_deploy/dynamo_cloud.md
@@ -51,17 +51,15 @@ The Dynamo cloud platform components need to be built and pushed to a container
 First, set the required environment variables for building and pushing images:
 ```bash
-# Set your container registry and organization
+# Set your container registry
-export CI_REGISTRY_IMAGE=<CONTAINER_REGISTRY>/<ORGANIZATION>
+export DOCKER_SERVER=<CONTAINER_REGISTRY>
 # Set the image tag (e.g., latest, 0.0.1, etc.)
-export CI_COMMIT_SHA=<TAG>
+export IMAGE_TAG=<TAG>
 ```
 Where:
- `<CONTAINER_REGISTRY>/<ORGANIZATION>`: Your container registry and organization name
+- `<CONTAINER_REGISTRY>`: Your container registry (e.g., `nvcr.io`, `docker.io/<your-username>`, etc.)
-  - Examples: `nvcr.io/myorg`, `docker.io/myorg`
+- `<TAG>`: The version tag for your images (e.g., `latest`, `0.0.1`, `v1.0.0`)
- `<TAG>`: The version tag for your images
-  - Examples: `latest`, `0.0.1`, `v1.0.0`
 > [!IMPORTANT]
 > Make sure you're logged in to your container registry before pushing images:
@@ -71,30 +69,10 @@ Where:
 ### Building Components
-You have two options for building the components:
+You can build and push all platform components at once:
-#### Option 1: Build All Components at Once
-This is the simplest approach and builds and pushes all components in a single command:
-```bash
-earthly --push +all-docker --CI_REGISTRY_IMAGE=$CI_REGISTRY_IMAGE --CI_COMMIT_SHA=$CI_COMMIT_SHA
-```
-#### Option 2: Build Components Individually
-If you need to build components separately:
-1. **API Store**
-```bash
-cd deploy/dynamo/api-store
-earthly --push +docker --CI_REGISTRY_IMAGE=$CI_REGISTRY_IMAGE --CI_COMMIT_SHA=$CI_COMMIT_SHA
-```
-2. **Operator**
 ```bash
-cd deploy/dynamo/operator
+earthly --push +all-docker --DOCKER_SERVER=$DOCKER_SERVER --IMAGE_TAG=$IMAGE_TAG
-earthly --push +docker --CI_REGISTRY_IMAGE=$CI_REGISTRY_IMAGE --CI_COMMIT_SHA=$CI_COMMIT_SHA
 ```
 ## Deploying the Dynamo Cloud Platform
@@ -103,52 +81,65 @@ Once you've built and pushed the components, you can deploy the platform to your
 ### Prerequisites
-Make sure you're in the correct directory:
+Before deploying Dynamo Cloud, ensure your Kubernetes cluster meets the following requirements:
-```bash
-cd deploy/dynamo/helm
+#### 1. Istio Installation
-```
+Dynamo Cloud requires Istio for service mesh capabilities. Verify Istio is installed and running:
-Set your namespace (this will be used for all deployments):
 ```bash
-export KUBE_NS=hello-world    # Change this to your preferred namespace
+# Check if Istio is installed
-```
+kubectl get pods -n istio-system
-### Deployment Steps
+# Expected output should show running Istio pods
+# istiod-* pods should be in Running state
+```
-1. **Create Namespace and Set Context**
+#### 2. PVC Support with Default Storage Class
+Dynamo Cloud requires Persistent Volume Claim (PVC) support with a default storage class. Verify your cluster configuration:
 ```bash
-# Create a new namespace
+# Check if default storage class exists
-kubectl create namespace $KUBE_NS
+kubectl get storageclass
-# Set the namespace as your default context
+# Expected output should show at least one storage class marked as (default)
-kubectl config set-context --current --namespace=$KUBE_NS
+# Example:
+# NAME                 PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
+# standard (default)   kubernetes.io/gce-pd    Delete          Immediate              true                   1d
+```
-# [Optional] Create image pull secrets if your registry requires authentication
+### Installation
-kubectl create secret docker-registry docker-imagepullsecret \
-  --docker-server=<your-registry> \
+1. Set the required environment variables:
-  --docker-username=<your-username> \
+```bash
-  --docker-password=<your-password> \
+export DOCKER_USERNAME=<your-docker-username>
-  --namespace=$KUBE_NS
+export DOCKER_PASSWORD=<your-docker-password>
+export DOCKER_SERVER=<your-docker-server>
+export IMAGE_TAG=<TAG>  # Use the same tag you used when building the images
+export NAMESPACE=dynamo-cloud    # change this to whatever you want!
 ```
-2. **Deploy Using the Helm Chart**
+2. [One-time Action] Create a new kubernetes namespace and set it as your default. Create image pull secrets if needed.
-Set the required environment variables:
 ```bash
-export NGC_TOKEN=$NGC_API_TOKEN
+cd deploy/dynamo/helm
-export NAMESPACE=$KUBE_NS
+kubectl create namespace $NAMESPACE
-export CI_COMMIT_SHA=<TAG>  # Use the same tag you used when building the images
+kubectl config set-context --current --namespace=$NAMESPACE
-export CI_REGISTRY_IMAGE=<CONTAINER_REGISTRY>/<ORGANIZATION>  # Use the same registry/org you used when building the images
-export RELEASE_NAME=$KUBE_NS
+# [Optional] if needed, create image pull secrets
+kubectl create secret docker-registry docker-imagepullsecret \
+  --docker-server=$DOCKER_SERVER \
+  --docker-username=$DOCKER_USERNAME \
+  --docker-password=$DOCKER_PASSWORD \
+  --namespace=$NAMESPACE
 ```
-Deploy the platform:
+3. Deploy the helm chart using the deploy script:
 ```bash
 ./deploy.sh
 ```
-3. **Expose Dynamo Cloud Externally**
+4. **Expose Dynamo Cloud Externally**
 You must also expose the `dynamo-store` service within the namespace externally. This will be the endpoint the CLI uses to interface with Dynamo Cloud. You might setup an Ingress, use an `ExternalService` with Istio, or simply port-forward. In our docs, we refer to this externally available endpoint as `DYNAMO_CLOUD`.