spectrocloud · vishwanaths · Feb 10, 2026 · Feb 9, 2026
diff --git a/packs/nvidia-dpf-deployment-25.10.1/README.md b/packs/nvidia-dpf-deployment-25.10.1/README.md
@@ -0,0 +1,37 @@
+# NVIDIA DPF Deployment
+
+This pack installs the Nvidia DPF custom resources for DPF in eith Host-Trusted or Zero Trust mode.
+
+## Prerequisites
+
+This pack should be used in conjunction with the Nvidia DPF Operator v25.10.1 pack. If you're deploying DPF clusters in Host-Trusted mode, you also need to combine this with the Nvidia OVN Kubernetes v25.10.1 CNI.
+
+## Parameters
+
+### dpf-operator-config
+| **Parameter** | **Type** | **Default Value** | **Description** |
+|---|---|---|---|
+| bfb.url | string | `"https://content.mellanox.com/BlueField/BFBs/Ubuntu24.04/bf-bundle-3.2.1-34_25.11_ubuntu-24.04_64k_prod.bfb"` |  |
+| dpuServiceConfigurations | list | Configs for `blueman`, `dts`, `ovn` and `hbn` | Service configurations for DPU apps |
+| dpuDeployments | list | Config for `ovn-hbn` | Deployment configurations of DPU apps |
+| dpuServiceTemplates | list | Helm templates for `blueman`, `dts`, `ovn` and `hbn` | Service templates for DPU apps |
+| dpuServiceInterfaces | list | Configs for ports `p0`, `p1` and `ovn` | Service interfaces for DPU apps |
+| dpuServiceCredentialRequests | list | Config `ovn-hbn` | Service credential requests for DPU apps |
+| dpuServiceIPAMs | list | IPAM configs for `asn`, `loopback` and `pool1` | Service IPAMs for DPU apps |
+
+
+## Upgrade
+
+To upgrade from a previous version, change the pack version and transfer your custom settings.
+
+## Usage
+
+The deploy this pack for Host-Trusted mode clusters, first select the Host-Trusted preset and configure the parameters mentioned above. Make sure to replace `$DPU_P0` with the proper interface name in the `dpuDeployments:` section. Then deploy just the Control Plane of your cluster and make sure the `ovn-kubernetes-resource-injector.enabled` setting in the Nvidia OVN Kubernetes CNI pack is set to `false`. Then deploy the DPF Framework to the cluster (Spectro Cloud provides a reference profile for this that aligns to the [HBN-OVN guidance from Nvidia](https://github.com/NVIDIA/doca-platform/blob/v25.10.1/docs/public/user-guides/host-trusted/use-cases/hbn-ovnk/README.md)).
+
+Once the DPF Framework is deployed, change the `ovn-kubernetes-resource-injector.enabled` setting to `true` and add worker nodes containing Bluefield-3 DPUs in Host-Trusted mode. It will take between 20 and 40 minutes for the DPF Framework to flash the DPUs, reboot the nodes and configure them appropriately. After that, the nodes should become Healthy in Spectro Cloud Palette and ready for workloads.
+
+The deploy this pack in Zero-Trusted mode, select the Zero Trust - Passthrough preset.
+
+## References
+
+- [Nvidia DOCA Platform Guidance 25.10.1](https://github.com/NVIDIA/doca-platform/blob/v25.10.1/docs/public/user-guides/host-trusted/use-cases/hbn-ovnk/README.md)
diff --git a/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment-25.10.1.tgz b/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment-25.10.1.tgz
diff --git a/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/.helmignore b/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/Chart.yaml b/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: 25.10.1
+description: DPF Deployment creates the custom resources for a DPF Trusted Mode deployment
+name: dpf-deployment
+type: application
+version: 25.10.1
diff --git a/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/_helpers.tpl b/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/_helpers.tpl
@@ -0,0 +1,18 @@
+{{/*
+Enable automatic lookup of k8sEndpoint from the cluster-info ConfigMap
+When `auto`, it defaults to lookup for a `cluster-info` configmap on the `kube-public` namespace (kubeadm-based)
+To override the namespace and configMap when using `auto`:
+`.Values.k8sServiceLookupNamespace` and `.Values.k8sServiceLookupConfigMapName`
+*/}}
+{{- define "k8sEndpoint" }}
+  {{- $configmapName := "cluster-info" }}
+  {{- $configmapNamespace := "kube-public" }}
+  {{- if and (eq . "auto") (lookup "v1" "ConfigMap" $configmapNamespace $configmapName) }}
+    {{- $configmap := (lookup "v1" "ConfigMap" $configmapNamespace $configmapName) }}
+    {{- $kubeconfig := get $configmap.data "kubeconfig" }}
+    {{- $k8sServer := get ($kubeconfig | fromYaml) "clusters" | mustFirst | dig "cluster" "server" "" }}
+    {{- $k8sServer }}
+  {{- else }}
+    {{- . }}
+  {{- end }}
+{{- end }}
diff --git a/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/bfb.yaml b/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/bfb.yaml
@@ -0,0 +1,6 @@
+apiVersion: provisioning.dpu.nvidia.com/v1alpha1
+kind: BFB
+metadata:
+  name: bf-bundle-v25.10.1
+  namespace: dpf-operator-system
+spec: {{ .Values.bfb | toYaml | nindent 2 }}
diff --git a/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpudeployment.yaml b/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpudeployment.yaml
@@ -0,0 +1,21 @@
+{{- range $conf := .Values.dpuDeployments }}
+---
+apiVersion: svc.dpu.nvidia.com/v1alpha1
+kind: DPUDeployment
+metadata:
+  name: {{ $conf.name | quote }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  {{- if $conf.dpus }}
+  dpus: {{ $conf.dpus | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.services }}
+  services: {{ $conf.services | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.serviceChains }}
+  serviceChains: {{ $conf.serviceChains | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.revisionHistoryLimit }}
+  revisionHistoryLimit: {{ $conf.revisionHistoryLimit | toYaml | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuflavor.yaml b/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuflavor.yaml
@@ -0,0 +1,42 @@
+{{- range $conf := .Values.dpuFlavors }}
+---
+apiVersion: provisioning.dpu.nvidia.com/v1alpha1
+kind: DPUFlavor
+metadata:
+  name: {{ $conf.name | quote }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  {{- if $conf.bfcfgParameters }}
+  bfcfgParameters: {{ $conf.bfcfgParameters | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.configFiles }}
+  configFiles: {{ $conf.configFiles | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.containerdConfig }}
+  containerdConfig: {{ $conf.containerdConfig | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.dpuMode }}
+  dpuMode: {{ $conf.dpuMode | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.dpuResources }}
+  dpuResources: {{ $conf.dpuResources | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.grub }}
+  grub: {{ $conf.grub | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.hostNetworkInterfaceConfigs }}
+  hostNetworkInterfaceConfigs: {{ $conf.hostNetworkInterfaceConfigs | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.nvconfig }}
+  nvconfig: {{ $conf.nvconfig | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.ovs }}
+  ovs: {{ $conf.ovs | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.sysctl }}
+  sysctl: {{ $conf.sysctl | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.systemReservedResources }}
+  systemReservedResources: {{ $conf.systemReservedResources | toYaml | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuservicechain.yaml b/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuservicechain.yaml
@@ -0,0 +1,15 @@
+{{- range $conf := .Values.dpuServiceChains }}
+---
+apiVersion: svc.dpu.nvidia.com/v1alpha1
+kind: DPUServiceChain
+metadata:
+  name: {{ $conf.name | quote }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  {{- if $conf.clusterSelector }}
+  clusterSelector: {{ $conf.clusterSelector | toYaml | nindent 4 }}
+  {{- end }}
+  template:
+    spec:
+      template: {{ $conf.template | toYaml | nindent 8 }}
+{{- end }}
diff --git a/...vidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuserviceconfiguration.yaml b/...vidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuserviceconfiguration.yaml
@@ -0,0 +1,27 @@
+{{- range $conf := .Values.dpuServiceConfigurations }}
+---
+apiVersion: svc.dpu.nvidia.com/v1alpha1
+kind: DPUServiceConfiguration
+metadata:
+  name: {{ $conf.name | quote }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  deploymentServiceName: {{ $conf.name | quote }}
+  {{- if $conf.interfaces }}
+  interfaces: {{ $conf.interfaces | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.serviceConfiguration }}
+    {{- if eq $conf.name "ovn" }}
+      {{- $k8s := dig "helmChart" "values" "k8sAPIServer" "NotFound" $conf.serviceConfiguration }}
+      {{- $k := dict "k8sAPIServer" (include "k8sEndpoint" $k8s) }}
+      {{- $v := dict "values" $k }}
+      {{- $h := dict "helmChart" $v }}
+  serviceConfiguration: {{ merge $h $conf.serviceConfiguration | toYaml | nindent 4 }}
+    {{- else }}
+  serviceConfiguration: {{ $conf.serviceConfiguration | toYaml | nindent 4 }}
+    {{- end }}
+  {{- end }}
+  {{- if $conf.upgradePolicy }}
+  upgradePolicy: {{ $conf.upgradePolicy | toYaml | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/...a-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuservicecredentialrequest.yaml b/...a-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuservicecredentialrequest.yaml
@@ -0,0 +1,27 @@
+{{- range $conf := .Values.dpuServiceCredentialRequests }}
+---
+apiVersion: svc.dpu.nvidia.com/v1alpha1
+kind: DPUServiceCredentialRequest
+metadata:
+  name: {{ $conf.name | quote }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  {{- if $conf.duration }}
+  duration: {{ $conf.duration | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.metadata }}
+  metadata: {{ $conf.metadata | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.secret }}
+  secret: {{ $conf.secret | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.serviceAccount }}
+  serviceAccount: {{ $conf.serviceAccount | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.targetCluster }}
+  targetCluster: {{ $conf.targetCluster | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.type }}
+  type: {{ $conf.type | toYaml | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuserviceinterface.yaml b/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuserviceinterface.yaml
@@ -0,0 +1,15 @@
+{{- range $conf := .Values.dpuServiceInterfaces }}
+---
+apiVersion: svc.dpu.nvidia.com/v1alpha1
+kind: DPUServiceInterface
+metadata:
+  name: {{ $conf.name | quote }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  {{- if $conf.clusterSelector }}
+  clusterSelector: {{ $conf.clusterSelector | toYaml | nindent 4 }}
+  {{- end }}
+  template:
+    spec:
+      template: {{ $conf.template | toYaml | nindent 8 }}
+{{- end }}
diff --git a/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuserviceipam.yaml b/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuserviceipam.yaml
@@ -0,0 +1,24 @@
+{{- range $conf := .Values.dpuServiceIPAMs }}
+---
+apiVersion: svc.dpu.nvidia.com/v1alpha1
+kind: DPUServiceIPAM
+metadata:
+  name: {{ $conf.name | quote }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  {{- if $conf.clusterSelector }}
+  clusterSelector: {{ $conf.clusterSelector | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.ipv4Network }}
+  ipv4Network: {{ $conf.ipv4Network | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.ipv4Subnet }}
+  ipv4Subnet: {{ $conf.ipv4Subnet | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.metadata }}
+  metadata: {{ $conf.metadata | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.nodeSelector }}
+  nodeSelector: {{ $conf.nodeSelector | toYaml | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuservicetemplate.yaml b/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuservicetemplate.yaml
@@ -0,0 +1,16 @@
+{{- range $conf := .Values.dpuServiceTemplates }}
+---
+apiVersion: svc.dpu.nvidia.com/v1alpha1
+kind: DPUServiceTemplate
+metadata:
+  name: {{ $conf.name | quote }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  deploymentServiceName: {{ $conf.name | quote }}
+  {{- if $conf.helmChart }}
+  helmChart: {{ $conf.helmChart | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.resourceRequirements }}
+  resourceRequirements: {{ $conf.resourceRequirements | toYaml | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuset.yaml b/packs/nvidia-dpf-deployment-25.10.1/charts/dpf-deployment/templates/dpuset.yaml
@@ -0,0 +1,21 @@
+{{- range $conf := .Values.dpuSets }}
+---
+apiVersion: provisioning.dpu.nvidia.com/v1alpha1
+kind: DPUSet
+metadata:
+  name: {{ $conf.name | quote }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  {{- if $conf.dpuNodeSelector }}
+  dpuNodeSelector: {{ $conf.dpuNodeSelector | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.dpuSelector }}
+  dpuSelector: {{ $conf.dpuSelector | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.dpuTemplate }}
+  dpuTemplate: {{ $conf.dpuTemplate | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $conf.strategy }}
+  strategy: {{ $conf.strategy | toYaml | nindent 4 }}
+  {{- end }}
+{{- end }}