fix(helm): address code review feedback for GPU plugin and cert-manager

waleedlatif1 · waleedlatif1 · commit 549edba905db · 2026-01-27T18:04:42.000-08:00
diff --git a/helm/sim/templates/cert-manager-issuers.yaml b/helm/sim/templates/cert-manager-issuers.yaml
@@ -2,6 +2,12 @@
 {{- /*
   cert-manager Issuer Bootstrap Pattern
 
+  PREREQUISITE: cert-manager must be installed in your cluster before enabling this.
+  The root CA Certificate is created in the namespace specified by certManager.rootCA.namespace
+  (defaults to "cert-manager"). Ensure this namespace exists and cert-manager is running there.
+
+  Install cert-manager: https://cert-manager.io/docs/installation/
+
   This implements the recommended pattern from cert-manager documentation:
   1. A self-signed ClusterIssuer (for bootstrapping the root CA only)
   2. A root CA Certificate (self-signed, used to sign other certificates)
@@ -28,11 +34,13 @@ spec:
 # 2. Root CA Certificate
 # This certificate is signed by the self-signed issuer and becomes the root of trust.
 # The secret created here will be used by the CA issuer to sign certificates.
+# NOTE: This must be created in the cert-manager namespace (or the namespace specified
+# in certManager.rootCA.namespace). Ensure cert-manager is installed there first.
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: {{ .Values.certManager.rootCA.certificateName }}
-  namespace: {{ .Values.certManager.rootCA.namespace | default "cert-manager" }}
+  namespace: {{ .Values.certManager.rootCA.namespace | default "cert-manager" }}  # Must match cert-manager's cluster-resource-namespace
   labels:
     {{- include "sim.labels" . | nindent 4 }}
     app.kubernetes.io/component: cert-manager
diff --git a/helm/sim/templates/gpu-device-plugin.yaml b/helm/sim/templates/gpu-device-plugin.yaml
@@ -19,7 +19,6 @@ data:
       migStrategy: "none"
       {{- end }}
       failOnInitError: false
-      nvidiaDriverRoot: /host-proc/driver/nvidia
     plugin:
       passDeviceSpecs: true
       deviceListStrategy: envvar
@@ -28,7 +27,7 @@ data:
       timeSlicing:
         resources:
           - name: nvidia.com/gpu
-            replicas: {{ .Values.ollama.gpu.timeSlicingReplicas | default 10 }}
+            replicas: {{ .Values.ollama.gpu.timeSlicingReplicas | default 5 }}
     {{- end }}
 ---
 # 2. NVIDIA Device Plugin DaemonSet for GPU support
@@ -76,9 +75,6 @@ spec:
         - name: sys
           hostPath:
             path: /sys
-        - name: proc-driver-nvidia
-          hostPath:
-            path: /proc/driver/nvidia
         # Volume to mount the ConfigMap
         - name: nvidia-device-plugin-config
           configMap:
@@ -89,6 +85,11 @@ spec:
           imagePullPolicy: Always
           args:
             - "--config-file=/etc/device-plugin/config.yaml"
+          {{- if eq .Values.ollama.gpu.strategy "mig" }}
+          env:
+            - name: NVIDIA_MIG_MONITOR_DEVICES
+              value: all
+          {{- end }}
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
@@ -101,9 +102,6 @@ spec:
             - name: sys
               mountPath: /sys
               readOnly: true
-            - name: proc-driver-nvidia
-              mountPath: /host-proc/driver/nvidia
-              readOnly: true
             - name: nvidia-device-plugin-config
               mountPath: /etc/device-plugin/
               readOnly: true
