Merge pull request #666 from NVIDIA/xutongr/sync

Xutongr/sync

Author: xutongNV

.coderabbit.yaml

@@ -0,0 +1,5 @@
+# Repository-specific override
+reviews:
+  profile: chill # assertive / chill profile
+  auto_review:
+    enabled: true # Enable auto-review for this repository

cookbook/reinforcement_learning/multi_gpu/train_policy.yaml

@@ -32,7 +32,7 @@ workflow:
 
         set -euxo pipefail
 
-        _isaac_sim/python.sh -m torch.distributed.run --nnodes=1 --nproc_per_node=2 \
+        _isaac_sim/python.sh -m torch.distributed.run --nnodes=1 --nproc_per_node={{num_gpu}} \
           --rdzv_endpoint=localhost:5555 \
           scripts/reinforcement_learning/rsl_rl/train.py --task=Isaac-Cartpole-v0 \
           --headless --distributed

cookbook/reinforcement_learning/multi_node/train_policy.yaml

@@ -35,7 +35,7 @@ workflow:
 
           set -euxo pipefail
 
-          _isaac_sim/python.sh -m torch.distributed.run --nproc_per_node={{num_gpu}} --nnodes=2 --node_rank=0 \
+          _isaac_sim/python.sh -m torch.distributed.run --nproc_per_node={{num_gpu}} --nnodes={{num_nodes}} --node_rank=0 \
             --rdzv_id=123 --rdzv_backend=c10d --rdzv_endpoint=localhost:5555 \
             scripts/reinforcement_learning/rsl_rl/train.py --task=Isaac-Cartpole-v0 --headless \
             --distributed
@@ -46,7 +46,8 @@ workflow:
       outputs:
       - dataset:
           name: robot-policy-dataset
-    - name: worker
+    {% for i in range(1, num_nodes) %}
+    - name: worker-{{i}}
       command: ["bash"]
       args: ["/tmp/entry.sh"]
       image: nvcr.io/nvidia/isaac-lab:2.2.0
@@ -59,14 +60,15 @@ workflow:
 
           set -euxo pipefail
 
-          _isaac_sim/python.sh -m torch.distributed.run --nproc_per_node={{num_gpu}} --nnodes=2 --node_rank=1 \
+          _isaac_sim/python.sh -m torch.distributed.run --nproc_per_node={{num_gpu}} --nnodes={{num_nodes}} --node_rank={{i}} \
             --rdzv_backend=c10d --rdzv_endpoint={{host:master}}:5555 \
             --rdzv_id=123 scripts/reinforcement_learning/rsl_rl/train.py --task=Isaac-Cartpole-v0 \
             --headless --distributed
 
           mv logs/ {{output}}/
 
         path: /tmp/entry.sh
+    {% endfor %}
   name: train-robot-multi-node
   resources:
     default:
@@ -77,3 +79,4 @@ workflow:
 
 default-values:
   num_gpu: 2
+  num_nodes: 2

cookbook/synthetic_data_generation/isaac_sim/README.md

@@ -21,7 +21,7 @@ SPDX-License-Identifier: Apache-2.0
 ## Overview
 
 This workflow uses Isaac Sim, a robotics simulator, to generate synthetic data that can be used to train deep neural
-networks. The workflow consists of one main task that launches Isaac Sim.
+networks. The workflow consists of one main task that launches Isaac Sim, and generates 60 images.
 
 ## Prerequisites
 

deployments/charts/backend-operator/templates/backend-test-runner-config.yaml

@@ -245,7 +245,7 @@ data:
                 - name: {{ .Values.backendTestRunner.volumes.testConfigName }}
                   configMap:
                     {{- $configMapName := .Values.backendTestRunner.configMap.nameTemplate }}
-                    name: {{ $configMapName | replace "{{.BackendName}}" "{{backend_name}}" | replace "{{.TestName}}" "{{test_name}}" | quote }}
+                    name: {{ $configMapName | replace "{{.TestName}}" "{{test_name}}" | quote }}
                     defaultMode: {{ .Values.backendTestRunner.configMap.defaultMode }}
                     optional: {{ .Values.backendTestRunner.configMap.optional }}
 

deployments/charts/backend-operator/values.yaml

@@ -764,7 +764,7 @@ backendTestRunner:
   configMap:
     ## ConfigMap name template
     ##
-    nameTemplate: "{{.BackendName}}-{{.TestName}}-config"
+    nameTemplate: "{{.TestName}}-config"
 
     ## Default mode for ConfigMap files
     ##
@@ -859,4 +859,3 @@ extraConfigMaps: {}
 #     description: "Custom configuration"
 #   labels:
 #     component: "custom"
-

deployments/charts/router/README.md

@@ -129,6 +129,15 @@ helm upgrade my-router ./router -f my-values.yaml
 | `services.postgres.user` | PostgreSQL username | `postgres` |
 | `services.postgres.password` | PostgreSQL password | `""` |
 
+### Redis Settings
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `services.redis.serviceName` | Kubernetes service name for Redis (used for OAuth2-Proxy session store) | `redis` |
+| `services.redis.port` | Redis service port | `6379` |
+| `services.redis.dbNumber` | Redis database number to use (0–15) | `0` |
+| `services.redis.tlsEnabled` | Enable TLS encryption for Redis connections | `true` |
+
 ## Sidecar Configuration
 
 ### Envoy Proxy Sidecar
@@ -177,6 +186,31 @@ helm upgrade my-router ./router -f my-values.yaml
 | `sidecars.envoy.osmoauth.hostname` | OSMO auth hostname | `""` |
 | `sidecars.envoy.osmoauth.address` | OSMO auth service address | `osmo-service` |
 
+### OAuth2 Proxy Sidecar
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `sidecars.oauth2Proxy.enabled` | Enable OAuth2 Proxy sidecar | `true` |
+| `sidecars.oauth2Proxy.image` | OAuth2 Proxy container image | `quay.io/oauth2-proxy/oauth2-proxy:v7.14.2` |
+| `sidecars.oauth2Proxy.imagePullPolicy` | Image pull policy | `IfNotPresent` |
+| `sidecars.oauth2Proxy.httpPort` | HTTP port for OAuth2 Proxy | `4180` |
+| `sidecars.oauth2Proxy.metricsPort` | Metrics port for OAuth2 Proxy | `44180` |
+| `sidecars.oauth2Proxy.provider` | OIDC provider type | `oidc` |
+| `sidecars.oauth2Proxy.oidcIssuerUrl` | OIDC issuer URL | `""` |
+| `sidecars.oauth2Proxy.clientId` | OAuth2 client ID | `""` |
+| `sidecars.oauth2Proxy.cookieName` | Session cookie name | `_osmo_session` |
+| `sidecars.oauth2Proxy.cookieSecure` | Set Secure flag on cookies | `true` |
+| `sidecars.oauth2Proxy.cookieDomain` | Cookie domain | `""` |
+| `sidecars.oauth2Proxy.cookieExpire` | Cookie expiration duration | `168h` |
+| `sidecars.oauth2Proxy.cookieRefresh` | Cookie refresh interval | `1h` |
+| `sidecars.oauth2Proxy.scope` | OAuth2 scopes to request | `openid email profile` |
+| `sidecars.oauth2Proxy.passAccessToken` | Pass the access token to upstream | `false` |
+| `sidecars.oauth2Proxy.redisSessionStore` | Use Redis (`services.redis`) as the session store instead of in-memory | `true` |
+| `sidecars.oauth2Proxy.useKubernetesSecrets` | Use Kubernetes secrets for credentials | `false` |
+| `sidecars.oauth2Proxy.secretName` | Kubernetes secret name (when `useKubernetesSecrets` is true) | `oauth2-proxy-secrets` |
+| `sidecars.oauth2Proxy.secretPaths.clientSecret` | File path for client secret | `/etc/oauth2-proxy/client-secret` |
+| `sidecars.oauth2Proxy.secretPaths.cookieSecret` | File path for cookie secret | `/etc/oauth2-proxy/cookie-secret` |
+
 ## Extensibility Configuration
 
 The chart provides several extension points for customization:

deployments/charts/router/templates/_sidecar-helpers.tpl

@@ -112,6 +112,7 @@ OAuth2 Proxy sidecar container
     - --redirect-url=https://{{ .Values.sidecars.envoy.service.hostname }}/oauth2/callback
     - --silence-ping-logging=true
     - --skip-provider-button=true
+    - --api-route=/api/.+
     {{- range .Values.sidecars.oauth2Proxy.extraArgs }}
     - {{ . }}
     {{- end }}

deployments/charts/router/values.yaml

@@ -282,9 +282,9 @@ services:
   ## Redis cache service configuration
   ##
   redis:
-    ## Kubernetes service name for Redis (leave empty to use in-memory session store)
+    ## Kubernetes service name for Redis (used for OAuth2-Proxy session store)
     ##
-    serviceName: ""
+    serviceName: redis
 
     ## Redis service port
     ##
@@ -296,7 +296,7 @@ services:
 
     ## Enable TLS encryption for Redis connections
     ##
-    tlsEnabled: false
+    tlsEnabled: true
 
 ## Configuration for sidecar containers
 ##
@@ -517,7 +517,7 @@ sidecars:
 
     ## Use Redis (services.redis) as the session store instead of in-memory
     ##
-    redisSessionStore: false
+    redisSessionStore: true
 
     ## Use Kubernetes secrets for credentials
     ##
@@ -695,4 +695,3 @@ extraConfigMaps: []
 #   data:
 #     config.yaml: |
 #       key: value
-

deployments/charts/service/README.md

@@ -307,6 +307,30 @@ Any field from `sidecars.envoy` can be overridden at the service level. Fields n
 | `sidecars.rateLimit.redis.port` | Redis port | `6379` |
 | `sidecars.rateLimit.configName` | Rate limit config name | `ratelimit-config` |
 
+#### OAuth2 Proxy Settings
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `sidecars.oauth2Proxy.enabled` | Enable OAuth2 Proxy sidecar | `true` |
+| `sidecars.oauth2Proxy.image` | OAuth2 Proxy container image | `quay.io/oauth2-proxy/oauth2-proxy:v7.14.2` |
+| `sidecars.oauth2Proxy.httpPort` | HTTP port for OAuth2 Proxy | `4180` |
+| `sidecars.oauth2Proxy.metricsPort` | Metrics port for OAuth2 Proxy | `44180` |
+| `sidecars.oauth2Proxy.provider` | OIDC provider type | `oidc` |
+| `sidecars.oauth2Proxy.oidcIssuerUrl` | OIDC issuer URL | `""` |
+| `sidecars.oauth2Proxy.clientId` | OAuth2 client ID | `""` |
+| `sidecars.oauth2Proxy.cookieName` | Session cookie name | `_osmo_session` |
+| `sidecars.oauth2Proxy.cookieSecure` | Set Secure flag on cookies | `true` |
+| `sidecars.oauth2Proxy.cookieDomain` | Cookie domain | `""` |
+| `sidecars.oauth2Proxy.cookieExpire` | Cookie expiration duration | `168h` |
+| `sidecars.oauth2Proxy.cookieRefresh` | Cookie refresh interval | `1h` |
+| `sidecars.oauth2Proxy.scope` | OAuth2 scopes to request | `openid email profile` |
+| `sidecars.oauth2Proxy.passAccessToken` | Pass the access token to upstream | `false` |
+| `sidecars.oauth2Proxy.redisSessionStore` | Use Redis (`services.redis`) as the session store instead of in-memory | `true` |
+| `sidecars.oauth2Proxy.useKubernetesSecrets` | Use Kubernetes secrets for credentials | `false` |
+| `sidecars.oauth2Proxy.secretName` | Kubernetes secret name (when `useKubernetesSecrets` is true) | `oauth2-proxy-secrets` |
+| `sidecars.oauth2Proxy.secretPaths.clientSecret` | File path for client secret | `/etc/oauth2-proxy/client-secret` |
+| `sidecars.oauth2Proxy.secretPaths.cookieSecret` | File path for cookie secret | `/etc/oauth2-proxy/cookie-secret` |
+
 ### Extensibility
 
 Each service supports extensibility through the following parameters: