Advanced Deployment Options (optional)#
Passing Arguments to the Kit Application#
With the exception of opening USD files, dynamically adding arguments to a Kit application is currently prohibited. This restriction is in place for security purposes, preventing ad-hoc arguments from being passed to the Helm chart, as this could change the application’s execution and create a potential vector for container injection attacks.
It is possible to modify the Helm chart used for the streaming session to include custom arguments or make them configurable via a Helm chart value, which can be incorporated into an application profile.
Custom Labels#
Custom labels can be added either within an application profile or by editing the streaming session manager values file. This allows for the flexible application of custom labels to manage and organize streaming sessions in a Helm deployment.
Nucleus Storage Credentials#
In order to access data residing on a Nucleus Storage instance, proper authentication and authorization are required. The current supported solution uses Nucleus Service Accounts authenticated via Nucleus Authentication.
Traffic Encryption#
TLS can be used to secure a WebRTC stream by encrypting signaling communication between the client and server. The method depends on where TLS is terminated; either at the NLB fronting a GPU worker node, or at the POD via Envoy Proxy.
Telemetry and Logging#
NVIDIA-managed services automatically deploy a ServiceMonitor
resource to allow metrics collection by a Kubernetes Prometheus stack. To disable this, set monitoring.enabled=false
in the Helm values file for each deployment.
By default, the ServiceMonitor
is deployed in the same namespace as the service. To specify a different namespace, set the monitoring.prometheusNamespace
value.
For alternative monitoring setups, Omniverse services export Prometheus and OpenTelemetry-compatible metrics. Prometheus metrics are available at the /metrics
endpoint, with default rate, error, and duration metrics exposed.
Customizing Endpoint Resolution#
The sample APIs provide an option for developers to customize how the streaming endpoints are resolved.
API Gateways#
NVIDIA strongly recommends deploying the APIs behind an API Gateway, as this offers numerous benefits, most importantly, the ability to integrate with your own IAM solution to secure the API end-points.
The Omniverse Application Streaming API does not implement its own authentication and authorization mechanisms. Instead, customers are expected to bring their own implementations to manage access to the API endpoints.