Skip to main content
Version: v1.1.x

Settings and Integrations

A Settings resource holds the external integrations PaletteAI uses to provision infrastructure and govern artificial intelligence and machine learning (AI/ML) workloads. Tenants and Projects each reference a Settings resource, and the controller uses the integrations defined there to communicate with Palette and the registries that supply your models.

A single Settings resource can hold up to one of each integration type. Settings resources are namespace-scoped, so the integrations they configure are always evaluated in the context of a specific Tenant or Project.

Integrations

PaletteAI supports three integration types, each filling a distinct role in the deployment lifecycle.

  • Palette — Connects PaletteAI to the Spectro Cloud Palette platform. PaletteAI uses Palette as its infrastructure provider to deploy and manage the Kubernetes clusters that host your applications. A Palette integration is required for any Project that deploys Compute Pools, so every Settings resource must include one.

  • Hugging Face (optional) — Provides API access to the Hugging Face Hub, allowing PaletteAI to fetch model metadata and download model artifacts. Adding a Hugging Face integration to a Settings resource unlocks Hugging Face model governance at the Project level.

  • NVIDIA NGC (optional) — Provides credentials for pulling NVIDIA Inference Microservices (NIMs) from the NVIDIA NGC registry. Adding an NVIDIA NGC integration unlocks per-Project governance for the NIMs your teams can deploy.

For the Settings resource schema and field-level details, refer to the Settings Custom Resource Definition (CRD) reference.

Scope and Inheritance

Settings belong to either the Tenant namespace or a Project namespace. The placement determines who the integrations apply to.

  • Tenant-level Settings are referenced by the Tenant and serve as the default for every Project in that Tenant.

  • Project-level Settings are referenced by a Project and apply only to that Project.

When a Project defines its own Settings and the Tenant has a default, PaletteAI merges the two configurations at the integration field level. Each individual integration in the Project Settings overrides the matching integration in the Tenant Settings, while integrations that are absent from the Project Settings fall back to the Tenant default. This lets a Project override one or two integrations (for example, a different Palette tenant) while still inheriting the rest.

The Settings controller computes the merged result and writes it to the status.effectiveSettings field, which is the authoritative resolved configuration. When integrations are merged from different scopes, each integration's secret references resolve in the namespace where the integration was defined. Tenant-scoped integrations resolve against Tenant secrets; Project-scoped integrations resolve against Project secrets. This keeps credentials isolated even when a Project's effective configuration is assembled from both scopes.

For more information on how Tenant and Project resources relate, refer to Tenants and Projects.

Project Model Settings

Hugging Face and NVIDIA NGC integrations at the Settings level unlock per-Project model governance through the Project resource's modelSettings field. Project admins use Model Settings to decide which models are available within a Project, independent of which integrations are configured at the Tenant level.

Model Settings cover two concepts:

  • Allow and disallow lists — For each integration enabled on a Project, you can list the model repositories or NIMs that are permitted, denied, or both. A common pattern is to allow everything from a registry except a specific organization or tag.

  • Profile Bundle mappings — Map model attributes to a Profile Bundle so PaletteAI automatically selects the correct Workload Profile for a given model source. For example, every Hugging Face model tagged for a particular runtime can be routed to a Profile Bundle tuned for that runtime.

Model Settings only take effect when the corresponding integration is configured in the resolved Settings.

For field-level details on modelSettings and the underlying Access Control List (ACL) syntax, refer to the Project CRD reference.