Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Deploying Red Hat AI Inference Server in a disconnected environment

Red Hat AI Inference Server 3.2

Deploy Red Hat AI Inference Server in a disconnected environment using OpenShift Container Platform and a disconnected mirror image registry

Red Hat AI Documentation Team

Abstract

Learn how to work with Red Hat AI Inference Server for model serving and inferencing in a disconnected environment.

Preface
Copy link

You can inference large language models with Red Hat AI Inference Server without any connection to the outside internet by installing OpenShift Container Platform and configuring a mirrored container image registry in the disconnected environment.

Important

Currently, only NVIDIA CUDA AI accelerators are supported for OpenShift Container Platform in disconnected environments.

To serve container images in a disconnected environment, you must configure a disconnected mirror registry on a bastion host. The bastion host acts as a secure gateway between your disconnected environment and the internet. You then mirror images from Red Hat’s online image registries, and serve them in the disconnected environment.

Prerequisites

Procedure

  1. Open a shell prompt on the bastion host and create the disconnected mirror registry.
  2. Configure credentials that allow images to be mirrored.

Once you have created a mirror registry for the disconnected environment, you are ready to mirror the required AI Inference Server image, AI accelerator Operator images, and language model image.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have logged in as a user with cluster-admin privileges.
  • You have installed a mirror registry on the bastion host.

Procedure

  1. Find the version of the following images that match your environment and pull the images with podman:

  2. Create an image set configuration custom resource (CR) that includes the NFD Operator, NVIDIA GPU Operator, and AI Inference Server images that you pulled in the previous step. For example, save the following ImageSetConfiguration CR as the file imageset-config.yaml: 

    apiVersion: mirror.openshift.io/v2alpha1
kind: ImageSetConfiguration
mirror:
  operators:
  # Node Feature Discovery (NFD) Operator
  # Helps Openshift detect hardware capabilities like GPUs
  - catalog: registry.redhat.io/openshift4/ose-cluster-nfd-operator:latest
    packages:
      - name: nfd
        defaultChannel: stable
        channels:
          - name: stable

  # GPU Operator
  # Manages NVIDIA GPUs on OpenShift
  - catalog: registry.connect.redhat.com/nvidia/gpu-operator-bundle:latest
    packages:
      - name: gpu-operator-certified
        defaultChannel: stable
        channels:
          - name: stable
  additionalImages:
  # Red Hat AI Inference Server image
  - name: registry.redhat.io/rhaiis/vllm-cuda-rhel9:latest
  # Model image
  - name: registry.redhat.io/rhelai1/granite-3-1-8b-instruct-quantized-w8a8:1.5
    Copy to Clipboard Toggle word wrap

  3. Mirror the required images into the mirror registry. Run the following command: 

    $ oc mirror --config imageset-config.yaml docker://<target_mirror_registry_url> --registry-config <path_to_pull_secret_json>
    Copy to Clipboard Toggle word wrap

  4. Alternatively, if you have already installed the NFD and NVIDIA GPU Operators in the cluster, create an ImageSetConfiguration CR that configures AI Inference Server and model images only: 

    apiVersion: mirror.openshift.io/v2alpha1
kind: ImageSetConfiguration
mirror:
  additionalImages:
  - name: registry.redhat.io/rhaiis/vllm-cuda-rhel9:latest
  - registry.redhat.io/rhelai1/granite-3-1-8b-instruct-quantized-w8a8:1.5
    Copy to Clipboard Toggle word wrap
  5. Mirror the image set in the disconnected environment.
  6. Configure the cluster for the mirror registry.

Install the Node Feature Discovery Operator so that the cluster can use the AI accelerators that are available in the cluster.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have logged in as a user with cluster-admin privileges.

Procedure

  1. Create the Namespace CR for the Node Feature Discovery Operator: 

    oc apply -f - <<EOF
apiVersion: v1
kind: Namespace
metadata:
  name: openshift-nfd
  labels:
    name: openshift-nfd
    openshift.io/cluster-monitoring: "true"
EOF
    Copy to Clipboard Toggle word wrap

  2. Create the OperatorGroup CR: 

    oc apply -f - <<EOF
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  generateName: openshift-nfd-
  name: openshift-nfd
  namespace: openshift-nfd
spec:
  targetNamespaces:
  - openshift-nfd
EOF
    Copy to Clipboard Toggle word wrap

  3. Create the Subscription CR: 

    oc apply -f - <<EOF
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: nfd
  namespace: openshift-nfd
spec:
  channel: "stable"
  installPlanApproval: Automatic
  name: nfd
  source: redhat-operators
  sourceNamespace: openshift-marketplace
EOF
    Copy to Clipboard Toggle word wrap

Verification

Verify that the Node Feature Discovery Operator deployment is successful by running the following command: 

$ oc get pods -n openshift-nfd
Copy to Clipboard Toggle word wrap

Example output

NAME                                      READY   STATUS    RESTARTS   AGE
nfd-controller-manager-7f86ccfb58-vgr4x   2/2     Running   0          10m
Copy to Clipboard Toggle word wrap

Chapter 4. Installing the NVIDIA GPU Operator
Copy link

Install the NVIDIA GPU Operator to use the underlying NVIDIA CUDA AI accelerators that are available in the cluster.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have logged in as a user with cluster-admin privileges.
  • You have installed the Node Feature Discovery Operator.

Procedure

  1. Create the Namespace CR for the NVIDIA GPU Operator: 

    oc apply -f - <<EOF
apiVersion: v1
kind: Namespace
metadata:
  name: nvidia-gpu-operator
EOF
    Copy to Clipboard Toggle word wrap

  2. Create the OperatorGroup CR: 

    oc apply -f - <<EOF
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: gpu-operator-certified
  namespace: nvidia-gpu-operator
spec:
 targetNamespaces:
 - nvidia-gpu-operator
EOF
    Copy to Clipboard Toggle word wrap

  3. Create the Subscription CR: 

    oc apply -f - <<EOF
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: gpu-operator-certified
  namespace: nvidia-gpu-operator
spec:
  channel: "stable"
  installPlanApproval: Manual
  name: gpu-operator-certified
  source: certified-operators
  sourceNamespace: openshift-marketplace
EOF
    Copy to Clipboard Toggle word wrap

Verification

Verify that the NVIDIA GPU Operator deployment is successful by running the following command: 

$ oc get pods -n nvidia-gpu-operator
Copy to Clipboard Toggle word wrap

Example output

NAME                                                  READY   STATUS     RESTARTS   AGE
gpu-feature-discovery-c2rfm                           1/1     Running    0          6m28s
gpu-operator-84b7f5bcb9-vqds7                         1/1     Running    0          39m
nvidia-container-toolkit-daemonset-pgcrf              1/1     Running    0          6m28s
nvidia-cuda-validator-p8gv2                           0/1     Completed  0          99s
nvidia-dcgm-exporter-kv6k8                            1/1     Running    0          6m28s
nvidia-dcgm-tpsps                                     1/1     Running    0          6m28s
nvidia-device-plugin-daemonset-gbn55                  1/1     Running    0          6m28s
nvidia-device-plugin-validator-z7ltr                  0/1     Completed  0          82s
nvidia-driver-daemonset-410.84.202203290245-0-xxgdv   2/2     Running    0          6m28s
nvidia-node-status-exporter-snmsm                     1/1     Running    0          6m28s
nvidia-operator-validator-6pfk6                       1/1     Running    0          6m28s
Copy to Clipboard Toggle word wrap

Use Red Hat AI Inference Server deployed in a disconnected OpenShift Container Platform environment to inference serve the language model from cluster persistent storage.

Prerequisites

  • You have installed a mirror registry on the bastion host that is accessible to the disconnected cluster.
  • You have added the model and Red Hat AI Inference Server images to the mirror registry.
  • You have installed the Node Feature Discovery Operator and NVIDIA GPU Operator in the disconnected cluster.

Procedure

  1. In the disconnected cluster, configure persistent storage using Network File System (NFS) and make the model available in the persistent storage that you configure.

    Note

    For more information, see Persistent storage using NFS.

  2. Create a Deployment custom resource (CR). For example, the following Deployment CR uses AI Inference Server to serve a Granite model on a CUDA accelerator. 

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: granite
  namespace: rhaiis-namespace
  labels:
    app: granite
spec:
  replicas: 0
  selector:
    matchLabels:
      app: granite
  template:
    metadata:
      labels:
        app: granite
    spec:
      containers:
        - name: granite
          image: 'registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:137ac606b87679c90658985ef1fc9a26a97bb11f622b988fe5125f33e6f35d78'
          imagePullPolicy: IfNotPresent
          command:
            - python
            - '-m'
            - vllm.entrypoints.openai.api_server
          args:
            - '--port=8000'
            - '--model=/mnt/models'
    1 
    
            - '--served-model-name=granite-3.1-2b-instruct-quantized.w8a8'
            - '--tensor-parallel-size=1'
          resources:
            limits:
              cpu: '10'
              nvidia.com/gpu: '1'
            requests:
              cpu: '2'
              memory: 6Gi
              nvidia.com/gpu: '1'
          volumeMounts:
            - name: cache-volume
              mountPath: /mnt/models
            - name: shm
              mountPath: /dev/shm
    2 
    
      volumes:
        - name: cache-volume
          persistentVolumeClaim:
            claimName: granite-31-w8a8
        - name: shm
          emptyDir:
            medium: Memory
            sizeLimit: 2Gi
      restartPolicy: Always
    Copy to Clipboard Toggle word wrap
    1
    The model that you downloaded should be available from this mounted location in the configured persistent volume.
    2
    The /dev/shm volume mount is required by the NVIDIA Collective Communications Library (NCCL). Tensor parallel vLLM deployments fail when the /dev/shm volume mount is not set.

  3. Create a Service CR for the model inference. For example: 

    apiVersion: v1
kind: Service
metadata:
  name: granite
  namespace: rhaiis-namespace
spec:
  selector:
    app: granite
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8000
    Copy to Clipboard Toggle word wrap

  4. Optional. Create a Route CR to enable public access to the model. For example: 

    apiVersion: route.openshift.io/v1
kind: Route
metadata:
  name: granite
  namespace: rhaiis-namespace
spec:
  to:
    kind: Service
    name: granite
  port:
    targetPort: 80
    Copy to Clipboard Toggle word wrap

  5. Get the URL for the exposed route: 

    $ oc get route granite -n rhaiis-namespace -o jsonpath='{.spec.host}'
    Copy to Clipboard Toggle word wrap

    Example output

    granite-rhaiis-namespace.apps.example.com
    Copy to Clipboard Toggle word wrap

  6. Query the model by running the following command: 

    curl -X POST http://granite-rhaiis-namespace.apps.example.com/v1/chat/completions \
  -H "Content-Type: application/json" \
  -d '{
    "model": "granite-3.1-2b-instruct-quantized.w8a8",
    "messages": [{"role": "user", "content": "What is AI?"}],
    "temperature": 0.1
  }'
    Copy to Clipboard Toggle word wrap

Legal Notice
Copy link

Copyright © 2025 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat