Feature: Allow selecting NVIDIA Container Toolkit by git ref (or latest) for Holodeck installs

api/holodeck/v1alpha1/types.go

@@ -217,6 +217,68 @@ type NVIDIAContainerToolkit struct {
 	// container runtime.
 	// +optional
 	EnableCDI bool `json:"enableCDI"`
+	// Source specifies how to install the NVIDIA Container Toolkit
+	// +kubebuilder:validation:Enum=package;git;latest
+	// +optional
+	Source NCTSource `json:"source,omitempty"`
+	// Package configuration for package-based installation
+	// +optional
+	Package *NCTPackageConfig `json:"package,omitempty"`
+	// Git configuration for git-based installation
+	// +optional
+	Git *NCTGitConfig `json:"git,omitempty"`
+	// Latest configuration for latest-tracking installation
+	// +optional
+	Latest *NCTLatestConfig `json:"latest,omitempty"`
+}
+
+type NCTSource string
+
+const (
+	// NCTSourcePackage installs from distro packages (default)
+	NCTSourcePackage NCTSource = "package"
+	// NCTSourceGit installs from a specific git ref
+	NCTSourceGit NCTSource = "git"
+	// NCTSourceLatest installs from latest commit of a branch
+	NCTSourceLatest NCTSource = "latest"
+)
+
+type NCTPackageConfig struct {
+	// Channel specifies the package channel
+	// +kubebuilder:validation:Enum=stable;experimental
+	// +optional
+	Channel string `json:"channel,omitempty"`
+	// Version specifies a specific version to pin
+	// +optional
+	Version string `json:"version,omitempty"`
+}
+
+type NCTGitConfig struct {
+	// Repo is the git repository URL
+	// +optional
+	Repo string `json:"repo,omitempty"`
+	// Ref is the git reference (commit SHA, tag, branch, or PR ref)
+	Ref string `json:"ref"`
+	// Build configuration for git-based installation
+	// +optional
+	Build *NCTBuildConfig `json:"build,omitempty"`
+}
+
+type NCTLatestConfig struct {
+	// Track specifies the branch to track
+	Track string `json:"track"`
+	// Repo is the git repository URL
+	// +optional
+	Repo string `json:"repo,omitempty"`
+}
+
+type NCTBuildConfig struct {
+	// MakeTargets specifies the make targets to build
+	// +optional
+	MakeTargets []string `json:"makeTargets,omitempty"`
+	// ExtraEnv provides additional environment variables for the build
+	// +optional
+	ExtraEnv map[string]string `json:"extraEnv,omitempty"`
 }
 
 // Kernel defines the kernel configuration

examples/nct-sources/README.md

@@ -0,0 +1,37 @@
+# NVIDIA Container Toolkit Source Examples
+
+This directory contains example configurations demonstrating the different NVIDIA Container Toolkit source options available in Holodeck.
+
+## Source Types
+
+### Package Source (`package`)
+Installs from distro packages (default behavior).
+
+- **`package-stable.yaml`**: Install from stable channel
+- **`backward-compatible.yaml`**: Legacy configuration using version field
+
+### Git Source (`git`)  
+Installs from a specific git ref (commit, tag, branch, or PR).
+
+- **`git-specific-tag.yaml`**: Install from a specific tag
+- **`git-commit-sha.yaml`**: Install from a specific commit SHA with custom build configuration
+
+### Latest Source (`latest`)
+Installs from the latest commit of a specified branch.
+
+- **`latest-main.yaml`**: Install from latest commit on main branch
+
+## Features
+
+- **Provenance Tracking**: Git and latest sources create `/etc/nvidia-container-toolkit/PROVENANCE.json` with build metadata
+- **Custom Builds**: Git source supports custom make targets and environment variables
+- **Default Repository**: When no repo is specified, defaults to `https://github.com/NVIDIA/nvidia-container-toolkit.git`
+- **Backward Compatibility**: Existing `version` field continues to work as before
+
+## Usage
+
+```bash
+holodeck create -f examples/nct-sources/package-stable.yaml
+holodeck create -f examples/nct-sources/git-specific-tag.yaml
+holodeck create -f examples/nct-sources/latest-main.yaml
+```

examples/nct-sources/backward-compatible.yaml

@@ -0,0 +1,21 @@
+apiVersion: holodeck.nvidia.com/v1alpha1
+kind: Environment
+metadata:
+  name: nct-backward-compatible
+spec:
+  provider: ssh
+  auth:
+    keyName: my-key
+    username: ubuntu
+    publicKey: /path/to/public.key
+    privateKey: /path/to/private.key
+  instance:
+    hostUrl: "my-host.example.com"
+  containerRuntime:
+    install: true
+    name: containerd
+  nvidiaContainerToolkit:
+    install: true
+    enableCDI: true
+    # Legacy configuration - still works!
+    version: "1.17.6-1"

examples/nct-sources/git-commit-sha.yaml

@@ -0,0 +1,28 @@
+apiVersion: holodeck.nvidia.com/v1alpha1
+kind: Environment
+metadata:
+  name: nct-git-commit
+spec:
+  provider: ssh
+  auth:
+    keyName: my-key
+    username: ubuntu
+    publicKey: /path/to/public.key
+    privateKey: /path/to/private.key
+  instance:
+    hostUrl: "my-host.example.com"
+  containerRuntime:
+    install: true
+    name: containerd
+  nvidiaContainerToolkit:
+    install: true
+    enableCDI: true
+    source: git
+    git:
+      # repo defaults to https://github.com/NVIDIA/nvidia-container-toolkit.git
+      ref: abc123def456  # specific commit SHA
+      build:
+        makeTargets: ["all", "test"]
+        extraEnv:
+          CGO_ENABLED: "1"
+          GOFLAGS: "-buildvcs=true"

examples/nct-sources/git-specific-tag.yaml

@@ -0,0 +1,27 @@
+apiVersion: holodeck.nvidia.com/v1alpha1
+kind: Environment
+metadata:
+  name: nct-git-tag
+spec:
+  provider: ssh
+  auth:
+    keyName: my-key
+    username: ubuntu
+    publicKey: /path/to/public.key
+    privateKey: /path/to/private.key
+  instance:
+    hostUrl: "my-host.example.com"
+  containerRuntime:
+    install: true
+    name: containerd
+  nvidiaContainerToolkit:
+    install: true
+    enableCDI: true
+    source: git
+    git:
+      repo: https://github.com/NVIDIA/nvidia-container-toolkit.git
+      ref: refs/tags/v1.17.6
+      build:
+        makeTargets: ["all"]
+        extraEnv:
+          GOFLAGS: "-buildvcs=true"

examples/nct-sources/latest-main.yaml

@@ -0,0 +1,23 @@
+apiVersion: holodeck.nvidia.com/v1alpha1
+kind: Environment
+metadata:
+  name: nct-latest-main
+spec:
+  provider: ssh
+  auth:
+    keyName: my-key
+    username: ubuntu
+    publicKey: /path/to/public.key
+    privateKey: /path/to/private.key
+  instance:
+    hostUrl: "my-host.example.com"
+  containerRuntime:
+    install: true
+    name: containerd
+  nvidiaContainerToolkit:
+    install: true
+    enableCDI: true
+    source: latest
+    latest:
+      track: main
+      # repo defaults to https://github.com/NVIDIA/nvidia-container-toolkit.git

examples/nct-sources/package-stable.yaml

@@ -0,0 +1,23 @@
+apiVersion: holodeck.nvidia.com/v1alpha1
+kind: Environment
+metadata:
+  name: nct-package-stable
+spec:
+  provider: ssh
+  auth:
+    keyName: my-key
+    username: ubuntu
+    publicKey: /path/to/public.key
+    privateKey: /path/to/private.key
+  instance:
+    hostUrl: "my-host.example.com"
+  containerRuntime:
+    install: true
+    name: containerd
+  nvidiaContainerToolkit:
+    install: true
+    enableCDI: true
+    source: package
+    package:
+      channel: stable      # stable or experimental
+      # version: "1.17.6-1"  # optional version pin