Skip to content

feat: add custom CA support and fix deprecated image tags#124

Merged
Defilan merged 2 commits intomainfrom
feat/custom-ca-cert
Jan 22, 2026
Merged

feat: add custom CA support and fix deprecated image tags#124
Defilan merged 2 commits intomainfrom
feat/custom-ca-cert

Conversation

@Defilan
Copy link
Copy Markdown
Member

@Defilan Defilan commented Jan 22, 2026

Description

This PR addresses two critical issues for enterprise and production deployments:

  1. Custom CA Certificates: Adds a new --ca-cert-configmap flag to the controller. This enables users in air-gapped or corporate environments (with SSL inspection) to provide a custom CA bundle for the model downloader.
  2. Fix Deprecated Image Tags: The upstream llama.cpp project renamed their organization and reorganized tags. The old default ghcr.io/ggerganov/llama.cpp:server is now deprecated/missing. This PR updates all references to ghcr.io/ggml-org/llama.cpp:server.

Closes #122
Closes #123

Changes

  • Controller: Added --ca-cert-configmap flag and logic to mount the ConfigMap to init containers.
  • Controller: Updated default image constant to ghcr.io/ggml-org/llama.cpp:server.
  • Docs: Added 'Advanced Configuration' section to README explaining how to use custom CAs.
  • Config/Samples: Updated all YAML samples to use the new upstream image tags.
  • Tests: Updated E2E tests to expect the new image tags.

Verification

  • Custom CA: Verified locally with Minikube. Created a ConfigMap with a CA cert, ran controller with flag, and verified model-downloader mounted it and exported CURL_CA_BUNDLE.
  • Image Tags: Verified that the new upstream image ghcr.io/ggml-org/llama.cpp:server exists (via docs/search) and replaced all occurrences in the codebase.

@Defilan
feat(controller): add support for custom CA certificates
df35066 
Adds a new flag --ca-cert-configmap to the controller manager.
If provided, the controller will mount the specified ConfigMap
to the model-downloader init container and configure curl to use
the CA certificate found within it. This enables model downloading
in environments with SSL inspection or custom internal CAs.

Signed-off-by: Christopher Maher <chris@mahercode.io>
@Defilan
feat: add custom CA support and fix deprecated image tags
84dbceb 
This commit addresses two key issues:

1. Adds support for custom CA certificates via a new --ca-cert-configmap
   flag on the controller. This allows model downloads to work in environments
   with SSL inspection or private CAs.
2. Updates all references to the deprecated `ghcr.io/ggerganov/llama.cpp:server`
   image to the new upstream location `ghcr.io/ggml-org/llama.cpp:server`.

Closes #122
Closes #123

Signed-off-by: Christopher Maher <chris@mahercode.io>
@Defilan Defilan force-pushed the feat/custom-ca-cert branch from 851c285 to 84dbceb Compare January 22, 2026 19:08
@Defilan Defilan merged commit 5ec912e into main Jan 22, 2026
14 checks passed
@Defilan Defilan deleted the feat/custom-ca-cert branch January 22, 2026 19:19
@github-actions github-actions bot mentioned this pull request Jan 22, 2026
Merged
@github-actions github-actions bot mentioned this pull request Mar 4, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE] Support custom CA certificates for model downloads [BUG] Default llama.cpp image tag "server" is deprecated/missing

1 participant

@Defilan