From 455603bc9f13f2ead715190213d943648b85b72a Mon Sep 17 00:00:00 2001
From: Joji Mekkattuparamban <jojim@nvidia.com>
Date: Fri, 30 Jan 2026 08:29:14 -0800
Subject: [PATCH 1/2] Enable cc manager by default on all kata nodes

Signed-off-by: Joji Mekkattuparamban <jojim@nvidia.com>
---
 assets/state-cc-manager/0500_daemonset.yaml | 1 -
 deployments/gpu-operator/values.yaml        | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/assets/state-cc-manager/0500_daemonset.yaml b/assets/state-cc-manager/0500_daemonset.yaml
index fa234b253..85fb9f9ca 100644
--- a/assets/state-cc-manager/0500_daemonset.yaml
+++ b/assets/state-cc-manager/0500_daemonset.yaml
@@ -20,7 +20,6 @@ spec:
           effect: NoSchedule
       nodeSelector:
         nvidia.com/gpu.deploy.cc-manager: "true"
-        nvidia.com/cc.capable: "true"
       priorityClassName: system-node-critical
       serviceAccountName: nvidia-cc-manager
       containers:
diff --git a/deployments/gpu-operator/values.yaml b/deployments/gpu-operator/values.yaml
index c501a5fce..a4d51904f 100644
--- a/deployments/gpu-operator/values.yaml
+++ b/deployments/gpu-operator/values.yaml
@@ -503,8 +503,8 @@ sandboxDevicePlugin:
   resources: {}
 
 ccManager:
-  enabled: false
-  defaultMode: "off"
+  enabled: true
+  defaultMode: "on"
   repository: nvcr.io/nvidia/cloud-native
   image: k8s-cc-manager
   version: v0.1.1

From bd954f7ce25707d33519862f3a22b7d15b942078 Mon Sep 17 00:00:00 2001
From: Joji Mekkattuparamban <jojim@nvidia.com>
Date: Fri, 30 Jan 2026 08:44:56 -0800
Subject: [PATCH 2/2] Eliminate cc specific nfd rules, handled elsewhere

Signed-off-by: Joji Mekkattuparamban <jojim@nvidia.com>
---
 .../templates/nodefeaturerules.yaml           | 105 ------------------
 1 file changed, 105 deletions(-)

diff --git a/deployments/gpu-operator/templates/nodefeaturerules.yaml b/deployments/gpu-operator/templates/nodefeaturerules.yaml
index b8c3a6cd8..4584cffc1 100644
--- a/deployments/gpu-operator/templates/nodefeaturerules.yaml
+++ b/deployments/gpu-operator/templates/nodefeaturerules.yaml
@@ -1,111 +1,6 @@
 {{- if .Values.nfd.nodefeaturerules }}
 apiVersion: nfd.k8s-sigs.io/v1alpha1
 kind: NodeFeatureRule
-metadata:
-  name: nvidia-nfd-nodefeaturerules
-spec:
-  rules:
-    - name: "TDX rule"
-      labels:
-        tdx.enabled: "true"
-      matchFeatures:
-        - feature: cpu.security
-          matchExpressions:
-              tdx.enabled: {op: IsTrue}
-    - name: "TDX total keys rule"
-      extendedResources:
-        tdx.total_keys: "@cpu.security.tdx.total_keys"
-      matchFeatures:
-        - feature: cpu.security
-          matchExpressions:
-            tdx.enabled: {op: IsTrue}
-    - name: "SEV-SNP rule"
-      labels:
-        sev.snp.enabled: "true"
-      matchFeatures:
-      - feature: cpu.security
-        matchExpressions:
-          sev.snp.enabled:
-            op: IsTrue
-    - name: "SEV-ES rule"
-      labels:
-        sev.es.enabled: "true"
-      matchFeatures:
-      - feature: cpu.security
-        matchExpressions:
-          sev.es.enabled:
-            op: IsTrue
-    - name: SEV system capacities
-      extendedResources:
-        sev_asids: '@cpu.security.sev.asids'
-        sev_es: '@cpu.security.sev.encrypted_state_ids'
-      matchFeatures:
-      - feature: cpu.security
-        matchExpressions:
-          sev.enabled:
-            op: Exists
-    - name: "NVIDIA H100"
-      labels:
-        "nvidia.com/gpu.H100": "true"
-        "nvidia.com/gpu.family": "hopper"
-      matchFeatures:
-        - feature: pci.device
-          matchExpressions:
-            vendor: {op: In, value: ["10de"]}
-            device: {op: In, value: ["2339"]}
-    - name: "NVIDIA H100 PCIe"
-      labels:
-        "nvidia.com/gpu.H100.pcie": "true"
-        "nvidia.com/gpu.family": "hopper"
-      matchFeatures:
-        - feature: pci.device
-          matchExpressions:
-            vendor: {op: In, value: ["10de"]}
-            device: {op: In, value: ["2331"]}
-    - name: "NVIDIA H100 80GB HBM3"
-      labels:
-        "nvidia.com/gpu.H100.HBM3": "true"
-        "nvidia.com/gpu.family": "hopper"
-      matchFeatures:
-        - feature: pci.device
-          matchExpressions:
-            vendor: {op: In, value: ["10de"]}
-            device: {op: In, value: ["2330"]}
-    - name: "NVIDIA H800"
-      labels:
-        "nvidia.com/gpu.H800": "true"
-        "nvidia.com/gpu.family": "hopper"
-      matchFeatures:
-        - feature: pci.device
-          matchExpressions:
-            vendor: {op: In, value: ["10de"]}
-            device: {op: In, value: ["2324"]}
-    - name: "NVIDIA H800 PCIE"
-      labels:
-        "nvidia.com/gpu.H800.pcie": "true"
-        "nvidia.com/gpu.family": "hopper"
-      matchFeatures:
-        - feature: pci.device
-          matchExpressions:
-            vendor: {op: In, value: ["10de"]}
-            device: {op: In, value: ["2322"]}
-    - name: "NVIDIA CC Enabled"
-      labels:
-        "nvidia.com/cc.capable": "true"
-      matchAny: # TDX/SEV + Hopper GPU
-       - matchFeatures:
-          - feature: rule.matched
-            matchExpressions:
-              nvidia.com/gpu.family: {op: In, value: ["hopper"]}
-              sev.snp.enabled: {op: IsTrue}
-       - matchFeatures:
-          - feature: rule.matched
-            matchExpressions:
-              nvidia.com/gpu.family: {op: In, value: ["hopper"]}
-              tdx.enabled: {op: IsTrue}
----
-apiVersion: nfd.k8s-sigs.io/v1alpha1
-kind: NodeFeatureRule
 metadata:
   name: nvidia-kernel-modules
 spec: