Skip to main content

Slurm Login Parameter Reference

Version: 0.1.0 Type: application

Parameters

Key & DescriptionTypeDefault

directoryCache.affinity
The affinity for the directory-cache controller. This overrides the value of global.nodeSelector.affinity.

object
null

directoryCache.directoryService.directories
The directory services to configure. Click to expand examples.

Google Secure LDAP
Example
directories:

  - name: google-example.com

    enabled: true

    ldapUri: ldaps://ldap.google.com:636

    user:

    defaultShell: "/bin/bash"

    fallbackHomeDir: "/home/%u"

    overrideHomeDir: /mnt/nvme/home/%u

    ldapsCert: google-ldaps-cert

    schema: rfc2307bis
CoreWeave LDAP
Example
directories:

  - name: coreweave.cloud

    enabled: true

    ldapUri: ldap://openldap

    user:

      bindDn: cn=admin,dc=coreweave,dc=cloud

      searchBase: dc=coreweave,dc=cloud

      existingSecret: bind-user-sssd-config

      canary: admin

    defaultShell: "/bin/bash"

    fallbackHomeDir: "/home/%u"

    schema: rfc2307
Authentik
Example
directories:

  - name: coreweave.cloud

    enabled: true

    ldapUri: ldap://authentik-outpost-ldap-outpost

    user:

      bindDn: cn=ldapsvc,dc=coreweave,dc=cloud

      searchBase: dc=coreweave,dc=cloud

      existingSecret: bind-user-sssd-config

      canary: ldapsvc

    startTLS: true

    userObjectClass: user

    groupObjectClass: group

    userNameAttr: cn

    groupNameAttr: cn

    schema: rfc2307bis
Active Directory
Example
directories:

  - name: contoso.com

    enabled: true

    ldapUri: ldap://domaincontroller.tenant-my-tenant.coreweave.cloud

    user:

      bindDn: CN=binduser,CN=Users,DC=contoso,DC=com

      searchBase: DC=contoso,DC=com

      existingSecret: bind-user-sssd-config

      canary: binduser

    defaultShell: "/bin/bash"

    fallbackHomeDir: "/home/%u"

    schema: AD
list 

directoryCache.directoryService.directories[0].enabled
Enable the directory service.

bool
false

directoryCache.directoryService.directories[0].ldapsCert
Name of existing TLS certificate for LDAP-S.

Example: click to expand
Example
kubectl create secret tls google-ldaps-cert \

        --cert=Google_2025_08_24_55726.crt \

        --key=Google_2025_08_24_55726.key
string
null

directoryCache.directoryService.directories[0].name
Name of the directory service.
The primary domain should always be named: default

string
"default"

directoryCache.directoryService.directories[0].user.existingSecret
Name of an existing secret containing an SSSD configuration snippet with the ldap_default_authtok set for this domain.

string
null

directoryCache.directoryService.directories[0].user.existingSecretFileName
The name of the file in the existing secret that contains the ldap passwords.

string
"ldap-password.conf"

directoryCache.directoryService.watchInterval
The interval in seconds to check for changes in sssd configuration.

int
60

directoryCache.image
The image to use for the directory-cache controller.

object
repository: registry.gitlab.com/coreweave/sunk/directory-cache

tag:

directoryCache.interval
Polling interval for updates to user database

int
null

directoryCache.leaderElection.enabled
This forces the directory-cache controller to use leader election even if the number of replicas is set to 1.
Useful if planning to scale after deployment.

bool
false

directoryCache.logLevel
The log level.
Uses integers or zap log level strings:

  • debug
  • info
  • warn
  • error
  • dpanic
  • panic
  • fatal

string
"info"

directoryCache.podMonitor.enabled
Enable monitoring via Prometheus operator PodMonitor CRD.

bool
false

directoryCache.replicas
The number of replicas of the directory-cache controller pod to run.
Leader election will be enabled if this is greater than 1 or leader election is explicitly enabled.

int
1

directoryCache.resources
The resource to request for the directory-cache controller.

object
limits:

    cpu: 2

    memory: 2Gi

requests:

    cpu: 2

    memory: 2Gi

directoryCache.selectGroups
Groups to select users from which

list
[

  "slurm-users"

]

directoryCache.sssdContainer.livenessProbe
The liveness probe for the sssd container.

object
map[]

directoryCache.sssdContainer.readinessProbe
The readiness probe for the sssd container.

object
map[]

directoryCache.sssdContainer.resources
Resources for the sssd container.

object
limits:

    cpu: 1

    memory: 2Gi

directoryCache.sssdContainer.startupProbe
The startup probe for the sssd container.

object
map[]

directoryCache.tolerations
The tolerations for the directory-cache controller deployment.

list
null

imagePullSecrets
Image pull secrets to configure if using custom private images.

list
[]

loginController.affinity
The affinity for the login controller. This overrides the value of global.nodeSelector.affinity.

object
null

loginController.image
The image to use for the login-controller.

object
repository: registry.gitlab.com/coreweave/sunk/login-controller

tag:

loginController.leaderElection.enabled
This forces the login-controller to use leader election even if the number of replicas is set to 1.
Useful if planning to scale after deployment.

bool
false

loginController.logLevel
The log level.
Uses integers or zap log level strings:

  • debug
  • info
  • warn
  • error
  • dpanic
  • panic
  • fatal

string
"info"

loginController.podMonitor.enabled
Enable monitoring via Prometheus operator PodMonitor CRD.

bool
false

loginController.replicas
The number of replicas of the login-controller pod to run.
Leader election will be enabled if this is greater than 1 or leader election is explicitly enabled.

int
1

loginController.resources
The resource to request for the login-controller.

object
limits:

    cpu: 2

    memory: 2Gi

requests:

    cpu: 2

    memory: 2Gi

loginController.tolerations
The tolerations for the login-controller deployment.

list
null
Last updated on