Skip to main content
Individual login pods give each user their own Slurm login pod. They isolate each user’s session, simplify access control, and let a directory service manage user identities centrally. How you configure login pods depends on how you deploy SUNK:
  • Helm chart deployments: Configure individual login pods through the slurm-login subchart of the Slurm chart, as described on this page. This applies to SUNK deployed and managed directly through its Helm charts.
  • Self-service SUNK (SunkCluster CR): Don’t use the slurm-login subchart. Configure login pods declaratively on the SunkCluster resource under spec.login instead, where userPods creates a per-user login pod for each member of a group and groupPod creates a shared per-group pod. See Create a SUNK cluster and the SunkCluster reference.
This page covers the Helm chart deployment path. If you manage your cluster through the self-service SunkCluster custom resource, configure login pods on spec.login as described in the SunkCluster reference, not through the slurm-login subchart.
The rest of this page shows administrators of Helm chart deployments how to enable per-user Slurm login pods, integrate them with a directory service, and verify the resulting resources. Pass these configuration values from the values.yaml of the Slurm chart to define how slurm-login integrates and functions.

Prerequisites

Before you configure individual login pods, make sure you have:
  • A SUNK cluster deployed and managed through the Slurm Helm charts. Self-service SunkCluster deployments configure login pods on spec.login instead, as described in the preceding note.
  • Access to edit the Slurm chart’s values.yaml, where you set the slurm-login parameters.
  • A directory service configured for user identities, either nsscache for SCIM or SSSD for LDAP. See manage users with nsscache and manage users with a directory service.
  • The user groups you want to grant access to, defined in that directory service, so you can reference them in slurm-login.directoryCache.selectGroups.
  • kubectl access to the cluster to verify the resulting StatefulSets and Services.

Manage individual login pods

You can enable, reboot, and access individual login pods using the following capabilities:
  • Enable the deployment of the subchart: To enable the slurm-login capability as part of the Slurm chart, set the slurm-login.enabled parameter to true.
  • Reboot individual login pods: If an individual login pod is out of sync with the underlying StatefulSet, run the reboot command from within the pod. This command deletes and recreates the pod using the updated version. If the pod is out of sync, a Message of the Day (MOTD) appears at SSH login with instructions to reboot: 
    **********************************************************************
*                                                                    *
* The login statefulset has been updated, please restart your login  *
* pod to get the latest changes.                                     *
*                                                                    *
* To restart the login pod, issue the command "reboot".              *
**********************************************************************
  • Access individual login pods: For instructions on accessing each individual Slurm login pod and running Slurm jobs, refer to Connect to a Slurm login node.

Manage user identities and provision resources

The slurm-login.directoryCache parameter defines the directory service configuration used for managing user identities and provisioning resources. The following sections describe its key sub-values.

Select users by group

slurm-login.directoryCache.selectGroups provides a list of user groups, from which the slurm-login chart retrieves all associated users. This acts as a filter, so it includes only users that belong to one of the specified groups. It uses OR logic, so a user must be in at least one of the listed groups to be selected.

Define the polling interval

slurm-login.directoryCache.interval defines the polling interval for detecting changes to users and user groups. This interval determines how frequently updates are applied, and resources are modified accordingly.

List directory services

slurm-login.directoryCache.directoryService.directories specifies a list of directory services to configure. This is similar to the directoryService configuration in Slurm and can be duplicated or referenced using a YAML anchor for reuse.

Example nsscache configuration

The following shows a typical nsscache configuration: 
slurm-login:
  enabled: true
  directoryCache:
    source: nsscache
    selectGroups: ["group1", "group2"]
See manage users with nsscache for instructions on configuring nsscache.

Example SSSD configuration

The following shows a typical SSSD configuration: 
slurm-login:
  enabled: true
  directoryCache:
    source: sssd
    selectGroups: ["group1", "group2"]
    interval: 1m
    directoryService:
      # Google Secure LDAP
      directories:
        - name: google-example.com
          enabled: true
          ldapUri: ldaps://ldap.google.com:636
          user:
            canary: user@google-example.com
          defaultShell: "/bin/bash"
          fallbackHomeDir: "/home/%u"
          overrideHomeDir: /mnt/nvme/home/%u
          ldapsCert: google-ldaps-cert
          schema: rfc2307bis
For more information about configuring SSSD, see manage users with a directory service.

Verify individual Slurm login resources

To verify created resources, use the StatefulSets and Services as shown in the following commands. 
kubectl get sts
The output is similar to the following: 
NAME                             READY   AGE
slurm-login                      1/1     20d
slurm-login-slurmuser1-7fcd49e   1/1     31d
slurm-login-slurmuser2-a19c153   1/1     31d
slurm-login-slurmuser3-4fe7f1d   1/1     31d
slurm-login-slurmuser4-4f705de   1/1     31d
slurm-login-slurmuser5-5e909b3   1/1     31d

kubectl get svc
The output is similar to the following: 
NAME                             TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
slurm-login                      LoadBalancer   10.96.46.53     <pending>     22:31408/TCP   35d
slurm-login-0                    LoadBalancer   10.96.146.233   <pending>     22:31276/TCP   35d
slurm-login-slurmuser1-7fcd49e   ClusterIP      10.96.61.246    <none>        22/TCP         32d
slurm-login-slurmuser2-a19c153   ClusterIP      10.96.160.110   <none>        22/TCP         32d
slurm-login-slurmuser3-4fe7f1d   ClusterIP      10.96.2.45      <none>        22/TCP         32d
slurm-login-slurmuser4-4f705de   ClusterIP      10.96.203.63    <none>        22/TCP         32d
slurm-login-slurmuser5-5e909b3   ClusterIP      10.96.184.148   <none>        22/TCP         32d
These commands confirm that the per-user StatefulSets and Services exist for each selected user. Optionally, to ensure that users only use their designated pods, you can disable the shared Slurm login StatefulSet and slurm-login Service.

Parameter reference table

The following table summarizes the slurm-login parameters described in the preceding sections for quick reference. For the full list, see the Slurm login parameter reference.
ParameterDescription
slurm-login.enabledSet this value to true in the Slurm chart to enable the slurm-login chart.
slurm-login.directoryCacheDefines the directory service configuration used for managing user identities and provisioning resources. The key sub-values include:
slurm-login.directoryCache.selectGroupsProvides a list of user groups that the slurm-login chart uses to retrieve all associated users. This acts as a filter, meaning only users belonging to any of the specified groups are included. It uses OR logic, so a user must be in at least one of the listed groups to be selected.
slurm-login.directoryCache.intervalDefines the polling interval for detecting changes to users and user groups. This interval determines how frequently updates are applied, and resources are modified accordingly.
slurm-login.directoryCache.directoryService.directoriesSpecifies a list of directory services to configure. This is similar to the directoryService configuration in Slurm and can be duplicated or referenced using a YAML anchor for reuse.
For extra customizations, refer to the full parameters list.
Last modified on June 17, 2026