Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt

Use this file to discover all available pages before exploring further.

Version: 0.1.0 Type: application

Parameters

Key & DescriptionTypeDefault
directoryCache.affinity
The affinity for the directory-cache controller. This overrides the value of global.nodeSelector.affinity.		object
null
directoryCache.directoryService.directories
The directory services to configure. Click to expand examples.
directories:
  - name: google-example.com
    enabled: true
    ldapUri: ldaps://ldap.google.com:636
    user:
      canary: user@google-example.com
    defaultShell: "/bin/bash"
    fallbackHomeDir: "/home/%u"
    overrideHomeDir: /mnt/nvme/home/%u
    ldapsCert: google-ldaps-cert
    schema: rfc2307bis

directories:
  - name: coreweave.cloud
    enabled: true
    ldapUri: ldap://openldap
    user:
      bindDn: cn=admin,dc=coreweave,dc=cloud
      searchBase: dc=coreweave,dc=cloud
      existingSecret: bind-user-sssd-config
      canary: admin
    defaultShell: "/bin/bash"
    fallbackHomeDir: "/home/%u"
    schema: rfc2307

directories:
  - name: coreweave.cloud
    enabled: true
    ldapUri: ldap://authentik-outpost-ldap-outpost
    user:
      bindDn: cn=ldapsvc,dc=coreweave,dc=cloud
      searchBase: dc=coreweave,dc=cloud
      existingSecret: bind-user-sssd-config
      canary: ldapsvc
    startTLS: true
    userObjectClass: user
    groupObjectClass: group
    userNameAttr: cn
    groupNameAttr: cn
    schema: rfc2307bis

directories:
  - name: contoso.com
    enabled: true
    ldapUri: ldap://domaincontroller.tenant-my-tenant.coreweave.cloud
    user:
      bindDn: CN=binduser,CN=Users,DC=contoso,DC=com
      searchBase: DC=contoso,DC=com
      existingSecret: bind-user-sssd-config
      canary: binduser
    defaultShell: "/bin/bash"
    fallbackHomeDir: "/home/%u"
    schema: AD
listSee individual settings below.
directoryCache.directoryService.directories[0].enabled
Enable the directory service.		bool
false
directoryCache.directoryService.directories[0].ldapsCert
Name of existing TLS certificate for LDAP-S. 
kubectl create secret tls google-ldaps-cert \
        --cert=Google_2025_08_24_55726.crt \
        --key=Google_2025_08_24_55726.key
string
null
directoryCache.directoryService.directories[0].name
Name of the directory service.
The primary domain should always be named: default		string
"default"
directoryCache.directoryService.directories[0].user.existingSecret
Name of an existing secret containing an SSSD configuration snippet with the ldap_default_authtok set for this domain.		string
null
directoryCache.directoryService.directories[0].user.existingSecretFileName
The name of the file in the existing secret that contains the ldap passwords.		string
"ldap-password.conf"
directoryCache.directoryService.watchInterval
The interval in seconds to check for changes in sssd configuration.		int
60
directoryCache.image
The image to use for the directory-cache controller.		object
repository: registry.gitlab.com/coreweave/sunk/directory-cache
tag:
directoryCache.interval
Polling interval for updates to user database		int
null
directoryCache.leaderElection.enabled
This forces the directory-cache controller to use leader election even if the number of replicas is set to 1.
Useful if planning to scale after deployment.		bool
false
directoryCache.logLevel
The log level.
Uses integers or zap log level strings:
  • debug
  • info
  • warn
  • error
  • dpanic
  • panic
  • fatal
string
"info"
directoryCache.minimumUID
The minimum UID to be used to filter users.
int
1000
directoryCache.nsscacheMaps
The nsscache maps used to configure the directory-cache controller. This is only used if source is set to nsscache.		list
[
  "passwd",
  "group"
]
directoryCache.podMonitor.enabled
Enable monitoring via the Prometheus operator PodMonitor CRD.		bool
true
directoryCache.replicas
The number of replicas of the directory-cache controller pod to run.
Leader election will be enabled if this is greater than 1 or leader election is explicitly enabled.		int
1
directoryCache.resources
The resource to request for the directory-cache controller.		object
limits:
    memory: 2Gi
requests:
    cpu: 2
    memory: 2Gi
directoryCache.selectGroups
Groups to select users from which		list
[]
directoryCache.source
The source of user information for the directory-cache controller. Can be sssd, or nsscache.		string
"nsscache"
directoryCache.sssdContainer.livenessProbe
The liveness probe for the sssd container.		object
map[]
directoryCache.sssdContainer.readinessProbe
The readiness probe for the sssd container.		object
map[]
directoryCache.sssdContainer.resources
Resources for the sssd container.		object
limits:
    memory: 2Gi
requests:
    cpu: 1
    memory: 2Gi
directoryCache.sssdContainer.startupProbe
The startup probe for the sssd container.		object
map[]
directoryCache.tolerations
The tolerations for the directory-cache controller deployment.		list
null
directoryCache.vmPodScrape.enabled
Enable monitoring via VictoriaMetrics operator VMPodScrape CRD. Note: To enable this, podMonitor must be disabled in addition to setting vmPodScrape.enabled to true.		bool
false
imagePullSecrets
Image pull secrets to configure if using custom private images.		list
[]
loginController.affinity
The affinity for the login controller. This overrides the value of global.nodeSelector.affinity.		object
null
loginController.image
The image to use for the login-controller.		object
repository: registry.gitlab.com/coreweave/sunk/login-controller
tag:
loginController.leaderElection.enabled
This forces the login-controller to use leader election even if the number of replicas is set to 1.
Useful if planning to scale after deployment.		bool
false
loginController.logLevel
The log level.
Uses integers or zap log level strings:
  • debug
  • info
  • warn
  • error
  • dpanic
  • panic
  • fatal
string
"info"
loginController.podMonitor.enabled
Enable monitoring via the Prometheus operator PodMonitor CRD.		bool
true
loginController.replicas
The number of replicas of the login-controller pod to run.
Leader election will be enabled if this is greater than 1 or leader election is explicitly enabled.		int
1
loginController.resources
The resource to request for the login-controller.		object
limits:
    memory: 2Gi
requests:
    cpu: 2
    memory: 2Gi
loginController.tolerations
The tolerations for the login-controller deployment.		list
null
loginController.vmPodScrape.enabled
Enable monitoring via the VictoriaMetrics operator VMPodScrape CRD. Note: To enable this, podMonitor must be disabled in addition to setting vmPodScrape.enabled to true.		bool
false
Last modified on April 6, 2026