Skip to main content

Once you have an account on the DGX cluster, you will need to generate Kubernetes user token to gain access to the DGX cluster compute nodes by submitting jobs through Kubernetes.  Follow these steps to create Kubernetes user token.

Log in to, Longleaf login node with your ONYEN and ONYEN password.


In your home directory, create a subdirectory named .kube.

mkdir ~/.kube
cd ~/.kube

Use your favorite web browser, browse the following web page.

Leave everything as default, click “Request Token” to create token, enter your ONYEN and ONYEN password to proceed.  Copy the whole output on screen and save it in your .kube directory as a file named “config-user”.

Next, in Longleaf prompt, run the following 3 commands WITHOUT changing anything in these commands.  Just copy these 3 commands and run them at Longleaf prompt.

cat /usr/local/share/ca-certificates/config-cluster config-user > config
sed -i "s/your_onyen/$USER/g" config
sed -i -e '/id-token/r /usr/local/share/ca-certificates/idp-certificate-authority-data' config

In the first command, we merge the cluster token with your user token into one with this command and save as file “config”.  The second command is to edit the file with your own real ONYEN (again, DO NOT replace “your_onyen” with your ONYEN).  The third command is to copy the whole content in file idp-certificate-authority-data and paste it under “id-token”.

Run the following Kubernetes command to display nodes in the DGX cluster to make sure that your Kubernetes token is valid.

kubectl get node

If the command returns with a list of nodes in the DGX cluster, you have successfully created your token to access the DGX cluster.