Skip to content

Get started

Install the client

To log into the Kubernetes cluster, you need to download the Kubectl client. If you want to build new container images, you should also install Docker.

Additionally, you need to download kubelogin, which is a plugin facilitating SSO authentication. Make sure you put it in your PATH as kubectl-oidc_login.

Warning

kubelogin is a new requirement. If you are not yet using kubelogin, please update as soon as possible. We will soon be reducing the validity of the previous config files to a single day.

Obtain your config file

Go to https://config.hsrn.nyu.edu/ and click on "get your config".

After you log in, you will be shown a YAML file. Put that file in .kube/config in your home directory (that's a file called config, with no file extension, in a directory called .kube. You can create the .kube directory if it doesn't exist.)

Alternatively, you can put the configuration file somewhere else and either:

  • set the KUBECONFIG environment variable to its location; or
  • use the --kubeconfig option every time you run kubectl, for example kubectl --kubeconfig /Users/remi/kubeconfig.nyu.txt get pod

Warning

If you are not using kubelogin, the configuration file contains the secret key that allows you to access the cluster. Do not share that file with anybody else.

Get access

After you log in for the first time, an HSRN staff member will have to add you to a Kubernetes namespace. Email hsrn-support@nyu.edu with your netID.

If you are joining an existing project, please mention its namespace so you can be added. If you need a new namespace (project space), make sure to mention it (for example liquid-matrix-manipulation). We will process your request and send a confirmation when the setup is complete.

If you are a student, you will need the faculty or staff member sponsoring your research to email us instead.

Warning

Please get your configuration file as outlined above before emailing us. We will not be able to give you access until you have signed in at least once.

Once you have access and you have downloaded your configuration file (see previous section), you can select your namespace by entering the following (replacing MY-NAMESPACE with your actual namespace):

kubectl config set-context --current --namespace MY-NAMESPACE

Check your access by doing:

kubectl auth can-i create pods

Next steps

Remember that containers are not meant to be long-lived and may be restarted at any time. If you need a workload to run to completion, wrap it in a Batch Job and Kubernetes will automatically restart it if it fails (possibly on a different machine). Make sure your workload can restart where it left off if possible.

The Kubernetes documentation has more details about the core concepts, as well as many tutorials. You can also find tutorials here from the sidebar on the left.