Implement Unmanaged Authentication
Use a Kubernetes API endpoint for unmanaged authentication
Overview
To use unmanaged authentication, connect to the following API endpoint:
https://api.<Org ID>-<Cluster Hash>.k8s.<Zone>.coreweave.com
-
<Org ID>
is the Org ID on the Settings page in Cloud Console. -
<Cluster Hash>
is the unique identifier for your cluster's endpoint.You can find it:
- In the Overview section of your cluster's details in the Cloud Console.
- In the
apiServerEndpoint
field under the JSON tab of the cluster details.
-
<Zone>
is the deployment Zone for your cluster, in lowercase (for example,us-east-04a
).
Create an unmanaged authentication endpoint
Add api.
to the beginning of your cluster's API server endpoint. For example, if your API server endpoint is:
abc123-abcd1234.k8s.us-east-04a.coreweave.com
The resulting unmanaged authentication endpoint is:
api.abc123-abcd1234.k8s.us-east-04a.coreweave.com
CKS clusters previously offered an unmanaged authentication endpoint at https://api.<orgId>-<clusterName>.k8s.<zone>.coreweave.com
. Endpoints that use the Cluster Name instead of the Cluster Hash are deprecated.
Authentication methods
You can authenticate with this endpoint using:
- Kubernetes service account tokens
- OIDC access tokens
- Webhook authentication
This endpoint does not support the API access tokens in the kubeconfig files downloaded from CoreWeave Cloud Console.