Skip to main content

Implement Unmanaged Authentication

Use a Kubernetes API endpoint for unmanaged authentication

Overview

To use unmanaged authentication, connect to the following API endpoint:

https://api.<Org ID>-<Cluster Hash>.k8s.<Zone>.coreweave.com
  • <Org ID> is the Org ID on the Settings page in Cloud Console.

  • <Cluster Hash> is the unique identifier for your cluster's endpoint.

    You can find it:

    • In the Overview section of your cluster's details in the Cloud Console.
    • In the apiServerEndpoint field under the JSON tab of the cluster details.
  • <Zone> is the deployment Zone for your cluster, in lowercase (for example, us-east-04a).

Create an unmanaged authentication endpoint

Add api. to the beginning of your cluster's API server endpoint. For example, if your API server endpoint is:

abc123-abcd1234.k8s.us-east-04a.coreweave.com

The resulting unmanaged authentication endpoint is:

api.abc123-abcd1234.k8s.us-east-04a.coreweave.com
Deprecation notice

CKS clusters previously offered an unmanaged authentication endpoint at https://api.<orgId>-<clusterName>.k8s.<zone>.coreweave.com. Endpoints that use the Cluster Name instead of the Cluster Hash are deprecated.

Authentication methods

You can authenticate with this endpoint using:

  • Kubernetes service account tokens
  • OIDC access tokens
  • Webhook authentication

This endpoint does not support the API access tokens in the kubeconfig files downloaded from CoreWeave Cloud Console.