Introduction to Unmanaged Authentication
Understand how CKS implements unmanaged authentication
In CKS, unmanaged authentication refers to the use of user identities and credentials that are not managed within the CoreWeave cloud platform.
API endpoint
CKS provides a Kubernetes API endpoint for implementing unmanaged authentication. This endpoint allows users to authenticate with the Kubernetes API without relying on CoreWeave's Managed Auth service.
This endpoint is intended for users who prefer to manage their own authentication mechanisms for CKS clusters such as OIDC, Service Account tokens, and authentication webhooks. This provides flexibility for organizations with specific authentication requirements that cannot be met through CoreWeave-managed authentication.
Using the unmanaged auth API endpoint is best for the following scenarios:
- OIDC authentication: Integrate standard OIDC IdPs for authentication to your CKS clusters
- Service Account authentication: Use Kubernetes Service Account tokens to authenticate with your CKS clusters
- Custom authentication providers: Integrate with enterprise identity systems not supported by standard OIDC
- Multi-factor authentication: Implement custom MFA workflows
Unmanaged auth can be configured on existing clusters without requiring cluster recreation.
To learn how to implement unmanaged auth, see Implement Unmanaged Authentication.