Skip to main content

July 7, 2025

Control Plane Node Pools

As of July 7, 2025, new CKS clusters no longer provision a cpu-control-plane Node Pool. This change improves cluster provisioning speed and reliability by moving managed components out-of-band to the CKS Control Plane.

Some CKS-managed components will continue to be scheduled onto customer-owned Node Pools. The deployment location of the following CKS-managed components have changed:

Affected ComponentRuns on CKS Control PlaneRuns on Customer Nodes
CiliumCilium OperatorCilium Agent
EventRouterEventRouterN/A
HPC VerificationHPC Verification Workflow ControllerHPC Verification Workflows
KubeStateMetricsKubeStateMetricsN/A
Victoria MetricsVictoria Metrics OperatorVM Agents

Clusters deployed before this date continue to use a cpu-control-plane Node Pool. These older clusters are fully supported, and CoreWeave's Support Team will assist with migration on a per-customer basis.

App Deprecations

Prometheus Operator and Kubernetes Metrics Server are no longer installed in new clusters but remain on any cluster created before July 7, 2025.

CKS: New Kubernetes API endpoint for unmanaged auth

CoreWeave Kubernetes Service (CKS) now supports a new Kubernetes API endpoint for unmanaged authentication. This endpoint allows users to authenticate with the Kubernetes API without relying on CoreWeave's managed authentication service.

Managed vs. unmanaged authentication

Managed authentication

The managed authentication endpoint follows the format https://<id>.k8s.<zone>.coreweave.com and can be found on the Cluster Status page of the CoreWeave Cloud Console by clicking Copy public address.

Kubeconfigs generated by the CoreWeave Cloud Console for CKS clusters use this endpoint by default. The managed authentication service handles user authentication and authorization only for user identities in the CoreWeave Cloud Console. It does not support Kubernetes Service Account Tokens, OIDC access tokens, or anonymous API server URIs.

Unmanaged authentication

The new unmanaged authentication endpoint is available at https://api.<id>.k8s.<zone>.coreweave.com. You can create this URL by adding the api. prefix after clicking Copy public address on the Cluster Status page.

Unmanaged authentication allows users to authenticate with the Kubernetes API using Kubernetes Service Account Tokens, OIDC access tokens, or anonymous API server URIs. This endpoint is intended for users who prefer to manage their own authentication and authorization mechanisms. Kubeconfigs and access tokens generated by the CoreWeave Cloud Console for CKS clusters are not supported by this endpoint.

Note

CKS clusters previously offered an undocumented unmanaged authentication endpoint at https://api.<orgId>-<clusterName>.k8s.<zone>.coreweave.com. This endpoint is now deprecated.