Documentation Index
Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt
Use this file to discover all available pages before exploring further.
Algorithm
A set of rules or instructions to solve a problem or perform a computation.Attribute-Based Access Control (ABAC)
A policy-based access control model where access is determined by evaluating attributes (e.g., user, resource, environment).Audit Logging
Tracking and recording system events and user activities for security analysis and compliance.Automation
The use of technology to perform tasks with minimal human intervention.Availability Zone (AZ)
An AZ is a partition within a Region that hosts one or more data halls. AZs are physically and operationally independent from each other to prevent failures from propagating across them. For example, in theUS-EAST-05 Region, Availability Zone a is named US-EAST-05a.
See also: Geo, Region
Border Gateway Protocol (BGP)
A standardized exterior gateway protocol that exchanges routing information between different autonomous systems on the internet. BGP is the protocol used to make core routing decisions on the internet.Classless Inter-Domain Routing (CIDR)
CIDR is a method for allocating IP addresses and routing IP packets. See also: CIDR notation.cloud-init
An industry standard method for cloud instance initialization. CoreWeave uses Cloud-Init to pass configuration data to Nodes at boot time.Cloud Access Security Broker (CASB)
A security tool that provides visibility and control over data and threats in cloud services.Cloud Compliance
Ensuring that cloud systems adhere to regulatory standards like SOC 2, HIPAA, ISO 27001, or FedRAMP.Cloud-Native Application Protection Platform (CNAPP)
Unified security architecture that integrates CWPP, CSPM, and CI/CD pipeline protection.Cloud Security
Practices and technologies designed to protect cloud-based infrastructure, data, and applications from threats and unauthorized access.Cloud Security Posture Management (CSPM)
Tools that continuously monitor cloud configurations to identify security risks and misconfigurations.Cloud Service Provider (CSP)
A company that offers cloud computing services, such as AWS, Azure, and Google Cloud.Cloud Workload Protection Platform (CWPP)
A security solution that protects workloads across cloud and on-prem environments.Cluster
A group of interconnected computers working together as a single system.Cognitive Computing
Computer systems that simulate human thought processes.Confidential Computing
Protecting data in use by performing computations in hardware-based Trusted Execution Environments (TEEs).Control Plane
The Control Plane is a collection of resources that manages the state of the cluster as a whole. Its job is to regulate the cluster, making sure it’s responsive, it’s efficiently managing containerized applications, and it’s stable.CoreWeave Cloud Console
The interface for managing CoreWeave resources, hosted at console.coreweave.com.CoreWeave Kubernetes Service (CKS)
CoreWeave Kubernetes Service (CKS) is a managed Kubernetes service that provides a secure, scalable, and reliable platform for deploying containerized applications. CKS is built on CoreWeave’s proprietary infrastructure and is designed to deliver high-performance computing resources to customers.CPU
A Central Processing Unit (CPU) is the hardware within a computer that carries out the instructions of a computer program by performing basic arithmetic, logical, control, and input/output operations specified by the instructions.Custom Resource (CR)
A Custom Resource is an instance of a . It’s the actual object created with the Kubernetes API. See also: Custom ResourcesCustom Resource Definition (CRD)
CRDs are an extension of the Kubernetes API that allows you to define custom resources and controllers. CRDs enable you to extend the functionality of Kubernetes by defining new resources and controllers that are not part of the core Kubernetes API. A CRD is the blueprint for a type of . See also: Custom ResourcesData Loss Prevention (DLP)
A strategy to prevent unauthorized sharing or leakage of sensitive data.Data Plane
The part of Kubernetes that deals with application and data traffic.Data Processing Unit (DPU)
A programmable infrastructure-on-a-chip that combines an array of ARM-based CPU cores, acceleration engines, and a high-performance network interface. DPUs function as a “computer-in-front-of-a-computer” and are fully isolated from the host’s CPU. DPUs provide network, storage, and encryption functions on Direct Metal Nodes, enabling CoreWeave to deliver scalable, flexible, and secure cloud services. See What Is a DPU? at NVIDIA’s Blog.Day 0
The phase in the lifecycle of a CoreWeave Node where it is initially configured after powering on.Day 1
The phase in the lifecycle of a CoreWeave Node where it is intensively validated before delivery to a customer.Day 2+
The phase in the lifecycle of a CoreWeave Node once it has been delivered to a customer, and is continuously monitored and validated by CoreWeave.DevSecOps
An approach that integrates security practices directly into DevOps workflows.Dynamic Host Configuration Protocol (DHCP)
A network protocol that automatically assigns IP addresses and other network configuration settings to devices on a network.Encryption at Rest
Protecting stored data using encryption mechanisms.Encryption in Transit
Securing data as it travels across networks using protocols like TLS.Ethernet Virtual Private Network (EVPN)
EVPN simplifies Control Planes for various Virtual Private Network (VPN) services by extending Ethernet (Layer 2) services over a broader network, typically an IP/MPLS network. EVPN supports multi-tenancy, allowing different customers’ networks to share the same physical infrastructure while keeping their traffic separate and secure. EVPN is widely used in interconnect scenarios, and for integrating distributed regional and campus networks. EVPN brings the advantages of traffic balancing and flexible deployment from IP VPNs into the Ethernet domain.EVPN Type 5
A Type 5 deals exclusively with IP route advertisement, differentiating it from other types (such as Type 2) that include address advertisement.EVPN-VXLAN integration
Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) combines ’s Control Plane with ’s Data Plane. Combined, these technologies create virtual Layer 2 networks that span Layer 3 boundaries in large-scale environments. This integration allows seamless communication between devices, regardless of their physical location or the underlying network infrastructure, while maintaining efficient traffic handling and scalability.Federated Identity
An authentication method allowing users to log in across multiple systems using a single identity (via OIDC/SAML).Geo
A Geo covers multiple , facilitating global service distribution and disaster recovery. At CoreWeave, the term Geo defines an entire continent, ensuring comprehensive coverage and reliability for global operations. For example, all Regions in the United States are in theUS Geo.
See also: Region, Availability Zone (AZ)
GPU
A Graphics Processing Unit (GPU) is a parallel processor that is designed to accelerate vector and matrix operations. GPUs are commonly used in high-performance computing and machine learning applications.GPUDirect RDMA
GPUDirect RDMA is a technology that enables remote direct memory access () transfers between GPUs and other devices without involving the operating system or CPU. See also: Remote Direct Memory Access (RDMA)Hard Disk Drive (HDD)
A hard disk drive (HDD) is a non-volatile data storage device. An HDD includes two main elements; a spinning circular magnetic platter and an actuator arm that moves across the platter to read and write data. HDDs are slower than drives, but are typically less expensive and have higher storage capacities.Identity and Access Management (IAM)
A framework for managing user identities and access permissions across cloud services.Identity provider (IdP)
An identity provider (IdP) is an entity that stores and serves user authentication information as an authentication service for users. IdPs can then be used to validate user identity to other services, such as Cloud applications.iPXE (i Preboot eXecution Environment)
The i Preboot eXecution Environment is the leading open source network boot firmware. It provides a full implementation enhanced with additional features and flexibility for network booting. iPXE is commonly used in cloud environments with complex configurations and network installations to boot servers over the network. From the official FAQ:Q: What does the “i” in “iPXE” stand for?
A: It doesn’t.
InfiniBand
A high-performance network architecture that provides high throughput and low latency, commonly used in high-performance computing environments.Infrastructure as Code (IaC) Security
Securing declarative infrastructure templates (such as Terraform and CloudFormation) from misconfigurations or vulnerabilities.Input/output operations per second (IOPS)
IOPS (pronounced eye-ops) is an input/output performance measurement used to characterize computer storage devices.Ingress/Egress Filtering
Controlling the flow of traffic into (ingress) and out of (egress) cloud environments.Internet Protocol version 4 (IPv4)
IPv4 is the fourth version of the Internet Protocol (IP), and one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 is the most widely used version of the Internet Protocol.Internet Protocol version 6 (IPv6)
IPv6 is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet.Key Management System (KMS)
A service that manages cryptographic keys used for data encryption and digital signatures.Kubeconfig
A configuration file containing details like cluster API server addresses, contexts, and user credentials used bykubectl and other Kubernetes tools to authenticate and manage access to Kubernetes clusters. Kubeconfig files allow you to switch between different clusters and manage multiple environments securely.
Least Privilege
A security principle where users or systems are given only the minimum access required to perform their tasks.LOTA
CoreWeave’s Local Object Transport Accelerator (LOTA) is a container that lives on every GPU and CPU Node inside a client’s cluster, performing intelligent acceleration behind the scenes. Conventional transfer accelerators speed up the data transfer rates of bucket contents over long distances. LOTA uses NVMe SSDs in each Node to create a cluster-wide cache, dramatically increasing throughput and reducing latency.MACsec
MACsec (Media Access Control Security) is an IEEE standard for securing Ethernet networks at the link layer. MACsec provides secure communication between network devices by encrypting and authenticating Ethernet frames. MACsec is commonly used to protect data in transit and prevent unauthorized access to network traffic. See also: IEEE 802.1AEMedium Access Control (MAC) address
A MAC address is a unique identifier assigned to a Network Interface Controller () for use as a network address within a network segment.Microsegmentation
Dividing networks into smaller zones to enforce granular security controls.Multi-Factor Authentication (MFA)
A security mechanism requiring multiple forms of verification to access systems; for example, a password and mobile code.Multipart upload
Multipart uploads (or “MPUs”) refer to uploading large objects as multiple pieces. See also: Uploading and copying objects using multipart upload (Amazon)Mutual TLS (mTLS)
An extension of TLS where both client and server authenticate each other using certificates.Natural Language Processing (NLP)
The ability of computers to understand, interpret, and generate human language.Network Access Control Lists (NACLs)
Stateless filters that control traffic at the subnet level in a cloud network.Network Interface Controller (NIC)
A network interface controller (NIC) is a hardware component that connects a computer to a network. NICs are commonly used to connect computers to Ethernet networks, wireless networks, and other types of networks.Node
An individual computer within a cluster.Node Pool
A Node Pool is a logical grouping of Nodes in a CKS cluster with the same Instance Type, Labels, Taints, and Annotations. Node Pools are useful for managing a group of Nodes as a single entity or assigning workloads to specific Nodes based on their configuration.Non-Volatile Memory Express (NVMe)
NVMe is a storage protocol that provides high-performance access to non-volatile memory devices. NVMe is designed to take advantage of the low latency and high throughput of modern storage devices, providing improved performance over traditional storage protocols.OpenID Connect (OIDC)
OpenID Connect (OIDC) is an identity layer laid atop the OAuth 2.0 protocol, which allows users to authenticate themselves by way of verifying their identity through an identity provider (IdP), such as Okta. CoreWeave supports OIDC as an authentication method to CKS clusters.Open vSwitch (OVS)
Open vSwitch (OVS) is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.Parallel Processing
Simultaneous execution of tasks across multiple processors or cores.PCI Express (PCIe)
Peripheral Component Interconnect Express, officially abbreviated as PCIe, is a high-speed serial computer expansion bus standard.Penetration Testing
Simulated cyberattacks used to evaluate the security of cloud environments.Persistent Volume Management Operator (PVMO)
A Kubernetes controller manager that periodically runs to clean up any orphaned storage volumes. See also: Persistent Volume Management Operator (PVMO)Point of Presence (POP)
A Point of Presence (POP) is a location where two or more networks interconnect.Policy as Code
The practice of defining and enforcing security and compliance rules using machine-readable code; for instance, using Open Policy Agent.Preboot eXecution Environment (PXE)
PXE specification describes a standardized client-server environment that boots a software assembly, retrieved from a network, on PXE-enabled clients. On the client side it requires only a PXE-capable network interface controller (), and uses a small set of industry-standard network protocols such as and . PXE is most often pronounced as “pixie”, and the process is often called “pixie boot”. See also: iPXE.RDMA over Converged Ethernet (RoCE)
A network protocol that allows over an Ethernet network. See also: Remote Direct Memory Access (RDMA)Region
An area within a Geo that contains multiple Availability Zones (AZs). Regions provide redundancy and failover capabilities by allowing workloads to be distributed across multiple AZs. Regions are strategically placed to offer low latency, high-performance connectivity, and meet data residency requirements. For example, inUS-EAST-05, the Geo is US and the Region is EAST-05.
See also: Geo, Availability Zone (AZ)