Skip to main content
This guide walks you through creating a CoreWeave Kubernetes Service (CKS) cluster. It covers the end-to-end path to your first cluster: provisioning the cluster, configuring its network and authentication settings, and verifying that it deploys successfully. You can create a cluster with the Cloud Console or with Terraform. After your cluster reaches a Healthy status, add a Node Pool to give it compute capacity. For a complete worked example that creates a cluster, adds a GPU Node Pool, and deploys a model, see Deploy an open source LLM on CKS.

Before you begin

Before you create your first cluster, confirm the following:

Create a cluster using the Cloud Console

To create a new CKS cluster using the Cloud Console, open the Cluster Dashboard. From here, you can create new CKS clusters, or view and manage deployed ones. If you don’t yet have any clusters, this dashboard is empty: A screenshot of the Cloud Console cluster dashboard, with no current clusters To begin creating a cluster, click the Create Cluster button.

1. Setup

Give your cluster a name. Reflect the location in the name so clusters stay organized at scale. Here are some guidelines:
  • Keep names short and put the location first so that they group together naturally in reports.
  • Use only lowercase letters, numbers, and hyphens to keep names compatible with URLs and automation.
  • Avoid mutable details like Kubernetes version, Node Pool sizes, or temporary attributes that may change.
Here are some example names to use as a starting point, where [short_name] is a concise descriptor of an environment, lifecycle, or workload:
  • use04a-[short_name], such as use04a-prod or use04a-staging
  • us-east-04a-[short_name], such as us-east-04a-prod or us-east-04a-staging
Select a Kubernetes version from the dropdown list of supported versions. CKS supports the latest three versions of Kubernetes. See Cluster Components for more information about supported versions. A screenshot of the first step to creating a cluster, labeled "Setup" Select whether you want your cluster to access the Kubernetes API through the internet.
CKS only supports public clusters as a self-service option. To set up a private cluster, contact CoreWeave Support.
If you need a private cluster, see Private cluster access for how to reach the Kubernetes API after CoreWeave provisions it. To configure a custom Audit Policy for the cluster, select the Custom Audit Policy checkbox to open the Audit Policy YAML editor.
To learn more about cluster Audit Policies, see the official Kubernetes documentation.
A screenshot of the Audit Policy editing window Use this window to edit the Audit Policy configuration file directly. Click the Save button in the bottom right corner to save the Audit Policy and resume the cluster creation process. The Audit Policy uses the following default settings, which you can change as needed.
audit-policy.yaml

2. Network

Configure the network settings for the cluster. On the Network configuration page, first select the Super Region where you want to deploy the cluster. Then, select the Zone.
Zone availability is subject to capacity.
A screenshot of the second step to creating a cluster, labeled "Network"

Select a VPC

If you already created a VPC to use with this cluster, select the same Zone where you deployed that VPC. Otherwise, you can either use a default VPC that CoreWeave creates for you during this process, or create a new custom VPC. You can still customize default VPCs from this page by clicking the Customize option beside the Create a default VPC radio button. A screenshot of the default VPC customization window This opens a configuration screen, where you can adjust the available VPC prefixes and Host Prefixes as needed. This screen also shows the default Host Prefix assigned to the default VPC. A screenshot of the default VPC customization window
Each Zone has its own default prefixes, which populate default VPCs. You can change these. Refer to Regions to see each Zone’s default prefixes.

3. Auth

The Auth screen is where you configure how the cluster handles authentication and authorization. All settings on this screen are optional: you can add an authentication webhook, an authorization webhook, and OIDC, or skip them all and click the Next button to continue without changes. When you select any of these options, additional configuration fields appear. A screenshot of Step 3 of cluster configuration, auth settings

Add an authentication webhook

When you select the Add an authentication webhook checkbox, the Server and Certificate Authority fields appear. To configure the webhook, you must provide a URL in the Server input field, and can optionally include a Certificate Authority.
To learn more about Webhook authentication in Kubernetes, see the official Kubernetes documentation.

Add an authorization webhook

When you select the Add an authorization webhook checkbox, the Server and Certificate Authority fields appear. To configure the webhook, you must provide a URL in the Server input field.
To learn more about Webhook authorization in Kubernetes, see the official Kubernetes documentation.

Enable OIDC

To enable OIDC, the Issuer URL and Client ID fields are required. All other fields are optional.
To learn more about OIDC for Kubernetes, see the official Kubernetes documentation.

Certificate Authority

Each of the authentication and authorization options provides an optional Certificate Authority checkbox. Selecting this checkbox opens a YAML editor where you can enter a Certificate Authority X.509 certificate.

4. Deploy

The final step of cluster creation provides an overview of all options selected during the creation process. After reviewing and confirming the cluster’s configuration, click the Submit button to deploy the new cluster. A screenshot of the final step to creating a cluster, labeled "Deploy" Your cluster appears on the cluster dashboard with the status Creating. When a cluster is ready, its status changes to Healthy. If configuration or deployment issues occur, the cluster’s status changes to Unhealthy. For an explanation of what happens between Creating and Healthy, see Provisioning sequence and timing.

Create a cluster with Terraform

You can also create a cluster with the CoreWeave Terraform provider. A CKS cluster requires a VPC, so the example below creates a coreweave_networking_vpc resource and references it from the coreweave_cks_cluster resource. This example covers the minimum needed to create a cluster. For the full list of fields, accepted values, and nested attributes, see the reference pages for coreweave_cks_cluster and coreweave_networking_vpc.

1. Configure the provider

Add the CoreWeave provider and supply your API token. Replace [COREWEAVE-API-TOKEN] with your CoreWeave API token, which starts with CW-SECRET-. For all provider options, see the CoreWeave Provider reference.
provider.tf

2. Define the VPC and cluster

Define a VPC and a cluster in the same Availability Zone. The cluster references the VPC by id, and its pod_cidr_name, service_cidr_name, and internal_lb_cidr_names values must match vpc_prefixes names defined on the VPC.
main.tf
Each field in this example corresponds to an option in the Cloud Console creation flow. The following table shows where you set each one in the Console.
Terraform fieldConsole stepWhere you set it
name (cluster)SetupCluster name
versionSetupKubernetes version dropdown
publicSetupKubernetes API internet-access selection
zoneNetworkZone
vpc_idNetworkSelect a VPC
pod_cidr_name, service_cidr_name, internal_lb_cidr_namesNetworkVPC prefixes in the VPC customization screen
name, host_prefixes, vpc_prefixes (VPC)NetworkVPC name, Host Prefix, and VPC prefixes in the VPC customization screen
The Console Network step also has a Super Region selector. Terraform has no equivalent field, because the zone value determines the Region. The coreweave_cks_cluster resource also supports optional settings that mirror the Cloud Console flow: an audit_policy block like the Setup step, and oidc, authn_webhook, and authz_webhook blocks like the Auth step. For their fields and an example that includes them, see the coreweave_cks_cluster reference.

3. Apply the configuration

From the directory that contains your .tf files, initialize the working directory, preview the changes, and apply them:
terraform init downloads the CoreWeave provider, terraform plan shows the resources Terraform will create, and terraform apply creates the VPC and cluster after you confirm. After Terraform applies the plan, the cluster appears on the Cluster Dashboard with the status Creating, the same as a Console-created cluster. See Provisioning sequence and timing for what happens next.

Provisioning sequence and timing

After you submit a cluster, CKS provisions it in stages. Knowing the sequence helps you understand what each status means and when the cluster is ready for workloads.
  1. Control Plane provisioning. The cluster appears on the dashboard with the status Creating. During this stage, CKS provisions the Managed Control Plane and its associated network configuration.
  2. Control Plane Healthy. When the Control Plane is ready, the cluster status changes to Healthy. At this point you can generate an access token and connect with kubectl.
  3. In-cluster resource provisioning. A Healthy status reflects the Control Plane only. The cluster can still be provisioning required in-cluster resources, including required Control Plane Node Pools and required applications such as CNI and DNS. For the components that make up a cluster and where each one runs, see Cluster components.
  4. Add Node Pools. A new cluster has no compute capacity until you add a Node Pool. After you create a Node Pool, its Nodes provision separately from the cluster. Node Pool provisioning can be delayed while the cluster is still being created, and provisioning can take up to 30 minutes. When the Node Pool status is Healthy, the cluster has capacity to run workloads. See Deploy an open source LLM on CKS for a worked example.
Provisioning time varies with Zone capacity, the resources you request, and current demand. Use the status shown on the Cluster Dashboard and the Node Pool status as the source of truth rather than a fixed schedule.

View details of deployed clusters

To view more information about a deployed cluster, click the vertical ellipses menu beside the cluster name and select View Details. This opens the cluster’s current configuration in JSON, along with information about the cluster’s age, location, name, associated API endpoint, and current state. To return to the dashboard, close this panel. A screenshot of a UI element showing how to reveal the current config for the cluster

Cluster statuses

A screenshot of the Cloud Console cluster creation dashboard The cards at the top of the cluster dashboard provide information about the status of your current clusters.
The cluster’s status refers to the status of the cluster’s Control Plane. A CKS cluster with a Healthy status can still be provisioning in-cluster resources. These resources include required Control Plane Node Pools and required applications such as CNI and DNS configurations. See Cluster Components for more information.
NameDescription
QuotaDisplays the number of CKS clusters your organization has deployed over the maximum limit of clusters defined by the organization’s quota. Represented as count/quota. If you haven’t yet created any clusters, or you have no quota assigned, the status shown is No Quota.
HealthyDisplays the number of healthy clusters deployed. In a healthy cluster, all Control Plane elements, servers, and Pods are in a Healthy state. The cluster is stable and responsive, and can manage workloads.
UnhealthyDisplays the number of unhealthy clusters. A cluster can become Unhealthy for many reasons, including Control Plane issues, unresponsive Nodes, failing Pods, network failures, or storage problems.

Do not install the NVIDIA GPU Operator on CKS clusters

CoreWeave manages the NVIDIA GPU Operator on your behalf. Do not install the NVIDIA GPU Operator on CKS clusters. Doing so conflicts with the platform-managed deployment and is not supported.
Last modified on July 10, 2026