Skip to main content
Self-service CKS provisioning creates public clusters by default. Private clusters are configured by CoreWeave Support and reach the Kubernetes API server over Tailscale or Direct Connect, but authentication itself is unchanged: managed auth uses API access tokens, and unmanaged auth uses your own identity provider through OIDC, service-account tokens, or webhooks. For full details, see CKS authentication and access. For the private-cluster network path, see How do I access the Kubernetes API if my cluster is private?.
Authentication & Access
Last modified on June 18, 2026