Connecting CoreWeave (Kubernetes)

This guide walks through connecting a CoreWeave Kubernetes cluster to ACTIVATE so you can manage its workloads, storage, and access through the platform. It builds on the generic Connecting Clusters flow with the specifics of CoreWeave's console, endpoint naming, and OIDC configuration.

Prerequisites

• Organization admin permissions in ACTIVATE - only org admins can add clusters.
• Access to the CoreWeave Cloud Console for the target cluster, including its kubeconfig.
• Network reachability - ACTIVATE must be able to reach the cluster's Kubernetes API server over HTTPS.

Download the kubeconfig

In the CoreWeave Cloud Console, open the cluster, click the ⋮ (three dots) menu, and download the kubeconfig file.

You can sanity-check it by prefixing kubectl with the downloaded file:

KUBECONFIG="CWKubeconfig_ue01a" kubectl get pods

Determine the API endpoint

The CoreWeave console shows the cluster's endpoint, for example:

mycluster-1a2b3c4d.k8s.us-east-01a.coreweave.com

ACTIVATE connects to the Kubernetes API server, which is reached by prefixing the endpoint with api.:

api.mycluster-1a2b3c4d.k8s.us-east-01a.coreweave.com

You will enter this as an HTTPS URL (https://api.<endpoint>) when configuring the cluster.

Add the cluster in ACTIVATE

1. Navigate to Kubernetes → Clusters in the sidebar.
2. Click Add Cluster.
3. Fill in the registration form:
   • Cluster Name - a lowercase alphanumeric name (e.g. coreweave).
   • Cluster Endpoint - the https://api.<endpoint> URL derived above.
   • CA Certificate - leave this blank. CoreWeave's API server presents a publicly-trusted certificate, so ACTIVATE validates it against the system trust store with no custom CA bundle.
4. Save. You are taken to the cluster's Definition page.

Complete the cluster prerequisites

The Definition page shows a Setup & Prerequisites panel. Complete each item against your CoreWeave cluster:

Enable resource quotas

Ensure resource quotas are enabled in your CoreWeave cluster configuration. ACTIVATE relies on namespace quotas to track and bound per-group usage.

Create the cluster-admin role binding

Using the kubeconfig you downloaded, grant the cluster-admin role to the parallelworks:cluster-admins group:

kubectl create clusterrolebinding parallelworks:cluster-admin \
  --clusterrole=cluster-admin \
  --group=parallelworks:cluster-admins

This is what lets ACTIVATE org and platform admins administer the cluster once OIDC is wired up.

Configure OIDC on CoreWeave

ACTIVATE authenticates users to the cluster with short-lived OIDC tokens rather than long-lived kubeconfigs. The Setup & Prerequisites panel displays the exact values to use - copy each into the matching field of CoreWeave's Enable OIDC configuration (found in the cluster's Auth step in the CoreWeave Cloud Console).

Additional CoreWeave fields:

• Signing Algorithms - RS256 (the only algorithm ACTIVATE advertises in its OIDC discovery document at https://<platform-host>/api/oidc/.well-known/openid-configuration).
• Username Prefix - leave empty unless your environment requires one.
• Certificate Authority - not required; ACTIVATE's OIDC issuer presents a publicly trusted certificate.

Verify the connection

Back on the Clusters page, a successfully connected cluster reports its total vCPUs and Memory. If it shows zeros, re-check the endpoint URL and that the API server is reachable from ACTIVATE.

Once connected, you can browse the cluster's live workloads under Kubernetes → Workloads:

Share the cluster with groups

To give your teams access, share the cluster with the appropriate ACTIVATE groups. Sharing automatically provisions a namespace and a namespace-scoped role binding for each group. See Sharing Clusters with Groups for details.