# Connecting CoreWeave (Kubernetes) > Source: https://parallelworks.com/docs/kubernetes/connecting-clusters/coreweave # Connecting CoreWeave (Kubernetes) This guide walks through connecting a [CoreWeave](https://www.coreweave.com/) Kubernetes cluster to ACTIVATE so you can manage its workloads, storage, and access through the platform. It builds on the generic [Connecting Clusters](/docs/kubernetes/connecting-clusters) flow with the specifics of CoreWeave's console, endpoint naming, and OIDC configuration. :::info Two ways to connect CoreWeave CoreWeave can be connected in two distinct ways. This guide covers connecting it as a **Kubernetes provider**. If you instead want to attach a CoreWeave **Slurm** cluster (SUNK) so users can submit batch jobs, see [Connecting a CoreWeave Slurm Cluster](/docs/compute/connecting-coreweave-slurm). ::: ## Prerequisites - **Organization admin permissions** in ACTIVATE - only org admins can add clusters. - **Access to the CoreWeave Cloud Console** for the target cluster, including its kubeconfig. - **Network reachability** - ACTIVATE must be able to reach the cluster's Kubernetes API server over HTTPS. ## Download the kubeconfig In the CoreWeave Cloud Console, open the cluster, click the **⋮** (three dots) menu, and download the kubeconfig file. You can sanity-check it by prefixing `kubectl` with the downloaded file: ```bash KUBECONFIG="CWKubeconfig_ue01a" kubectl get pods ``` ## Determine the API endpoint The CoreWeave console shows the cluster's endpoint, for example: ``` mycluster-1a2b3c4d.k8s.us-east-01a.coreweave.com ``` ACTIVATE connects to the Kubernetes **API server**, which is reached by prefixing the endpoint with `api.`: ``` api.mycluster-1a2b3c4d.k8s.us-east-01a.coreweave.com ``` You will enter this as an HTTPS URL (`https://api.`) when configuring the cluster. ## Add the cluster in ACTIVATE 1. Navigate to **Kubernetes → Clusters** in the sidebar. 2. Click **Add Cluster**. 3. Fill in the registration form: - **Cluster Name** - a lowercase alphanumeric name (e.g. `coreweave`). - **Cluster Endpoint** - the `https://api.` URL derived above. - **CA Certificate** - leave this blank. CoreWeave's API server presents a publicly-trusted certificate, so ACTIVATE validates it against the system trust store with no custom CA bundle. 4. Save. You are taken to the cluster's **Definition** page. ![Adding a CoreWeave cluster in ACTIVATE: the Setup & Prerequisites panel on the left and the Cluster Configuration form on the right.](/content-images/docs/kubernetes/connecting-clusters/coreweave-add-cluster.png) ## Complete the cluster prerequisites The **Definition** page shows a **Setup & Prerequisites** panel. Complete each item against your CoreWeave cluster: ### Enable resource quotas Ensure resource quotas are enabled in your CoreWeave cluster configuration. ACTIVATE relies on namespace quotas to track and bound per-group usage. ### Create the cluster-admin role binding Using the kubeconfig you downloaded, grant the `cluster-admin` role to the `parallelworks:cluster-admins` group: ```bash kubectl create clusterrolebinding parallelworks:cluster-admin \ --clusterrole=cluster-admin \ --group=parallelworks:cluster-admins ``` This is what lets ACTIVATE org and platform admins administer the cluster once OIDC is wired up. ### Configure OIDC on CoreWeave ACTIVATE authenticates users to the cluster with short-lived [OIDC tokens](/docs/kubernetes/connecting-clusters#security-model) rather than long-lived kubeconfigs. The **Setup & Prerequisites** panel displays the exact values to use - copy each into the matching field of CoreWeave's **Enable OIDC** configuration (found in the cluster's **Auth** step in the CoreWeave Cloud Console). ![Enabling OIDC in the CoreWeave Cloud Console Auth step.](/content-images/docs/kubernetes/connecting-clusters/coreweave-oidc-config.png) | ACTIVATE value | Example | CoreWeave field | |----------------|---------|-----------------| | `issuer` | `https:///api/oidc` | **Issuer URL** | | `clientId` | your cluster's ID | **Client ID** | | `userClaim` | `sub` | **Username Claim** | | `groupsClaim` | `groups` | **Groups Claim** | | `groupPrefix` | `parallelworks:` | **Groups Prefix** | Additional CoreWeave fields: - **Signing Algorithms** - `RS256` (the only algorithm ACTIVATE advertises in its OIDC discovery document at `https:///api/oidc/.well-known/openid-configuration`). - **Username Prefix** - leave empty unless your environment requires one. - **Certificate Authority** - not required; ACTIVATE's OIDC issuer presents a publicly trusted certificate. :::info Why the group prefix matters The `parallelworks:` group prefix is what ties the `cluster-admin` role binding from the previous step to ACTIVATE's identity tokens. ACTIVATE emits the `parallelworks:cluster-admins` group claim for admins, and CoreWeave prepends the prefix to every group it receives - so the binding and the claim line up. ::: ## Verify the connection Back on the **Clusters** page, a successfully connected cluster reports its total **vCPUs** and **Memory**. If it shows zeros, re-check the endpoint URL and that the API server is reachable from ACTIVATE. Once connected, you can browse the cluster's live workloads under **Kubernetes → Workloads**: ![Viewing CoreWeave cluster workloads in ACTIVATE.](/content-images/docs/kubernetes/connecting-clusters/coreweave-workloads.png) ## Share the cluster with groups To give your teams access, share the cluster with the appropriate ACTIVATE groups. Sharing automatically provisions a namespace and a namespace-scoped role binding for each group. See [Sharing Clusters with Groups](/docs/kubernetes/connecting-clusters#sharing-clusters-with-groups) for details.