CoreWeave Enterprise RBAC
Namespace-Per-Team Pattern
# Team namespace with GPU quota
apiVersion: v1
kind: ResourceQuota
metadata:
name: ml-team-gpu-quota
namespace: ml-team
spec:
hard:
requests.nvidia.com/gpu: "8"
limits.nvidia.com/gpu: "8"
persistentvolumeclaims: "10"
requests.storage: 2Ti
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ml-team-access
namespace: ml-team
subjects:
- kind: Group
name: ml-engineers
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: edit
apiGroup: rbac.authorization.k8s.io
Read-Only Access for Monitoring
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ml-team-readonly
namespace: ml-team
subjects:
- kind: Group
name: ml-managers
roleRef:
kind: ClusterRole
name: view
apiGroup: rbac.authorization.k8s.io
Resources
Next Steps
For migration strategies, see coreweave-migration-deep-dive.