docs(k8s): updating docs on control plane isolation with private networks (scaleway#4117)

jcirinosclwy · Laure-di · commit 9771b8537771 · 2025-02-27T11:14:35.000+01:00
diff --git a/containers/kubernetes/reference-content/secure-cluster-with-private-network.mdx b/containers/kubernetes/reference-content/secure-cluster-with-private-network.mdx
@@ -27,8 +27,6 @@ By default, worker nodes are currently delivered with public IP addresses ([cont
 
 Even though these nodes have public IP addresses for specific maintenance and operational purposes, your cluster's security remains uncompromised. See below for more information. Optionally, you can configure your nodes inside an entirely private network using [full isolation](#what-is-the-difference-between-controlled-isolation-and-full-isolation).
 
-<Lightbox src="scaleway-kubernetes-kapsule-on-pn-v2.webp" alt="Schema Kubernetes Kapsule on Private Networks" size="large" />
-
 ## Why have a Private Network for your Kubernetes Kapsule cluster?
 
 A Private Network offers crucial functionalities to your cluster, including:
@@ -44,7 +42,7 @@ Worker node pools with controlled isolation inside a Private Network have both p
 
 | Isolation   | Controlled isolation<br />(default)                                                                                                                  | Full isolation<br />(optional)                                                                     | None<br />(deprecated)                          |
 |-------------|-------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------|----------------------------------------------|
-| Description | Worker nodes are assigned both private IPs and public IPs.<br />All inbound traffic on the public interface is dropped by default using Security Groups. | Worker nodes are set without public IPs (100% private network).<br />A [Public Gateway](/network/public-gateways/how-to/configure-a-public-gateway/) is required. | Clusters without a Private Network attached.<br />Nodes have public-only endpoints. |
+| Description | Worker nodes are assigned both private IPs and public IPs.<br />All inbound traffic on the public interface is dropped by default using Security Groups. | The control plane and worker nodes are set without public IPs (100% private network).<br />A [Public Gateway](/network/public-gateways/how-to/configure-a-public-gateway/) is required. | Clusters without a Private Network attached.<br />Nodes have public-only endpoints. |
 | Benefits    | 1. Strong security<br /> 2. Dynamic public IPs to reach out to external providers while avoiding rate limiting                                        | 1. Maximum security <br />2. A stable egress IP for secure connection to external providers         | n/a                                          |
 | Notice      | Default choice for new clusters. Can be used in combination with pools using full isolation.                                                    | Requires a Public Gateway, which incurs additional costs.                                     | Deprecated in October 2023.                  |
 
@@ -98,6 +96,7 @@ curl --request POST \
 }'
 ```
 
+
 <Message type="note">
   Replace `<PRIVATE_NETWORK_ID>` with the ID of the Private Network in question.
 </Message>
@@ -198,11 +197,11 @@ You can find a Terraform configuration example below:
   }
   ```
 
-## Will the control plane also be located inside the Private Network?
+## Is the control plane also located inside the Private Network?
 
-Currently, only worker nodes are located in the Private Network of your cluster. The communication between the nodes and the control plane uses the Public IP of the node. You can reach the control plane for nodes using [full isolation](#what-is-the-difference-between-controlled-isolation-and-full-isolation) by adding a [Public Gateway](/network/public-gateways/how-to/configure-a-public-gateway/) to the cluster.
+The control plane and worker nodes are located in your cluster's Private Network. You can reach the control plane for nodes using [full isolation](#what-is-the-difference-between-controlled-isolation-and-full-isolation) by adding a [Public Gateway](/network/public-gateways/how-to/configure-a-public-gateway/) to the cluster.
 
-## What future options will there be for isolation?
+## Are there additional options for isolation?
 
-- **Control plane in isolation** with nodes and API communicating in the same isolated network.
+- You can restrict and allow a range of IPs to control who can access the API server of your fully isolated clusters. [Learn how to manage allowed IPs](/containers/kubernetes/how-to/manage-allowed-ips)
 - The CNI’s network policies will restrict/allow a range of IPs or ports to control who can access the API server.
