|
| 1 | +--- |
| 2 | +meta: |
| 3 | + title: Scaleway Kubernetes Kapsule and Kosmos security group management |
| 4 | + description: This page explains how Scaleway Kubernetes Kapsule and Kosmos manage security groups |
| 5 | +content: |
| 6 | + h1: Scaleway Kubernetes Kapsule and Kosmos security group management |
| 7 | + paragraph: This page explains how Scaleway Kubernetes Kapsule and Kosmos manage security groups |
| 8 | +tags: kubernetes kapsule kosmos security group |
| 9 | +dates: |
| 10 | + validation: 2025-06-26 |
| 11 | + posted: 2025-06-06 |
| 12 | +categories: |
| 13 | + - kubernetes |
| 14 | +--- |
| 15 | + |
| 16 | +Scaleway Kubernetes Kapsule and Kosmos provide managed Kubernetes services that simplify the deployment and management of containerized applications. |
| 17 | +As part of the security configuration for these services, Scaleway allows users to manage security groups for Kapsule pools to control network traffic to and from cluster nodes. |
| 18 | +This document outlines the process for managing security groups when creating and configuring pools in Scaleway Kubernetes Kapsule. |
| 19 | + |
| 20 | +<Message type="note"> |
| 21 | + Previously, Scaleway created a separate security group for each zone where a cluster had at least one pool. This approach has been replaced with the option to use either a user-specified security group or the shared default security group. |
| 22 | +</Message> |
| 23 | + |
| 24 | +## Security group management for Kapsule pools |
| 25 | + |
| 26 | +When creating a pool using the CLI or API, you can specify a security group ID to associate an existing security group with the pool. This allows for customized network traffic rules tailored to your specific requirements. |
| 27 | + |
| 28 | +Run the following syntax to create a new pool using the CLI: |
| 29 | +``` |
| 30 | +scw k8s pool create cluster-id=11111111-1111-1111-1111-111111111111 name=bar node-type=DEV1-XL size=2 security-group-id=11111111-1111-1111-1111-111111111111 |
| 31 | +``` |
| 32 | +<Message type="note"> |
| 33 | + Replace `11111111-1111-1111-1111-111111111111` with the UUID of your cluster and security group. |
| 34 | +</Message> |
| 35 | + |
| 36 | +For more information on how to create a pool using the API, refer to the [Kubernetes API documentation](https://www.scaleway.com/en/developers/api/kubernetes/#path-pools-create-a-new-pool-in-a-cluster). |
| 37 | + |
| 38 | +If no security group ID is provided during pool creation, Scaleway assigns a default preconfigured security group named **Kapsule default security group** or **Kosmos default security group**. |
| 39 | +This default security group is shared across all Kapsule pools within the same Availability Zone in the same Project. |
| 40 | + |
| 41 | +<Message type="note"> |
| 42 | + Support for Terraform / OpenTofu will be added soon. |
| 43 | +</Message> |
| 44 | + |
| 45 | +### Verify security group configuration |
| 46 | + |
| 47 | +After creating the pool, verify that the correct security group is applied by checking the pool details in the Scaleway console, or using the CLI: |
| 48 | + |
| 49 | +```bash |
| 50 | +scw k8s pool get <pool-id> |
| 51 | +``` |
| 52 | + |
| 53 | +Ensure that the security group rules align with your application's networking needs and [cluster communication requirements](https://www.scaleway.com/en/developers/api/kubernetes/#technical-limitations). |
| 54 | + |
| 55 | + |
| 56 | +## Modify security group rules (optional) |
| 57 | + |
| 58 | +To update the rules of an existing security group, navigate to the Instances section in the Scaleway console. |
| 59 | +Select the security group (either the custom one or the Kapsule default security group), and [modify the inbound/outbound rules](/instances/how-to/use-security-groups/#how-to-edit-a-security-group) as needed. |
| 60 | + |
| 61 | +<Message type="important"> |
| 62 | + Changes to the Kapsule default security group will affect all pools in the same zone that uses this default group. |
| 63 | +</Message> |
0 commit comments