docs(k8s): security group management

bene2k1 · bene2k1 · commit 98ba92a7a619 · 2025-06-26T13:54:13.000+02:00
diff --git a/menu/navigation.json b/menu/navigation.json
@@ -2023,6 +2023,10 @@
                     "label": "Setting IAM permissions and implementing RBAC on a cluster",
                     "slug": "set-iam-permissions-and-implement-rbac"
                   },
+                  {
+                    "label": "Configuring Kubernetes security groups",
+                    "slug": "security-group-management"
+                  },
                   {
                     "label": "Modifying kernel parameters in a Kubernetes cluster using a DaemonSet",
                     "slug": "modifying-kernel-parameters-kubernetes-cluster"
diff --git a/pages/kubernetes/reference-content/security-group-management.mdx b/pages/kubernetes/reference-content/security-group-management.mdx
@@ -13,9 +13,47 @@ categories:
   - kubernetes
 ---
 
-Scaleway Kubernetes Kapsule and Kosmos provide managed Kubernetes services that simplify the deployment and management of containerized applications. As part of the security configuration for these services, Scaleway allows users to manage security groups for Kapsule pools to control network traffic to and from cluster nodes. This document outlines the process for managing security groups when creating and configuring pools in Scaleway Kubernetes Kapsule.
-Security Group Management for Kapsule Pools
-When creating a Kapsule pool, you can specify a security group ID to associate an existing security group with the pool. This allows for customized network traffic rules tailored to your specific requirements.
+Scaleway Kubernetes Kapsule and Kosmos provide managed Kubernetes services that simplify the deployment and management of containerized applications.
+As part of the security configuration for these services, Scaleway allows users to manage security groups for Kapsule pools to control network traffic to and from cluster nodes.
+This document outlines the process for managing security groups when creating and configuring pools in Scaleway Kubernetes Kapsule.
 
-If no security group ID is provided during pool creation, Scaleway assigns a default preconfigured security group named **Kapsule default security group**. This default security group is shared across all Kapsule pools within the same availability zone.
-Key Changes
+<Message type="note">
+  Previously, Scaleway created a separate security group for each zone where a cluster had at least one pool. This approach has been replaced with the option to use either a user-specified security group or the shared default security group.
+</Message>
+
+## Security group management for Kapsule pools
+
+When creating a pool using the CLI or API, you can specify a security group ID to associate an existing security group with the pool. This allows for customized network traffic rules tailored to your specific requirements.
+
+Run the following syntax to create a new pool using the CLI:
+```
+scw k8s pool create cluster-id=11111111-1111-1111-1111-111111111111 name=bar node-type=DEV1-XL size=2 security-group-id11111111-1111-1111-1111-111111111111
+```
+<Message type="note">
+  Replace `11111111-1111-1111-1111-111111111111` with the UUID of your cluster and security group.
+</Message>
+
+For more information how to create a pool using the API, refer to the [Kubernetes API documentation](https://www.scaleway.com/en/developers/api/kubernetes/#path-pools-create-a-new-pool-in-a-cluster).
+
+If no security group ID is provided during pool creation, Scaleway assigns a default preconfigured security group named **Kapsule default security group**.
+This default security group is shared across all Kapsule pools within the same availability zone.
+
+### Verify security group configuration
+
+After creating the pool, verify that the correct security group is applied by checking the pool details in the Scaleway console or using the CLI:
+
+```bash
+scw k8s pool get <pool-id>
+```
+
+Ensure that the security group rules align with your application's networking needs and cluster communication requirements.
+
+
+## Modify security group rules (Optional):
+
+To update the rules of an existing security group, navigate to the Instances section in the Scaleway console.
+Select the security group (either the custom one or the Kapsule default security group) and [modify the inbound/outbound rules](/instances/how-to/use-security-groups/#how-to-edit-a-security-group) as needed.
+
+<Message type="important">
+  Changes to the Kapsule default security group will affect all pools in the same zone that use this default group.
+</Message>
