You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: containers/kubernetes/how-to/connect-cluster-kubectl.mdx
+36-1Lines changed: 36 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -82,4 +82,39 @@ If you have not set up the Scaleway CLI yet:
82
82
83
83
<Messagetype="tip">
84
84
Refer to our complete [Documentation for `scw k8s`](https://github.com/scaleway/scaleway-cli/blob/master/docs/commands/k8s.md) to learn more about all available commands to manage your Kubernetes cluster using `scw`.
85
-
</Message>
85
+
</Message>
86
+
87
+
88
+
## Revoking user access to the Kubernetes cluster
89
+
90
+
When a user loses access rights (e.g., departs from the Organization), the Kubernetes administrator must take steps to revoke their access to the cluster.
91
+
This is typically done by modifying IAM settings, such as adjusting policies or deleting the user’s credentials.
92
+
93
+
### Steps to revoke access
94
+
95
+
To revoke a user's access to the cluster, ensure that any API keys associated with the user are no longer granted permission. Here are the steps you can take:
96
+
97
+
#### Delete the API key
98
+
- Locate the API key associated with the user.
99
+
- Remove the key to immediately revoke access.
100
+
101
+
#### Modify IAM policies
102
+
- Adjust the IAM policy linked to the API key to limit or remove its permissions.
103
+
104
+
#### Reassign the user to a restricted group
105
+
- Transfer the principal (application or user) to a group with reduced permissions that does not allow cluster access.
106
+
107
+
#### Delete the Principal
108
+
- Permanently remove the user or application from the IAM system to ensure no further access is possible.
109
+
110
+
### Revoking kubeconfig access
111
+
112
+
To permanently revoke `kubeconfig` access via IAM:
113
+
114
+
-**Delete the API Key**: This will ensure that the user's `kubeconfig` file becomes invalid immediately.
115
+
-**Delete the Principal**: Removing the user or application guarantees that no further access can be gained, even if residual configurations exist.
116
+
117
+
<Messagetype="note">
118
+
- Be cautious when modifying IAM policies to avoid unintended access issues for other users or services.
119
+
- Regularly audit IAM settings and API keys to ensure compliance with organizational security policies.
0 commit comments