From 8430c864596a9213e23e5e6224fcc2d7953177d8 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Thu, 26 Jun 2025 11:22:53 +0200 Subject: [PATCH 1/6] feat(k8s): security group management --- .../security-group-management.mdx | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 pages/kubernetes/reference-content/security-group-management.mdx diff --git a/pages/kubernetes/reference-content/security-group-management.mdx b/pages/kubernetes/reference-content/security-group-management.mdx new file mode 100644 index 0000000000..581206fb9e --- /dev/null +++ b/pages/kubernetes/reference-content/security-group-management.mdx @@ -0,0 +1,21 @@ +--- +meta: + title: Scaleway Kubernetes Kapsule and Kosmos security group management + description: This page explains how to Scaleway Kubernetes Kapsule and Kosmos manage security groups +content: + h1: Scaleway Kubernetes Kapsule and Kosmos security group management + paragraph: This page explains how to Scaleway Kubernetes Kapsule and Kosmos manage security groups +tags: kubernetes kapsule kosmos security group +dates: + validation: 2025-06-26 + posted: 2025-06-06 +categories: + - kubernetes +--- + +Scaleway Kubernetes Kapsule and Kosmos provide managed Kubernetes services that simplify the deployment and management of containerized applications. As part of the security configuration for these services, Scaleway allows users to manage security groups for Kapsule pools to control network traffic to and from cluster nodes. This document outlines the process for managing security groups when creating and configuring pools in Scaleway Kubernetes Kapsule. +Security Group Management for Kapsule Pools +When creating a Kapsule pool, you can specify a security group ID to associate an existing security group with the pool. This allows for customized network traffic rules tailored to your specific requirements. + +If no security group ID is provided during pool creation, Scaleway assigns a default preconfigured security group named **Kapsule default security group**. This default security group is shared across all Kapsule pools within the same availability zone. +Key Changes From 98ba92a7a619cbdc54d780cc737e2fa09c78ec1d Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Thu, 26 Jun 2025 13:54:13 +0200 Subject: [PATCH 2/6] docs(k8s): security group management --- menu/navigation.json | 4 ++ .../security-group-management.mdx | 48 +++++++++++++++++-- 2 files changed, 47 insertions(+), 5 deletions(-) diff --git a/menu/navigation.json b/menu/navigation.json index 966f828ffd..fedc00a6d9 100644 --- a/menu/navigation.json +++ b/menu/navigation.json @@ -2023,6 +2023,10 @@ "label": "Setting IAM permissions and implementing RBAC on a cluster", "slug": "set-iam-permissions-and-implement-rbac" }, + { + "label": "Configuring Kubernetes security groups", + "slug": "security-group-management" + }, { "label": "Modifying kernel parameters in a Kubernetes cluster using a DaemonSet", "slug": "modifying-kernel-parameters-kubernetes-cluster" diff --git a/pages/kubernetes/reference-content/security-group-management.mdx b/pages/kubernetes/reference-content/security-group-management.mdx index 581206fb9e..f0140a38c2 100644 --- a/pages/kubernetes/reference-content/security-group-management.mdx +++ b/pages/kubernetes/reference-content/security-group-management.mdx @@ -13,9 +13,47 @@ categories: - kubernetes --- -Scaleway Kubernetes Kapsule and Kosmos provide managed Kubernetes services that simplify the deployment and management of containerized applications. As part of the security configuration for these services, Scaleway allows users to manage security groups for Kapsule pools to control network traffic to and from cluster nodes. This document outlines the process for managing security groups when creating and configuring pools in Scaleway Kubernetes Kapsule. -Security Group Management for Kapsule Pools -When creating a Kapsule pool, you can specify a security group ID to associate an existing security group with the pool. This allows for customized network traffic rules tailored to your specific requirements. +Scaleway Kubernetes Kapsule and Kosmos provide managed Kubernetes services that simplify the deployment and management of containerized applications. +As part of the security configuration for these services, Scaleway allows users to manage security groups for Kapsule pools to control network traffic to and from cluster nodes. +This document outlines the process for managing security groups when creating and configuring pools in Scaleway Kubernetes Kapsule. -If no security group ID is provided during pool creation, Scaleway assigns a default preconfigured security group named **Kapsule default security group**. This default security group is shared across all Kapsule pools within the same availability zone. -Key Changes + + Previously, Scaleway created a separate security group for each zone where a cluster had at least one pool. This approach has been replaced with the option to use either a user-specified security group or the shared default security group. + + +## Security group management for Kapsule pools + +When creating a pool using the CLI or API, you can specify a security group ID to associate an existing security group with the pool. This allows for customized network traffic rules tailored to your specific requirements. + +Run the following syntax to create a new pool using the CLI: +``` +scw k8s pool create cluster-id=11111111-1111-1111-1111-111111111111 name=bar node-type=DEV1-XL size=2 security-group-id11111111-1111-1111-1111-111111111111 +``` + + Replace `11111111-1111-1111-1111-111111111111` with the UUID of your cluster and security group. + + +For more information how to create a pool using the API, refer to the [Kubernetes API documentation](https://www.scaleway.com/en/developers/api/kubernetes/#path-pools-create-a-new-pool-in-a-cluster). + +If no security group ID is provided during pool creation, Scaleway assigns a default preconfigured security group named **Kapsule default security group**. +This default security group is shared across all Kapsule pools within the same availability zone. + +### Verify security group configuration + +After creating the pool, verify that the correct security group is applied by checking the pool details in the Scaleway console or using the CLI: + +```bash +scw k8s pool get +``` + +Ensure that the security group rules align with your application's networking needs and cluster communication requirements. + + +## Modify security group rules (Optional): + +To update the rules of an existing security group, navigate to the Instances section in the Scaleway console. +Select the security group (either the custom one or the Kapsule default security group) and [modify the inbound/outbound rules](/instances/how-to/use-security-groups/#how-to-edit-a-security-group) as needed. + + + Changes to the Kapsule default security group will affect all pools in the same zone that use this default group. + \ No newline at end of file From 8bca6d1ff44bae6bf38c7f2b9b77907022a77089 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Thu, 26 Jun 2025 15:28:22 +0200 Subject: [PATCH 3/6] Apply suggestions from code review Co-authored-by: SamyOubouaziz --- .../reference-content/security-group-management.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pages/kubernetes/reference-content/security-group-management.mdx b/pages/kubernetes/reference-content/security-group-management.mdx index f0140a38c2..994428e262 100644 --- a/pages/kubernetes/reference-content/security-group-management.mdx +++ b/pages/kubernetes/reference-content/security-group-management.mdx @@ -40,7 +40,7 @@ This default security group is shared across all Kapsule pools within the same a ### Verify security group configuration -After creating the pool, verify that the correct security group is applied by checking the pool details in the Scaleway console or using the CLI: +After creating the pool, verify that the correct security group is applied by checking the pool details in the Scaleway console, or using the CLI: ```bash scw k8s pool get @@ -49,10 +49,10 @@ scw k8s pool get Ensure that the security group rules align with your application's networking needs and cluster communication requirements. -## Modify security group rules (Optional): +## Modify security group rules (optional) To update the rules of an existing security group, navigate to the Instances section in the Scaleway console. -Select the security group (either the custom one or the Kapsule default security group) and [modify the inbound/outbound rules](/instances/how-to/use-security-groups/#how-to-edit-a-security-group) as needed. +Select the security group (either the custom one or the Kapsule default security group), and [modify the inbound/outbound rules](/instances/how-to/use-security-groups/#how-to-edit-a-security-group) as needed. Changes to the Kapsule default security group will affect all pools in the same zone that use this default group. From ef8e435f425aca1c589aeaf9ed3b6460369aab73 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Thu, 26 Jun 2025 15:28:39 +0200 Subject: [PATCH 4/6] Apply suggestions from code review Co-authored-by: SamyOubouaziz --- .../reference-content/security-group-management.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pages/kubernetes/reference-content/security-group-management.mdx b/pages/kubernetes/reference-content/security-group-management.mdx index 994428e262..577ee21dd2 100644 --- a/pages/kubernetes/reference-content/security-group-management.mdx +++ b/pages/kubernetes/reference-content/security-group-management.mdx @@ -1,10 +1,10 @@ --- meta: title: Scaleway Kubernetes Kapsule and Kosmos security group management - description: This page explains how to Scaleway Kubernetes Kapsule and Kosmos manage security groups + description: This page explains how to manage Scaleway Kubernetes Kapsule and Kosmos manage security groups content: h1: Scaleway Kubernetes Kapsule and Kosmos security group management - paragraph: This page explains how to Scaleway Kubernetes Kapsule and Kosmos manage security groups + paragraph: This page explains how to manage Scaleway Kubernetes Kapsule and Kosmos manage security groups tags: kubernetes kapsule kosmos security group dates: validation: 2025-06-26 From 700b8aa17ee58bcea64e8152f725193ccfb1e12b Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Fri, 27 Jun 2025 09:29:06 +0200 Subject: [PATCH 5/6] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Louis Portay <20128391+louisportay@users.noreply.github.com> Co-authored-by: NĂ©da <87707325+nerda-codes@users.noreply.github.com> --- .../reference-content/security-group-management.mdx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pages/kubernetes/reference-content/security-group-management.mdx b/pages/kubernetes/reference-content/security-group-management.mdx index 577ee21dd2..d1b3a0a334 100644 --- a/pages/kubernetes/reference-content/security-group-management.mdx +++ b/pages/kubernetes/reference-content/security-group-management.mdx @@ -27,16 +27,16 @@ When creating a pool using the CLI or API, you can specify a security group ID t Run the following syntax to create a new pool using the CLI: ``` -scw k8s pool create cluster-id=11111111-1111-1111-1111-111111111111 name=bar node-type=DEV1-XL size=2 security-group-id11111111-1111-1111-1111-111111111111 +scw k8s pool create cluster-id=11111111-1111-1111-1111-111111111111 name=bar node-type=DEV1-XL size=2 security-group-id=11111111-1111-1111-1111-111111111111 ``` Replace `11111111-1111-1111-1111-111111111111` with the UUID of your cluster and security group. -For more information how to create a pool using the API, refer to the [Kubernetes API documentation](https://www.scaleway.com/en/developers/api/kubernetes/#path-pools-create-a-new-pool-in-a-cluster). +For more information on how to create a pool using the API, refer to the [Kubernetes API documentation](https://www.scaleway.com/en/developers/api/kubernetes/#path-pools-create-a-new-pool-in-a-cluster). -If no security group ID is provided during pool creation, Scaleway assigns a default preconfigured security group named **Kapsule default security group**. -This default security group is shared across all Kapsule pools within the same availability zone. +If no security group ID is provided during pool creation, Scaleway assigns a default preconfigured security group named **Kapsule default security group** or **Kosmos default security group**. +This default security group is shared across all Kapsule pools within the same Availability Zone in the same Project. ### Verify security group configuration @@ -55,5 +55,5 @@ To update the rules of an existing security group, navigate to the Instances sec Select the security group (either the custom one or the Kapsule default security group), and [modify the inbound/outbound rules](/instances/how-to/use-security-groups/#how-to-edit-a-security-group) as needed. - Changes to the Kapsule default security group will affect all pools in the same zone that use this default group. + Changes to the Kapsule default security group will affect all pools in the same zone that uses this default group. \ No newline at end of file From 28035ad0fcdb40397642518161540a4f51cf6dc3 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Fri, 27 Jun 2025 09:37:26 +0200 Subject: [PATCH 6/6] feat(k8s): update content --- .../reference-content/security-group-management.mdx | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pages/kubernetes/reference-content/security-group-management.mdx b/pages/kubernetes/reference-content/security-group-management.mdx index d1b3a0a334..61efbc1e26 100644 --- a/pages/kubernetes/reference-content/security-group-management.mdx +++ b/pages/kubernetes/reference-content/security-group-management.mdx @@ -1,10 +1,10 @@ --- meta: title: Scaleway Kubernetes Kapsule and Kosmos security group management - description: This page explains how to manage Scaleway Kubernetes Kapsule and Kosmos manage security groups + description: This page explains how Scaleway Kubernetes Kapsule and Kosmos manage security groups content: h1: Scaleway Kubernetes Kapsule and Kosmos security group management - paragraph: This page explains how to manage Scaleway Kubernetes Kapsule and Kosmos manage security groups + paragraph: This page explains how Scaleway Kubernetes Kapsule and Kosmos manage security groups tags: kubernetes kapsule kosmos security group dates: validation: 2025-06-26 @@ -38,6 +38,10 @@ For more information on how to create a pool using the API, refer to the [Kubern If no security group ID is provided during pool creation, Scaleway assigns a default preconfigured security group named **Kapsule default security group** or **Kosmos default security group**. This default security group is shared across all Kapsule pools within the same Availability Zone in the same Project. + + Support for Terraform / OpenTofu will be added soon. + + ### Verify security group configuration After creating the pool, verify that the correct security group is applied by checking the pool details in the Scaleway console, or using the CLI: @@ -46,7 +50,7 @@ After creating the pool, verify that the correct security group is applied by ch scw k8s pool get ``` -Ensure that the security group rules align with your application's networking needs and cluster communication requirements. +Ensure that the security group rules align with your application's networking needs and [cluster communication requirements](https://www.scaleway.com/en/developers/api/kubernetes/#technical-limitations). ## Modify security group rules (optional)