scaleway · bene2k1 · Jun 27, 2025 · Jun 26, 2025 · Jun 26, 2025 · Jun 26, 2025
diff --git a/menu/navigation.json b/menu/navigation.json
@@ -2023,6 +2023,10 @@
                     "label": "Setting IAM permissions and implementing RBAC on a cluster",
                     "slug": "set-iam-permissions-and-implement-rbac"
                   },
+                  {
+                    "label": "Configuring Kubernetes security groups",
+                    "slug": "security-group-management"
+                  },
                   {
                     "label": "Modifying kernel parameters in a Kubernetes cluster using a DaemonSet",
                     "slug": "modifying-kernel-parameters-kubernetes-cluster"

@@ -0,0 +1,59 @@
+---
+meta:
+  title: Scaleway Kubernetes Kapsule and Kosmos security group management
+  description: This page explains how to Scaleway Kubernetes Kapsule and Kosmos manage security groups
+content:
+  h1:  Scaleway Kubernetes Kapsule and Kosmos security group management
+  paragraph: This page explains how to Scaleway Kubernetes Kapsule and Kosmos manage security groups
+tags: kubernetes kapsule kosmos security group
+dates:
+  validation: 2025-06-26
+  posted: 2025-06-06
+categories:
+  - kubernetes
+---
+
+Scaleway Kubernetes Kapsule and Kosmos provide managed Kubernetes services that simplify the deployment and management of containerized applications.
+As part of the security configuration for these services, Scaleway allows users to manage security groups for Kapsule pools to control network traffic to and from cluster nodes.
+This document outlines the process for managing security groups when creating and configuring pools in Scaleway Kubernetes Kapsule.
+
+<Message type="note">
+  Previously, Scaleway created a separate security group for each zone where a cluster had at least one pool. This approach has been replaced with the option to use either a user-specified security group or the shared default security group.
+</Message>
+
+## Security group management for Kapsule pools
+
+When creating a pool using the CLI or API, you can specify a security group ID to associate an existing security group with the pool. This allows for customized network traffic rules tailored to your specific requirements.
+
+Run the following syntax to create a new pool using the CLI:
+```
+scw k8s pool create cluster-id=11111111-1111-1111-1111-111111111111 name=bar node-type=DEV1-XL size=2 security-group-id11111111-1111-1111-1111-111111111111
+```
+<Message type="note">
+  Replace `11111111-1111-1111-1111-111111111111` with the UUID of your cluster and security group.
+</Message>
+
+For more information how to create a pool using the API, refer to the [Kubernetes API documentation](https://www.scaleway.com/en/developers/api/kubernetes/#path-pools-create-a-new-pool-in-a-cluster).
+
+If no security group ID is provided during pool creation, Scaleway assigns a default preconfigured security group named **Kapsule default security group**.
+This default security group is shared across all Kapsule pools within the same availability zone.
+
+### Verify security group configuration
+
+After creating the pool, verify that the correct security group is applied by checking the pool details in the Scaleway console or using the CLI:
+
+```bash
+scw k8s pool get <pool-id>
+```
+
+Ensure that the security group rules align with your application's networking needs and cluster communication requirements.
+
+
+## Modify security group rules (Optional):
+
+To update the rules of an existing security group, navigate to the Instances section in the Scaleway console.
+Select the security group (either the custom one or the Kapsule default security group) and [modify the inbound/outbound rules](/instances/how-to/use-security-groups/#how-to-edit-a-security-group) as needed.
+
+<Message type="important">
+  Changes to the Kapsule default security group will affect all pools in the same zone that use this default group.
+</Message>