DRAFT: feat(k8s): add acl docs #3460
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bene2k1
added
the
do not merge
Tomy2e
approved these changes
Jul 25, 2024
github-actions
bot
added
the
status: draft
bene2k1
commented
Nov 4, 2024
github-actions
bot
removed
the
status: draft
ldecarvalho-doc
approved these changes
Nov 4, 2024
jcirinosclwy
approved these changes
Nov 4, 2024
| paragraph: Learn how to manage allowed IP addresses for your Kubernetes Kapsule and Kosmos clusters. Configure access restrictions with our step-by-step guide. | ||
| tags: kubernetes kapsule kosmos | ||
| dates: | ||
| validation: 2024-11-05 |
There was a problem hiding this comment.
Suggested change
| validation: 2024-11-05 | |
| validation: 2024-12-16 |
| tags: kubernetes kapsule kosmos | ||
| dates: | ||
| validation: 2024-11-05 | ||
| posted: 2024-11-05 |
There was a problem hiding this comment.
Suggested change
| posted: 2024-11-05 | |
| posted: 2024-12-16 |
Comment on lines
+16
to
+18
| Restricting IPs on Kubernetes Kapsule or Kosmos clusters enhances security by limiting access to only trusted sources, thereby reducing the risk of unauthorized access and potential attacks. | ||
| This control ensures that only specific IP addresses or networks can interact with your clusters, providing an additional layer of protection. | ||
| The default entry `0.0.0.0/0` enables any host to establish a connection. |
There was a problem hiding this comment.
Suggested change
| Restricting IPs on Kubernetes Kapsule or Kosmos clusters enhances security by limiting access to only trusted sources, thereby reducing the risk of unauthorized access and potential attacks. | |
| This control ensures that only specific IP addresses or networks can interact with your clusters, providing an additional layer of protection. | |
| The default entry `0.0.0.0/0` enables any host to establish a connection. | |
| Restricting IPs on Kubernetes Kapsule or Kosmos clusters enhances security by limiting access to only trusted sources. Since only IP addresses and networks specified by you can interact with your clusters, you reduce the risk of unauthorized access and potential attacks. | |
| The default entry `0.0.0.0/0` enables any host to establish a connection. |
|
|
||
| <Macro id="requirements" /> | ||
|
|
||
| - Scaleway account logged into the [Scaleway console](https://console.scaleway.com) |
There was a problem hiding this comment.
Suggested change
| - Scaleway account logged into the [Scaleway console](https://console.scaleway.com) | |
| - A Scaleway account logged into the [Scaleway console](https://console.scaleway.com) |
|
|
||
| ## How to add an IP address | ||
|
|
||
| 1. Click **Kubernetes** in the **Containers** section of the [Scaleway console](https://console.scaleway.com). The **Kubernetes Kapsule dashboard** appears. |
There was a problem hiding this comment.
Suggested change
| 1. Click **Kubernetes** in the **Containers** section of the [Scaleway console](https://console.scaleway.com). The **Kubernetes Kapsule dashboard** appears. | |
| 1. Click **Kubernetes** in the **Containers** section of the [Scaleway console](https://console.scaleway.com). The **Kubernetes dashboard** appears. |
There was a problem hiding this comment.
We're specifying Kubernetes Kapsule here, but the requirements say that users can do this either on a Kapsule or Kosmos cluster. We must either remove the Kapsule mention here or state that the settings we show on this page are specifically for Kapsule, no?
| 1. Click **Kubernetes** in the **Containers** section of the [Scaleway console](https://console.scaleway.com). The **Kubernetes Kapsule dashboard** appears. | ||
| 2. Select the cluster you wish to configure. The **Cluster information** page opens. | ||
| 3. Click the **Network** tab to display your cluster's network information. Your access control list appears in the **Allowed IPs for control plane** section. | ||
| 4. Click **Add allowed IP**. Enter the IP address or IP block in [CIDR notation](/network/ipam/concepts/#cidr-notation) (e.g., `198.51.100.135/32` for a single IP, `198.51.100.0/24` for an IP block) and click **Add IPs**. |
There was a problem hiding this comment.
Suggested change
| 4. Click **Add allowed IP**. Enter the IP address or IP block in [CIDR notation](/network/ipam/concepts/#cidr-notation) (e.g., `198.51.100.135/32` for a single IP, `198.51.100.0/24` for an IP block) and click **Add IPs**. | |
| 4. Click **Add allowed IP**. Enter the IP address or IP block in [CIDR notation](/network/ipam/concepts/#cidr-notation) (e.g., `198.51.100.135/32` for a single IP, `198.51.100.0/24` for an IP block), then click **Add IP(s)**. |
|
|
||
| ## How to delete an IP address | ||
|
|
||
| 1. Click **Kubernetes** in the **Containers** section of the [Scaleway console](https://console.scaleway.com). The **Kubernetes Kapsule dashboard** appears. |
There was a problem hiding this comment.
Check if Kapsule mention should be here.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Your checklist for this pull request
Description
Please describe what you added or changed.