DRAFT: feat(k8s): add acl docs

containers/kubernetes/how-to/manage-allowed-ips.mdx

@@ -0,0 +1,50 @@
+---
+meta:
+  title: Managing allowed IP addresses for Kubernetes products
+  description: Learn how to manage allowed IP addresses for your Kubernetes Kapsule and Kosmos clusters. Configure access restrictions with our step-by-step guide.
+content:
+  h1: Managing allowed IP addresses for Kubernetes products
+  paragraph: Learn how to manage allowed IP addresses for your Kubernetes Kapsule and Kosmos clusters. Configure access restrictions with our step-by-step guide.
+tags: kubernetes kapsule kosmos
+dates:
+  validation: 2024-11-05
+  posted: 2024-11-05
+categories:
+  - containers
+---
+
+Restricting IPs on Kubernetes Kapsule or Kosmos clusters enhances security by limiting access to only trusted sources, thereby reducing the risk of unauthorized access and potential attacks.
+This control ensures that only specific IP addresses or networks can interact with your clusters, providing an additional layer of protection.
+The default entry `0.0.0.0/0` enables any host to establish a connection.
+
+<Macro id="requirements" />
+
+- Scaleway account logged into the [Scaleway console](https://console.scaleway.com)
+- [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing actions in the intended Organization
+- [Created](/containers/kubernetes/how-to/create-cluster) a Kubernetes Kapsule or Kosmos cluster
+
+<Message type="note">
+  Allowed IP configuration is available for public networks only.
+</Message>
+
+## How to add an IP address
+
+1. Click **Kubernetes** in the **Containers** section of the [Scaleway console](https://console.scaleway.com). The **Kubernetes Kapsule dashboard** appears.
+2. Select the cluster you wish to configure. The **Cluster information** page opens.
+3. Click the **Network** tab to display your cluster's network information. Your access control list appears in the **Allowed IPs for control plane** section.
+4. Click **Add allowed IP**. Enter the IP address or IP block in [CIDR notation](/network/ipam/concepts/#cidr-notation) (e.g., `198.51.100.135/32` for a single IP, `198.51.100.0/24` for an IP block) and click **Add IPs**.
+   <Message type="note">
+      To restore default settings and allow connections from all IPs, add `0.0.0.0/0` to the list.
+   </Message>
+
+<Message type="important">
+    For **Kosmos** multi-cloud clusters, allow connections from all Scaleway IP subnets to ensure proper functionality. Access from these IPs cannot be restricted. Refer to our [peering information](https://www.scaleway.com/en/peering/) for details on all Scaleway IP prefixes.
+</Message>
+
+## How to delete an IP address
+
+1. Click **Kubernetes** in the **Containers** section of the [Scaleway console](https://console.scaleway.com). The **Kubernetes Kapsule dashboard** appears.
+2. Select the cluster you wish to configure. The **Cluster information** page opens.
+3. Click the **Network** tab to display your cluster's network information. Your access control list appears in the **Allowed IPs for control plane** section.
+4. Locate the IP address in your allowed list.
+5. Click <Icon name="delete" /> next to the IP you want to delete. Confirm by typing **DELETE** in the pop-up, then click **Delete allowed IP** to confirm deletion.

menu/navigation.json

@@ -1348,6 +1348,10 @@
                     "label": "Manage a Kosmos cluster",
                     "slug": "edit-kosmos-cluster"
                   },
+                  {
+                    "label": "Manage allowed IPs",
+                    "slug": "manage-allowed-ips"
+                  },
                   {
                     "label": "Connect to a cluster with kubectl",
                     "slug": "connect-cluster-kubectl"
@@ -4885,4 +4889,4 @@
     ],
     "label": "Additional Services"
   }
-]
+]