Skip to navigationSkip to main contentSkip to footerScaleway DocsAsk our AI
Ask our AI
Log inSign up

How to connect to a Kubernetes Kapsule cluster with kubectl

Once your cluster is created, you can install a kubeconfig file using Scaleway's command-line tool on your local machine to manage your Kubernetes cluster.

You can use this with kubectl, the Kubernetes command-line tool, allowing you to run commands against your Kubernetes cluster. This enables you to deploy applications, inspect and manage cluster resources, and view logs directly from your local machine.

Before you start

To complete the actions presented below, you must have:

Setting fine-grained permissions (IAM Policies) for Kubernetes access

If your Organization uses IAM to control access, ensure that you or your group/application has the following permission sets assigned at the Project scope:

  • KubernetesFullAccess (or KubernetesReadOnly, depending on your needs): Grants you the ability to manage (or list/read) Kubernetes clusters, nodes, and related actions in your Scaleway Project.

If you have not yet configured IAM on your account, you can generate a kubeconfig file with IAM and the required permission sets from the Scaleway console after creating a cluster.

Tip

For detailed information about the configuration of IAM policies for your Kubernetes clusters, refer to our dedicated documentation Setting IAM permissions and implementing RBAC on a cluster.

Accessing the cluster

Revoking user access to the Kubernetes cluster

When a user loses access rights (e.g., departs from the Organization), the Kubernetes administrator must take steps to revoke their access to the cluster. This is typically done by modifying IAM settings, such as adjusting policies or deleting the user’s credentials.

Steps to revoke access

To revoke a user's access to the cluster, ensure that any API keys associated with the user are no longer granted permission. Here are the steps you can take:

Delete the API key

  • Locate the API key associated with the user.
  • Remove the key to immediately revoke access.

Modify IAM policies

  • Adjust the IAM policy linked to the API key to limit or remove its permissions.

Reassign the user to a restricted group

  • Transfer the principal (application or user) to a group with reduced permissions that does not allow cluster access.

Delete the principal

  • Permanently remove the user or application from the IAM system to ensure no further access is possible.

Revoking kubeconfig access

To permanently revoke kubeconfig access via IAM:

  • Delete the API Key: This will ensure that the user's kubeconfig file becomes invalid immediately.
  • Delete the Principal: Removing the user or application guarantees that no further access can be gained, even if residual configurations exist.
Note
  • Be cautious when modifying IAM policies to avoid unintended access issues for other users or services.
  • Regularly audit IAM settings and API keys to ensure compliance with organizational security policies.
See Also
How to manage allowed IPsHow to manage Kapsule node pools
Still need help?

Create a support ticket
No Results