How to enable or disable SSH ports on Kubernetes Kapsule cluster nodes
Kubernetes Kapsule clusters are provisioned with a default security group as standard. Clusters deployed prior to May 2023 allow inbound traffic to the nodes.
Since May 2023, each Kapsule cluster comes with a default security group implementing an inbound
DROP ALL policy, effectively blocking all incoming connections by default.
To activate the preinstalled SSH server for node access within the cluster, it is necessary to manually configure a custom rule in the cluster’s security group to allow inbound traffic on TCP port 22.
You may need certain IAM permissions to carry out some actions described on this page. This means:
- You have an account and are logged into the Scaleway console
- You have created a Kubernetes Kapsule cluster
- This feature is available on the nodes of your cluster
- Click Instances in the side menu, then click Security groups to view the security group section in your Scaleway console.
- Select “more” «See more Icon» adjacent to the security group you intend to configure and choose More info. The security group’s overview displays.
Alternatively, you can also select the security group’s name. The security group’s overview displays.
- Access the Rules tab to view the security group rules.
- In the Rules section of the security group, select “edit” «Edit Icon».
- Configure a new custom inbound rule:
- Rule: accept
- Protocol: TCP
- Port: 22 (standard SSH port)
- IP range: Specify a CIDR IP range authorized for connection to your Instance. As an option, select All IPs to allow connections from any IP. It is recommended to restrict access to your rule to a limited IP range for maximum security.
- Confirm the security group configuration by clicking “validate” «Validate Icon».