Skip to navigationSkip to main contentSkip to footerScaleway Docs

How to enable or disable SSH ports on Kubernetes Kapsule cluster nodes

Kubernetes Kapsule clusters are provisioned with a default security group as standard. Clusters deployed prior to May 2023 allow inbound traffic to the nodes.

Since May 2023, each Kapsule cluster comes with a default security group implementing an inbound DROP ALL policy, effectively blocking all incoming connections by default.

To activate the preinstalled SSH server for node access within the cluster, it is necessary to manually configure a custom rule in the cluster's security group to allow inbound traffic on TCP port 22.

Before you start

To complete the actions presented below, you must have:

  • A Scaleway account logged into the console
  • Owner status or IAM permissions allowing you to perform actions in the intended Organization
  • Created a Kubernetes Kapsule cluster
  1. Click Instances in the side menu, then click Security groups to view the security group section in your Scaleway console.
  2. Click more icon next to the security group you intend to configure and choose More info. The security group's overview displays.
    Tip

    Alternatively, you can also select the security group's name. The security group's overview displays.

  3. Access the Rules tab to view the security group rules.
  4. In the Rules section of the security group, click edit icon to edit the rules.
  5. Configure a new custom inbound rule:
    • Rule: accept
    • Protocol: TCP
    • Port: 22 (standard SSH port)
    • IP range: Specify a CIDR IP range authorized for connection to your Instance. As an option, select All IPs to allow connections from any IP. It is recommended to restrict access to your rule to a limited IP range for maximum security.
  6. Click validate icon to validate the security group configuration.
Still need help?

Create a support ticket
No Results