Scaleway Kubernetes Kapsule and Kosmos security group management
Scaleway Kubernetes Kapsule and Kosmos provide managed Kubernetes services that simplify the deployment and management of containerized applications. As part of the security configuration for these services, Scaleway allows users to manage security groups for Kapsule pools to control network traffic to and from cluster nodes. This document outlines the process for managing security groups when creating and configuring pools in Scaleway Kubernetes Kapsule.
Security group management for Kapsule pools
When creating a pool using the CLI or API, you can specify a security group ID to associate an existing security group with the pool. This allows for customized network traffic rules tailored to your specific requirements.
Run the following syntax to create a new pool using the CLI:
scw k8s pool create cluster-id=11111111-1111-1111-1111-111111111111 name=bar node-type=DEV1-XL size=2 security-group-id=11111111-1111-1111-1111-111111111111For more information on how to create a pool using the API, refer to the Kubernetes API documentation.
If no security group ID is provided during pool creation, Scaleway assigns a default preconfigured security group named Kapsule default security group or Kosmos default security group. This default security group is shared across all Kapsule pools within the same Availability Zone in the same Project.
Verify security group configuration
After creating the pool, verify that the correct security group is applied by checking the pool details in the Scaleway console, or using the CLI:
scw k8s pool get <pool-id>Ensure that the security group rules align with your application's networking needs and cluster communication requirements.
Modify security group rules (optional)
To update the rules of an existing security group, navigate to the Instances section in the Scaleway console. Select the security group (either the custom one or the Kapsule default security group), and modify the inbound/outbound rules as needed.