From 9f39c381fa7ebf1dc33c6f00af950148f0b3194a Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 15 Jul 2025 16:57:38 +0200 Subject: [PATCH 1/4] docs(k8s): update docs rbac --- .../how-to/connect-cluster-kubectl.mdx | 20 ++++--------------- ...set-iam-permissions-and-implement-rbac.mdx | 20 +++++++++++++++++++ 2 files changed, 24 insertions(+), 16 deletions(-) diff --git a/pages/kubernetes/how-to/connect-cluster-kubectl.mdx b/pages/kubernetes/how-to/connect-cluster-kubectl.mdx index 852f4131c1..53e132a5bc 100644 --- a/pages/kubernetes/how-to/connect-cluster-kubectl.mdx +++ b/pages/kubernetes/how-to/connect-cluster-kubectl.mdx @@ -30,23 +30,11 @@ If your Organization uses IAM to control access, ensure that you or your group/a - `KubernetesFullAccess` (or `KubernetesReadOnly`, depending on your needs): Grants you the ability to manage (or list/read) Kubernetes clusters, nodes, and related actions in your Scaleway Project. -To create a new policy with the correct permission sets, follow these steps: - -### Configure an IAM policy - -1. **Create a new policy**: Navigate to the **Policies** tab in your Organization’s IAM console and create a new policy. -2. **Add your user (or group/application)**: Assign your user, group, or application as the **Principal**. -3. **Add an IAM rule**: - - **Scope**: Set to **Access to resources** and specify the desired Project(s). - - **Permission Sets**: Include the following as needed: - - `KubernetesFullAccess` for full cluster management. - - `KubernetesReadOnly` for read-only access. -4. Click **Validate** and then **Create Policy**. - - - Refer to our [policy and permission sets documentation](/iam/reference-content/permission-sets/) for more details. - - Scaleway may **automatically generate IAM resources**, such as applications, groups and policies. Refer to [auto-generated IAM resources](/iam/reference-content/auto-generated-iam-resources/) for further information. - + + If you do not have setup IAM for your account yet, you can generate a `kubeconfig` file with IAM after cluster creation from the Scaleway console. + +For detailed information about the configuration of IAM policies for your Kubernetes clusters, refer to our dedicated documentation [Setting IAM permissions and implementing RBAC on a cluster](/kubernetes/reference-content/set-iam-permissions-and-and-implement-rbac/). ## Accessing the cluster You can use the Scaleway CLI to automatically retrieve (and merge) your `kubeconfig` file, then interact with your Kubernetes cluster. diff --git a/pages/kubernetes/reference-content/set-iam-permissions-and-implement-rbac.mdx b/pages/kubernetes/reference-content/set-iam-permissions-and-implement-rbac.mdx index 5eb6d503e9..385751e949 100644 --- a/pages/kubernetes/reference-content/set-iam-permissions-and-implement-rbac.mdx +++ b/pages/kubernetes/reference-content/set-iam-permissions-and-implement-rbac.mdx @@ -31,6 +31,26 @@ An [IAM policy](/iam/concepts/#policy) defines the permissions for users, groups The combination of IAM and Kubernetes RBAC allows you to define fine-grained access levels for cluster users. + + For more information how to download and use the `kubeconfig` file with IAM permissions, refer to [How to connect to a Kubernetes Kapsule cluster with kubectl](/kubernetes/how-to/connect-cluster-kubectl/). + + +### Configuring an IAM policy + +To create a new policy with the correct permission sets using the [Scaleway console](https://console.scaleway.com/), follow these steps: + +1. **Create a new policy**: Navigate to the **Policies** tab in your Organization’s IAM console and create a new policy. +2. **Add your user (or group/application)**: Assign your user, group, or application as the **Principal**. +3. **Add an IAM rule**: + - **Scope**: Set to **Access to resources** and specify the desired Project(s). + - **Permission Sets**: Include the following as needed: + - `KubernetesFullAccess` for full cluster management. + - `KubernetesReadOnly` for read-only access. +4. Click **Validate** and then **Create Policy**. + + - Refer to our [policy and permission sets documentation](/iam/reference-content/permission-sets/) for more details. + - Scaleway may **automatically generate IAM resources**, such as applications, groups and policies. Refer to [auto-generated IAM resources](/iam/reference-content/auto-generated-iam-resources/) for further information. + ### Mapping IAM permission sets to Kubernetes groups From d9722e153aa1e493b28f2b3e4532e2b5bcb445c0 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 15 Jul 2025 16:58:51 +0200 Subject: [PATCH 2/4] docs(k8s): update rbac information --- pages/kubernetes/how-to/connect-cluster-kubectl.mdx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pages/kubernetes/how-to/connect-cluster-kubectl.mdx b/pages/kubernetes/how-to/connect-cluster-kubectl.mdx index 53e132a5bc..0606b1010a 100644 --- a/pages/kubernetes/how-to/connect-cluster-kubectl.mdx +++ b/pages/kubernetes/how-to/connect-cluster-kubectl.mdx @@ -30,11 +30,12 @@ If your Organization uses IAM to control access, ensure that you or your group/a - `KubernetesFullAccess` (or `KubernetesReadOnly`, depending on your needs): Grants you the ability to manage (or list/read) Kubernetes clusters, nodes, and related actions in your Scaleway Project. +If you do not have configured IAM for your account yet, you can generate a `kubeconfig` file with IAM and required permission sets after cluster creation from the Scaleway console. + - If you do not have setup IAM for your account yet, you can generate a `kubeconfig` file with IAM after cluster creation from the Scaleway console. +For detailed information about the configuration of IAM policies for your Kubernetes clusters, refer to our dedicated documentation [Setting IAM permissions and implementing RBAC on a cluster](/kubernetes/reference-content/set-iam-permissions-and-and-implement-rbac/). -For detailed information about the configuration of IAM policies for your Kubernetes clusters, refer to our dedicated documentation [Setting IAM permissions and implementing RBAC on a cluster](/kubernetes/reference-content/set-iam-permissions-and-and-implement-rbac/). ## Accessing the cluster You can use the Scaleway CLI to automatically retrieve (and merge) your `kubeconfig` file, then interact with your Kubernetes cluster. From a2fe886dd00802f76a31095f98fa9aea760ea6c3 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 15 Jul 2025 17:06:22 +0200 Subject: [PATCH 3/4] fix(k8s): fix typo --- pages/kubernetes/how-to/connect-cluster-kubectl.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/kubernetes/how-to/connect-cluster-kubectl.mdx b/pages/kubernetes/how-to/connect-cluster-kubectl.mdx index 0606b1010a..b1d641d209 100644 --- a/pages/kubernetes/how-to/connect-cluster-kubectl.mdx +++ b/pages/kubernetes/how-to/connect-cluster-kubectl.mdx @@ -33,7 +33,7 @@ If your Organization uses IAM to control access, ensure that you or your group/a If you do not have configured IAM for your account yet, you can generate a `kubeconfig` file with IAM and required permission sets after cluster creation from the Scaleway console. -For detailed information about the configuration of IAM policies for your Kubernetes clusters, refer to our dedicated documentation [Setting IAM permissions and implementing RBAC on a cluster](/kubernetes/reference-content/set-iam-permissions-and-and-implement-rbac/). +For detailed information about the configuration of IAM policies for your Kubernetes clusters, refer to our dedicated documentation [Setting IAM permissions and implementing RBAC on a cluster](/kubernetes/reference-content/set-iam-permissions-and-implement-rbac/). ## Accessing the cluster From 58fcd0f911ced499a866a6605830f1348e6b192e Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 15 Jul 2025 17:23:15 +0200 Subject: [PATCH 4/4] Apply suggestions from code review Co-authored-by: Jessica <113192637+jcirinosclwy@users.noreply.github.com> --- pages/kubernetes/how-to/connect-cluster-kubectl.mdx | 2 +- .../set-iam-permissions-and-implement-rbac.mdx | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pages/kubernetes/how-to/connect-cluster-kubectl.mdx b/pages/kubernetes/how-to/connect-cluster-kubectl.mdx index b1d641d209..89cc0408b1 100644 --- a/pages/kubernetes/how-to/connect-cluster-kubectl.mdx +++ b/pages/kubernetes/how-to/connect-cluster-kubectl.mdx @@ -30,7 +30,7 @@ If your Organization uses IAM to control access, ensure that you or your group/a - `KubernetesFullAccess` (or `KubernetesReadOnly`, depending on your needs): Grants you the ability to manage (or list/read) Kubernetes clusters, nodes, and related actions in your Scaleway Project. -If you do not have configured IAM for your account yet, you can generate a `kubeconfig` file with IAM and required permission sets after cluster creation from the Scaleway console. +If you have not yet configured IAM on your account, you can generate a `kubeconfig` file with IAM and the required permission sets from the Scaleway console after creating a cluster. For detailed information about the configuration of IAM policies for your Kubernetes clusters, refer to our dedicated documentation [Setting IAM permissions and implementing RBAC on a cluster](/kubernetes/reference-content/set-iam-permissions-and-implement-rbac/). diff --git a/pages/kubernetes/reference-content/set-iam-permissions-and-implement-rbac.mdx b/pages/kubernetes/reference-content/set-iam-permissions-and-implement-rbac.mdx index 385751e949..51e0696591 100644 --- a/pages/kubernetes/reference-content/set-iam-permissions-and-implement-rbac.mdx +++ b/pages/kubernetes/reference-content/set-iam-permissions-and-implement-rbac.mdx @@ -32,18 +32,18 @@ An [IAM policy](/iam/concepts/#policy) defines the permissions for users, groups The combination of IAM and Kubernetes RBAC allows you to define fine-grained access levels for cluster users. - For more information how to download and use the `kubeconfig` file with IAM permissions, refer to [How to connect to a Kubernetes Kapsule cluster with kubectl](/kubernetes/how-to/connect-cluster-kubectl/). + For more information on how to download and use the `kubeconfig` file with IAM permissions, refer to [How to connect to a Kubernetes Kapsule cluster with kubectl](/kubernetes/how-to/connect-cluster-kubectl/). ### Configuring an IAM policy To create a new policy with the correct permission sets using the [Scaleway console](https://console.scaleway.com/), follow these steps: -1. **Create a new policy**: Navigate to the **Policies** tab in your Organization’s IAM console and create a new policy. +1. **Create a new policy**: Navigate to the **Policies** tab in your Organization’s IAM console and [create a new policy](/iam/how-to/create-policy/). 2. **Add your user (or group/application)**: Assign your user, group, or application as the **Principal**. 3. **Add an IAM rule**: - **Scope**: Set to **Access to resources** and specify the desired Project(s). - - **Permission Sets**: Include the following as needed: + - **Permission Sets**: Include the following, as needed: - `KubernetesFullAccess` for full cluster management. - `KubernetesReadOnly` for read-only access. 4. Click **Validate** and then **Create Policy**.