diff --git a/containers/kubernetes/how-to/connect-cluster-kubectl.mdx b/containers/kubernetes/how-to/connect-cluster-kubectl.mdx index 09784bc398..b754585203 100644 --- a/containers/kubernetes/how-to/connect-cluster-kubectl.mdx +++ b/containers/kubernetes/how-to/connect-cluster-kubectl.mdx @@ -7,7 +7,7 @@ content: paragraph: This page explains how to connect to a Kubernetes cluster via kubectl tags: connection cluster kubectl dates: - validation: 2024-05-13 + validation: 2024-11-05 posted: 2020-09-20 categories: - kubernetes @@ -41,5 +41,3 @@ Once your [cluster is created](/containers/kubernetes/how-to/create-cluster/), a ``` kubectl get nodes ``` - - diff --git a/containers/kubernetes/how-to/deploy-image-from-container-registry.mdx b/containers/kubernetes/how-to/deploy-image-from-container-registry.mdx index a44ce186d5..5eeb7afdaa 100644 --- a/containers/kubernetes/how-to/deploy-image-from-container-registry.mdx +++ b/containers/kubernetes/how-to/deploy-image-from-container-registry.mdx @@ -7,7 +7,7 @@ content: paragraph: This page explains how to deploy an image from Scaleway Container Registry to Kubernetes Kapsule tags: deploy scaleway-container-registry container-registry kubernetes-kapsule kapsule dates: - validation: 2024-08-26 + validation: 2024-11-05 posted: 2020-09-20 categories: - container-registry @@ -175,5 +175,3 @@ To deploy the previously created container image in a Kapsule cluster, you need As you can see in the output above, the image has been pulled successfully from the registry and two replicas of it are running on the Kapsule cluster. For more information how to use your Container Registry with Kubernetes, refer to the [official documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). - - diff --git a/containers/kubernetes/how-to/revoke-kubeconfig.mdx b/containers/kubernetes/how-to/revoke-kubeconfig.mdx new file mode 100644 index 0000000000..888b8646d9 --- /dev/null +++ b/containers/kubernetes/how-to/revoke-kubeconfig.mdx @@ -0,0 +1,71 @@ +--- +meta: + title: How to revoke a Kubeconfig of a Kubernetes cluster + description: This page explains how to revoke a Kubeconfig of a Kubernetes cluster +content: + h1: How to revoke a Kubeconfig of a Kubernetes cluster + paragraph: This page explains how to revoke a Kubeconfig of a Kubernetes cluster +tags: kubernetes cluster kubeconfig revoke iam +dates: + validation: 2024-11-05 + posted: 2024-11-05 +categories: + - kubernetes +--- + + + + + - You have an account and are logged into the [Scaleway console](https://console.scaleway.com) + - You have [created](/containers/kubernetes/how-to/create-cluster) a Kubernetes cluster + + +Scaleway's managed Kubernetes now uses an [updated authentication system](/containers/kubernetes/how-to/manage-kubeconfig-with-iam/), based on IAM (Identity and Access Management) tokens. **This leads to the simultaneous existence of two authentication mechanisms.** + +Previously, users were limited to static admin tokens provided by Scaleway. + +With the new system, if a user loses access rights (e.g., departs from the Organization), the Kubernetes administrator can modify the IAM group, adjust its policy, or eliminate the user to revoke cluster access. +This approach deviates from the previous method where the owner had to reset the admin token, affecting all other users and necessitating actions through the Scaleway console, CLI, or API methods. + +## How to revoke a Kubeconfig file with IAM + +To revoke cluster access, you have to ensure that the API key associated with it is no longer granted permission. + +Any of the following IAM modifications will restrict access: + +- Delete the API key. +- Modify its policy to limit permissions. +- Transfer the principal to a different group with fewer permissions. +- Delete the principal (application or user). + +To permanently revoke Kubeconfig access with IAM, either delete the corresponding API key or delete the principal. + +## How to reset the admin token of a cluster (deprecated) + + + Keep in mind that this method is deprecated and is no longer available from the Scaleway console. You can perform these actions using the CLI/API only. + + +You can reset the admin token, thereby invalidating all associated legacy Kubeconfig files, through one of the following methods: + + + Exercise caution as this action will restart the cluster control plane and revoke the admin authentication token. Consequently, users will no longer be able to generate legacy Kubeconfig files using an admin token (deprecated, replaced by IAM). + + +### Using the CLI + +Run the following command to remove the admin token from a cluster: + +```sh +scw k8s cluster reset-admin-token region= +``` +Remember to replace `` with the ID and `` with the region of your Kubernetes cluster. + +### Using the API + +Refer to the developers documentation: [Resetting the admin token of a cluster](https://www.scaleway.com/en/developers/api/kubernetes/#path-clusters-reset-the-admin-token-of-a-cluster). + + + How to connect to a cluster with kubectl + How to deploy an image from Container Registry + diff --git a/menu/navigation.json b/menu/navigation.json index ca7572b506..39dec36d28 100644 --- a/menu/navigation.json +++ b/menu/navigation.json @@ -1620,6 +1620,10 @@ "label": "Connect to a cluster with kubectl", "slug": "connect-cluster-kubectl" }, + { + "label": "Revoke a kubeconfig", + "slug": "revoke-kubeconfig" + }, { "label": "Deploy an image from Container Registry", "slug": "deploy-image-from-container-registry"