scaleway · bene2k1 · Nov 28, 2023 · Nov 28, 2023 · Jan 9, 2024 · Jan 9, 2024
@@ -45,5 +45,5 @@ Once your [cluster is created](/containers/kubernetes/how-to/create-cluster), a
 
 <Navigation title="See Also">
   <PreviousButton to="/containers/kubernetes/how-to/edit-kosmos-cluster/">How to manage a Kosmos cluster</PreviousButton>
-  <NextButton to="/containers/kubernetes/how-to/deploy-image-from-container-registry/">How to deploy an image from Container Registry</NextButton>
+  <NextButton to="/containers/kubernetes/how-to/revoke-kubeconfig/">How to revoke a kubeconfig of a Kapsule cluster</NextButton>
 </Navigation>
@@ -180,6 +180,6 @@ For more information how to use your Container Registry with Kubernetes, refer t
 
 
 <Navigation title="See Also">
-  <PreviousButton to="/containers/kubernetes/how-to/connect-cluster-kubectl/">How to connect to a cluster with kubectl</PreviousButton>
+  <PreviousButton to="/containers/kubernetes/how-to/revoke-kubeconfig/">How to revoke a kubeconfig of a Kapsule cluster</PreviousButton>
   <NextButton to="/containers/kubernetes/how-to/deploy-ingress-controller/">How to deploy an ingress controller</NextButton>
 </Navigation>
@@ -0,0 +1,71 @@
+---
+meta:
+  title: How to revoke a Kubeconfig of a Kubernetes cluster
+  description: This page explains how to revoke a Kubeconfig of a Kubernetes cluster
+content:
+  h1: How to revoke a Kubeconfig of a Kubernetes cluster
+  paragraph: This page explains how to revoke a Kubeconfig of a Kubernetes cluster
+tags: kubernetes cluster kubeconfig revoke iam
+dates:
+  validation: 2024-01-12
+  posted: 2024-01-12
+categories:
+  - kubernetes
+---
+
+<Macro id="iam-requirements" />
+
+<Message type="requirement">
+  - You have an account and are logged into the [Scaleway console](https://console.scaleway.com)
+  - You have [created](/containers/kubernetes/how-to/create-cluster) a Kubernetes cluster
+</Message>
+
+Scalway's managed Kubernetes now uses an [updated authentication system](/containers/kubernetes/how-to/manage-kubeconfig-with-iam/), based on IAM (Identity and Access Management) tokens. **This leads to the simultaneous existence of two authentication mechanisms.**
+
+Previously, users were limited to static admin tokens provided by Scaleway.
+
+With the new system, if a user loses access rights (e.g., departs from the Organization), the Kubernetes administrator can modify the IAM group, adjust its policy, or eliminate the user to revoke cluster access.
+This approach deviates from the previous method where the owner had to reset the admin token, affecting all other users and necessitating actions through the Scaleway console, CLI, or API methods.
+
+## How to revoke a Kubeconfig file with IAM
+
+To revoke cluster access, you have to ensure that the API key associated with it is no longer granted permission.
+
+Any of the following IAM modifications will restrict access:
+
+- Delete the API key.
+- Modify its policy to limit permissions.
+- Transfer the principal to a different group with fewer permissions.
+- Delete the principal (application or user).
+
+To permanently revoke Kubeconfig access with IAM, either delete the corresponding API key or delete the principal.
+
+## How to reset the admin token of a cluster (deprecated)
+
+<Message type="note">
+    Keep in mind that this method is deprecated and is no longer available from the Scaleway console. You can perform these actions using the CLI/API only.
+</Message>
+
+You can reset the admin token, thereby invalidating all associated legacy Kubeconfig files, through one of the following methods:
+
+<Message type="important">
+  Exercise caution as this action will restart the cluster control plane and revoke the admin authentication token. Consequently, users will no longer be able to generate legacy Kubeconfig files using an admin token (deprecated, replaced by IAM).
+</Message>
+
+### Using the CLI
+
+Run the following command to remove the admin token from a cluster:
+
+```sh
+scw k8s cluster reset-admin-token <cluster-id> region=<scw-region>
+```
+Remember to replace `<cluster-id>` with the ID and `<scw-region>` with the region of your Kubernetes cluster.
+
+### Using the API
+
+Refer to the developers documentation: [Resetting the admin token of a cluster](https://www.scaleway.com/en/developers/api/kubernetes/#path-clusters-reset-the-admin-token-of-a-cluster).
+
+<Navigation title="See Also">
+  <PreviousButton to="/containers/kubernetes/how-to/connect-cluster-kubectl/">How to connect to a cluster with kubectl</PreviousButton>
+  <NextButton to="/containers/kubernetes/how-to/deploy-image-from-container-registry/">How to deploy an image from Container Registry</NextButton>
+</Navigation>
diff --git a/menu/navigation.json b/menu/navigation.json
@@ -1465,6 +1465,10 @@
                     "label": "Connect to a cluster with kubectl",
                     "slug": "connect-cluster-kubectl"
                   },
+                  {
+                    "label": "Revoke a kubeconfig",
+                    "slug": "revoke-kubeconfig"
+                  },
                   {
                     "label": "Deploy an image from Container Registry",
                     "slug": "deploy-image-from-container-registry"