Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[K8S] Documentation kubeconfig with IAM #2575

Draft
wants to merge 23 commits into
base: main
Choose a base branch
from
Draft

[K8S] Documentation kubeconfig with IAM #2575

wants to merge 23 commits into from

Conversation

bene2k1
Copy link
Member

@bene2k1 bene2k1 commented Jan 3, 2024

Your checklist for this pull request

Description

Please describe what you added or changed.

@bene2k1 bene2k1 added do not merge PR that shouldn't be merged before a specific date (eg release) status: draft Work in progress - do not merge or review labels Jan 3, 2024
@bene2k1 bene2k1 marked this pull request as ready for review January 9, 2024 15:17
@bene2k1 bene2k1 removed the status: draft Work in progress - do not merge or review label Jan 9, 2024
@bene2k1 bene2k1 requested review from RoRoJ and SamyOubouaziz January 9, 2024 15:18
@bene2k1 bene2k1 changed the title docs(k8s): kubeconfig with iam feat(k8s): kubeconfig with iam Jan 9, 2024
ldecarvalho-doc
ldecarvalho-doc reviewed Jan 9, 2024
View reviewed changes
containers/kubernetes/how-to/manage-kubeconfig-with-iam.mdx Outdated Show resolved Hide resolved
containers/kubernetes/how-to/manage-kubeconfig-with-iam.mdx Outdated Show resolved Hide resolved
containers/kubernetes/how-to/manage-kubeconfig-with-iam.mdx Outdated Show resolved Hide resolved
containers/kubernetes/how-to/manage-kubeconfig-with-iam.mdx Outdated Show resolved Hide resolved
containers/kubernetes/reference-content/set-iam-permissions-and-implement-rbac.mdx Outdated Show resolved Hide resolved
containers/kubernetes/reference-content/set-iam-permissions-and-implement-rbac.mdx Outdated Show resolved Hide resolved
containers/kubernetes/reference-content/set-iam-permissions-and-implement-rbac.mdx Outdated Show resolved Hide resolved
containers/kubernetes/reference-content/set-iam-permissions-and-implement-rbac.mdx Outdated Show resolved Hide resolved
containers/kubernetes/reference-content/set-iam-permissions-and-implement-rbac.mdx Outdated Show resolved Hide resolved
containers/kubernetes/reference-content/set-iam-permissions-and-implement-rbac.mdx Outdated Show resolved Hide resolved
@bene2k1 bene2k1 changed the title feat(k8s): kubeconfig with iam [K8S] Documentation kubeconfig with IAM Jan 31, 2024
bene2k1 and others added 14 commits July 30, 2024 11:37
@bene2k1
Apply suggestions from code review
b414214
@bene2k1 @jcirinosclwy
Update containers/kubernetes/reference-content/set-iam-permissions-an…
6a5b1df 
…d-implement-rbac.mdx

Co-authored-by: Jessica <[email protected]>
@bene2k1
Apply suggestions from code review
1e1b9cb
@bene2k1
fix typo
d0236d7
@bene2k1
Update containers/kubernetes/reference-content/set-iam-permissions-an…
2b46079 
…d-implement-rbac.mdx
@bene2k1 @jcirinosclwy
Apply suggestions from code review
e729fc7 
Co-authored-by: Jessica <[email protected]>
@bene2k1 @nerda-codes
Apply suggestions from code review
52d77a9 
Co-authored-by: nerda-codes <[email protected]>
@bene2k1
added link
5128011
@bene2k1 @ldecarvalho-doc
Apply suggestions from code review
4868e27 
Co-authored-by: ldecarvalho-doc <[email protected]>
@bene2k1 @ldecarvalho-doc
Apply suggestions from code review
6451b43 
Co-authored-by: ldecarvalho-doc <[email protected]>
@bene2k1
fixed permission set order
1edbe0b
@bene2k1
add link
fce331f
@bene2k1
Apply suggestions from code review
2081f99
@bene2k1
Update containers/kubernetes/how-to/edit-kosmos-cluster.mdx
1d8177a
@bene2k1 bene2k1 marked this pull request as draft September 30, 2024 08:50
@github-actions github-actions bot added the status: draft Work in progress - do not merge or review label Sep 30, 2024
jcirinosclwy
jcirinosclwy reviewed Dec 2, 2024
View reviewed changes
containers/kubernetes/how-to/manage-kubeconfig-with-iam.mdx
<Macro id="iam-requirements" />

<Message type="requirement">
- You have an account and are logged into the [Scaleway console](https://console.scaleway.com)
Copy link
Collaborator

@jcirinosclwy jcirinosclwy Dec 2, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- You have an account and are logged into the [Scaleway console](https://console.scaleway.com)
- A Scaleway account logged into the [console](https://console.scaleway.com)

jcirinosclwy
jcirinosclwy reviewed Dec 2, 2024
View reviewed changes
containers/kubernetes/how-to/manage-kubeconfig-with-iam.mdx

<Message type="requirement">
- You have an account and are logged into the [Scaleway console](https://console.scaleway.com)
- You have [created](/containers/kubernetes/how-to/create-cluster) a Kubernetes Kapsule cluster
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- You have [created](/containers/kubernetes/how-to/create-cluster) a Kubernetes Kapsule cluster
- [Created](/containers/kubernetes/how-to/create-cluster) a Kubernetes Kapsule cluster

jcirinosclwy
jcirinosclwy reviewed Dec 2, 2024
View reviewed changes
containers/kubernetes/how-to/manage-kubeconfig-with-iam.mdx
- kubernetes
---


Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

jcirinosclwy
jcirinosclwy reviewed Dec 2, 2024
View reviewed changes
containers/kubernetes/how-to/manage-kubeconfig-with-iam.mdx
- Applications within the cluster are authenticated using specific tokens.
- This authentication method is particularly useful when a pod needs to interact with the Kubernetes API, as it can authenticate using its associated [Service Account](https://kubernetes.io/docs/concepts/security/service-accounts/).

[Identity and Access Management (IAM)](https://www.scaleway.com/en/docs/identity-and-access-management/iam/concepts/#iam) provides control over resource access. IAM policies enable the configuration of permissions for Kubernetes Kapsule clusters at the Project level.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
[Identity and Access Management (IAM)](https://www.scaleway.com/en/docs/identity-and-access-management/iam/concepts/#iam) provides control over resource access. IAM policies enable the configuration of permissions for Kubernetes Kapsule clusters at the Project level.
[Identity and Access Management (IAM)](/identity-and-access-management/iam/concepts/#iam) provides control over resource access. IAM policies enable the configuration of permissions for Kubernetes Kapsule clusters at the Project level.

jcirinosclwy
jcirinosclwy reviewed Dec 2, 2024
View reviewed changes
containers/kubernetes/how-to/manage-kubeconfig-with-iam.mdx

[Identity and Access Management (IAM)](https://www.scaleway.com/en/docs/identity-and-access-management/iam/concepts/#iam) provides control over resource access. IAM policies enable the configuration of permissions for Kubernetes Kapsule clusters at the Project level.

An [IAM policy](https://www.scaleway.com/en/docs/identity-and-access-management/iam/concepts/#policy) defines the permissions for users, groups, and applications within an Organization. It consists of a [principal](https://www.scaleway.com/en/docs/identity-and-access-management/iam/concepts/#principal) (the user, group, or application to which it applies) and IAM rules that specify permission sets and their scope.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
An [IAM policy](https://www.scaleway.com/en/docs/identity-and-access-management/iam/concepts/#policy) defines the permissions for users, groups, and applications within an Organization. It consists of a [principal](https://www.scaleway.com/en/docs/identity-and-access-management/iam/concepts/#principal) (the user, group, or application to which it applies) and IAM rules that specify permission sets and their scope.
An [IAM policy](/identity-and-access-management/iam/concepts/#policy) defines the permissions for users, groups, and applications within an Organization. It consists of a [principal](/identity-and-access-management/iam/concepts/#principal) (the user, group, or application to which it applies) and IAM rules that specify permission sets and their scope.

jcirinosclwy
jcirinosclwy reviewed Dec 2, 2024
View reviewed changes
containers/kubernetes/how-to/manage-kubeconfig-with-iam.mdx
The [combination of IAM and Kubernetes RBAC (Role-based Acccess Control)](/containers/kubernetes/reference-content/set-iam-permissions-and-implement-rbac/) allows you to define fine-grained access levels for cluster users.

<Message type="important">
Entering a deprecation cycle, the former authentication system (using static admin tokens) remains active until the second half of 2024: all your legacy Kubeconfig files keep access to their clusters for the time being. For security purposes, you can still use the ["reset admin token" feature](/containers/kubernetes/how-to/revoke-kubeconfig/), either through our Kubernetes API or Scaleway’s CLI.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it really second half of 2024? Or Q1 2025, as we're mentioning on the console?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcirinosclwy jcirinosclwy jcirinosclwy approved these changes

@nerda-codes nerda-codes nerda-codes left review comments

@ldecarvalho-doc ldecarvalho-doc ldecarvalho-doc left review comments

@RoRoJ RoRoJ RoRoJ approved these changes

@SamyOubouaziz SamyOubouaziz Awaiting requested review from SamyOubouaziz

Assignees
No one assigned
Labels
do not merge PR that shouldn't be merged before a specific date (eg release) status: draft Work in progress - do not merge or review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@bene2k1 @RoRoJ @ldecarvalho-doc @nerda-codes @jcirinosclwy