scaleway · bene2k1 · Jan 15, 2025 · Jan 15, 2025 · Jan 16, 2025 · Jan 16, 2025
@@ -1,45 +1,79 @@
 ---
 meta:
-  title: How to connect to a cluster with kubectl
+  title: How to connect to a Kubernetes Kapsule cluster with kubectl
   description: Learn how to connect to a Kubernetes cluster using kubectl. Follow steps to manage cluster resources, deploy applications, and view logs easily from your local computer.
 content:
-  h1: How to connect to a cluster with kubectl
-  paragraph: This page explains how to connect to a Kubernetes cluster via kubectl
+  h1: How to connect to a Kubernetes Kapsule cluster with kubectl
+  paragraph: This guide details the steps to connect to a Kubernetes cluster using kubectl, the Kubernetes command-line tool.
 tags: connection cluster kubectl
 dates:
-  validation: 2024-11-18
+  validation: 2025-01-15
   posted: 2020-09-20
 categories:
   - kubernetes
 ---
 
-Once your [cluster is created](/containers/kubernetes/how-to/create-cluster/), a `.kubeconfig` file is available for download to manage several Kubernetes clusters. You can use this with `kubectl`, the Kubernetes command line tool, allowing you to run commands against your Kubernetes clusters. You can use `kubectl` from a terminal on your local computer to deploy applications, inspect and manage cluster resources, and view logs.
+Once your [cluster is created](/containers/kubernetes/how-to/create-cluster/), you can install a `kubeconfig` file unsing Scaleway's command-line tool on your local machine to manage your Kubernetes cluster.
+
+You can use this with `kubectl`, the Kubernetes command-line tool, allowing you to run commands against your Kubernetes cluster. This enables you to deploy applications, inspect and manage cluster resources, and view logs directly from your local machine.
 
 <Macro id="requirements" />
 
-- A Scaleway account logged into the [console](https://console.scaleway.com)
-- [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization
-- Created a [Kubernetes Kapsule cluster](/containers/kubernetes/how-to/create-cluster/)
+- A [Scaleway account](https://console.scaleway.com) logged into the console.
+- [Owner status](https://console.scaleway.com) or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) to perform actions in the intended Organization.
+- A [Kubernetes Kapsule cluster](/containers/kubernetes/how-to/create-cluster/) created.
+- [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally.
+- The [Scaleway CLI](/developer-tools/scaleway-cli/quickstart/) installed locally.
+
+## Setting fine-grained permissions (IAM Policies) for Kubernetes access
+
+If your Organization uses IAM to control access, ensure that you or your group/application has the following permission sets assigned at the Project scope:
+
+- `KubernetesFullAccess` (or `KubernetesReadOnly`, depending on your needs):
+  Grants you the ability to manage (or list/read) Kubernetes clusters, nodes, and related actions in your Scaleway Project.
+
+To create a new policy with the correct permission sets, follow these steps:
+
+### Key elements of IAM Policy configuration
+
+1. **Create a new policy**: Navigate to the **Policies** tab in your Organization’s IAM console and create a new policy.
+2. **Add your user (or group/application)**: Assign your user, group, or application as the **Principal**.
+3. **Add an IAM rule**:
+   - **Scope**: Set to **Access to resources** and specify the desired Project(s).
+   - **Permission Sets**: Include the following as needed:
+     - `KubernetesFullAccess` for full cluster management.
+     - `KubernetesReadOnly` for read-only access.
+4. Click **Validate** and then **Create Policy**.
+
+Refer to our [policy and permission sets documentation](/identity-and-access-management/iam/reference-content/permission-sets/) for more details.
+
+## Accessing the cluster
+
+You can use the Scaleway CLI to retrieve (and merge) your `kubeconfig` file automatically, then interact with your Kubernetes cluster.
 
-1. [Install kubectl](https://kubernetes.io/docs/tasks/tools/) on your local computer.
-2. Download the `.kubeconfig` files from your cluster's **overview** page:
-    <Lightbox src="scaleway-kapsule_kubeconfig.webp" alt="" />
-3. Configure access to your cluster. You can do this in one of two ways:
+### Install and configure the Scaleway CLI
 
-    Set the `KUBECONFIG` environment variable:
-    ```
-    export KUBECONFIG=/$HOME/Downloads/Kubeconfig-ClusterName.yaml
-    ```
+If you have not set up the Scaleway CLI yet:
 
-    Or use `use $HOME/.kube/config file`:
-    ```
-    mv $HOME/Downloads/Kubeconfig-ClusterName.yaml $HOME/.kube/config
-    ```
+1. Follow our [installation guide](/developer-tools/scaleway-cli/quickstart) for platform-specific instructions using Homebrew, Chocolatey, or manual methods.
+2. Run the following command and follow the prompts to set up your CLI with your Scaleway API keys:
+   ```bash
+   scw init
+   ```
+   You will need your [API Key](https://identity-and-access-management/iam/how-to/#creating-API-keys) (Access Key & Secret Key).
 
-    Either way, make sure you replace `/$HOME/Downloads/Kubeconfig-ClusterName.yaml` with the correct name and path of your downloaded `.kubeconfig` file.
-4. Run the following command to finish:
-    ```
-    kubectl get nodes
-    ```
+### Retrieve and install the kubeconfig using `scw`
 
+1. Run the following command to install the kubeconfig file for your cluster:
+   ```bash
+   scw k8s kubeconfig install <cluster-id>
+   ```
+   This command will:
+   - Download the `kubeconfig` for the specified cluster.
+   - Merge it into your existing kubeconfig file (default location: `~/.kube/config`).
 
+2. Verify the installation:
+   ```bash
+   kubectl get nodes
+   ```
+   A list of nodes from your Kapsule cluster should appear. If not, review the troubleshooting section.