diff --git a/pages/kubernetes/reference-content/secure-cluster-with-private-network.mdx b/pages/kubernetes/reference-content/secure-cluster-with-private-network.mdx
index 5ae44d6846..9537de49f9 100644
--- a/pages/kubernetes/reference-content/secure-cluster-with-private-network.mdx
+++ b/pages/kubernetes/reference-content/secure-cluster-with-private-network.mdx
@@ -38,7 +38,7 @@ Worker node pools with controlled isolation inside a Private Network have both p
| Isolation | Controlled isolation
(default) | Full isolation
(optional) | None
(deprecated) |
|-------------|-------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------|----------------------------------------------|
-| Description | Worker nodes are assigned both private IPs and public IPs.
All inbound traffic on the public interface is dropped by default using Security Groups. | The control plane and worker nodes are set without public IPs (100% private network).
A [Public Gateway](/public-gateways/how-to/configure-a-public-gateway/) is required. | Clusters without a Private Network attached.
Nodes have public-only endpoints. |
+| Description | Worker nodes are assigned both private IPs and public IPs.
All inbound traffic on the public interface is dropped by default using security groups. | The worker nodes are set without public IPs (100% private network), with the control plane getting a public IP.
A [Public Gateway](/public-gateways/how-to/configure-a-public-gateway/) is required. | Clusters without a Private Network attached.
Nodes have public-only endpoints. |
| Benefits | 1. Strong security
2. Dynamic public IPs to reach out to external providers while avoiding rate limiting | 1. Maximum security
2. A stable egress IP for secure connection to external providers | n/a |
| Notice | Default choice for new clusters. Can be used in combination with pools using full isolation. | Requires a Public Gateway, which incurs additional costs. | Deprecated in October 2023. |
@@ -54,11 +54,11 @@ Worker node pools with controlled isolation inside a Private Network have both p
### Can I use a Public Gateway with my Private Network to exit all outgoing traffic from the nodes?
-Yes, you are required to attach a Private Gateway when setting up a node pool with [full isolation](#what-is-the-difference-between-controlled-isolation-and-full-isolation). This allows Kapsule nodes with private IPs to route their outgoing traffic through the Public Gateway. For detailed steps on setting up a Public Gateway, refer to our [Public Gateway documentation](/public-gateways/how-to/configure-a-public-gateway/).
+Yes, you are required to attach a Public Gateway when setting up a node pool with [full isolation](#what-is-the-difference-between-controlled-isolation-and-full-isolation). This allows Kapsule nodes with private IPs to route their outgoing traffic through the Public Gateway. For detailed steps on setting up a Public Gateway, refer to our [Public Gateway documentation](/public-gateways/how-to/configure-a-public-gateway/).
Keep in mind that removing or detaching the Public Gateway from the Private Network can cause a single point of failure in the cluster, preventing fully isolated node pools from accessing the control plane.
- To use a Public Gateway with a Private Network on a Kapsule cluster, make sure that
+ To use a Public Gateway with a Private Network on a Kapsule cluster, make sure that:
* The Public Gateway is located in the same region as the Kapsule cluster.
* [Dynamic NAT must be activated](/public-gateways/concepts/#nat) (enabled by default).
* [Advertise DefaultRoute must be activated](/public-gateways/concepts/#default-route) (enabled by default).
@@ -102,7 +102,7 @@ curl --request POST \
- - This action adds a new endpoint. If you want to use it in your environment, you need to update the endpoint in your configuration.
+ This action adds a new endpoint. If you want to use it in your environment, you need to update the endpoint in your configuration.
Refer to the [Managed Database for PostgreSQL and MySQL API documentation](https://www.scaleway.com/en/developers/api/managed-databases-for-postgresql-and-mysql/#path-endpoints-create-a-new-database-instance-endpoint) for further information.
@@ -111,7 +111,7 @@ Refer to the [Managed Database for PostgreSQL and MySQL API documentation](https
Managed Load Balancers support Private Networks with private backends and public frontends, meaning the traffic is forwarded to your worker nodes through your clusters' Private Network.
-Additionally, [private Load Balancers](/load-balancer/concepts/#private-load-balancer) are supported. These Load Balancers have no public IPs in either their back or frontends.
+Additionally, [private Load Balancers](/load-balancer/concepts/#private-load-balancer) are supported. These Load Balancers have no public IPs in either their back- or frontends.
If you have a trusted IP configured on your ingress controller, note that the request will come from a private IP.
@@ -199,9 +199,9 @@ You can find a Terraform/OpenTofu configuration example below:
## Is the control plane also located inside the Private Network?
-The control plane and worker nodes are located in your cluster's Private Network. You can reach the control plane for nodes using [full isolation](#what-is-the-difference-between-controlled-isolation-and-full-isolation) by adding a [Public Gateway](/public-gateways/how-to/configure-a-public-gateway/) to the cluster.
+The control plane and worker nodes are located in your Kubernetes Kapsule cluster's Private Network. You can reach the control plane for nodes using [full isolation](#what-is-the-difference-between-controlled-isolation-and-full-isolation) by adding a [Public Gateway](/public-gateways/how-to/configure-a-public-gateway/) to the cluster.
## Are there additional options for isolation?
-- You can restrict and allow a range of IPs to control who can access the API server of your fully isolated clusters. [Learn how to manage allowed IPs](/kubernetes/how-to/manage-allowed-ips)
+- You can restrict and allow a range of IPs to control who can access the API server of your fully isolated clusters. [Learn how to manage allowed IPs](/kubernetes/how-to/manage-allowed-ips).
- The CNI’s network policies will restrict/allow a range of IPs or ports to control who can access the API server.
\ No newline at end of file