Clarify Kubernetes integration requires public/external access

cloud/integrations.mdx

@@ -48,7 +48,7 @@
   <Card title="Cloudflare" icon="cloudflare" href="#cloudflare">
 
   </Card>
   <Card title="Fastly" icon="bolt" href="#fastly">
 
   </Card>
   <Card title="DigitalOcean" icon="digital-ocean" href="#digitalocean">
@@ -192,7 +192,7 @@
   Click here to open the AWS integration configuration page in the ProjectDiscovery Cloud platform
 </Card>
 
 ProjectDiscovery's AWS integration allows the platform to automatically discover and monitor cloud assets across your AWS accounts. By connecting AWS to ProjectDiscovery, security teams and DevOps engineers gain continuous visibility into EC2 instances, S3 buckets, DNS records, and other resources without manual inventory. This integration leverages ProjectDiscovery's open-source **Cloudlist** engine to enumerate assets via AWS APIs. In short, it helps ensure no cloud asset goes unnoticed, enabling proactive security monitoring and easier management of your attack surface.
 
 <img
   src="/images/aws-integration.png"
@@ -204,7 +204,7 @@
 
 | Service                                               | Description                                   |
 | :---------------------------------------------------- | :-------------------------------------------- |
 | [EC2](https://aws.amazon.com/ec2/)                    | VM instances and their public IPs             |
 | [Route53](https://aws.amazon.com/route53/)            | DNS hosted zones and records                  |
 | [S3](https://aws.amazon.com/s3/)                      | Buckets (especially those public or with DNS) |
 | [Cloudfront](https://aws.amazon.com/cloudfront/)      | CDN distributions and their domains           |
@@ -212,8 +212,8 @@
 | [EKS](https://aws.amazon.com/eks/)                    | Kubernetes cluster endpoints                  |
 | [ELB](https://aws.amazon.com/elasticloadbalancing/)   | Load balancers (Classic ELB and ALB/NLB)      |
 | [ELBv2](https://aws.amazon.com/elasticloadbalancing/) | Load balancers (Classic ELB and ALB/NLB)      |
 | [Lambda](https://aws.amazon.com/lambda/)              | Serverless function endpoints                 |
 | [Lightsail](https://aws.amazon.com/lightsail/)        | Lightsail instances (simplified VPS)          |
 | [Apigateway](https://aws.amazon.com/api-gateway/)     | API endpoints deployed via Amazon API Gateway |
 
 By covering these services, ProjectDiscovery can map out a broad range of AWS assets in your account. (Support for additional services may be added over time.)
@@ -292,7 +292,7 @@
 - S3 - AmazonS3ReadOnlyAccess
 - Lambda - AWSLambda_ReadOnlyAccess
 - ELB - ElasticLoadBalancingReadOnly
 - Cloudfront - CloudFrontReadOnlyAccess
 
 Alternatively, you can use this custom policy for minimal permissions:
 
@@ -562,9 +562,9 @@
 2. https://docs.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az_ad_sp_create_for_rbac
 3. https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli
 
 ### Alibaba Cloud
 
 <Card title="Configure Alibaba Cloud Integration" icon="cloud" color="#FF6A00" href="https://cloud.projectdiscovery.io/assets/configure?provider=alibaba">
   Click here to open the Alibaba Cloud integration configuration page in the ProjectDiscovery Cloud platform
 </Card>
 
@@ -575,13 +575,13 @@
   style={{ width:"62%" }}
 />
 
 Supported Alibaba Cloud Services:
 
 - ECS Instances
 
 **Alibaba Integration Method**
 
 This guide details the secure, best-practice method for connecting to Alibaba Cloud using a dedicated RAM user with read-only permissions.
 
 1. **Create a RAM User for API Access:**
    - Navigate to the **RAM (Resource Access Management) console**. [Ref](https://ram.console.aliyun.com/manage/ak)
@@ -599,11 +599,11 @@
    - Select the **System Policy** type.
    - Search for and select the `AliyunReadOnlyAccess` policy and click **OK**. This is the official, managed policy for read-only access to all cloud resources.
 4. **Find Your Region ID and Connect:**
    - Identify the **Region ID** for the resources you plan to monitor. You can find the official list in the Alibaba Cloud documentation here: [Regions and zones](https://www.alibabacloud.com/help/en/doc-detail/40654.htm) (This link lists the specific IDs required for API configuration).
    - Use the credentials you have collected to fill in the fields in ProjectDiscovery:
      - **Alibaba Region ID**: The target region, for example, `us-east-1`.
      - **Alibaba Access Key**: The AccessKey ID from Step 2.
      - **Alibaba Access Key Secret**: The AccessKey Secret from Step 2.
    - Enter a unique **Integration Name** and click **Verify**.
 
 References:
@@ -630,10 +630,22 @@
 - Ingresses
 - Cross-cloud cluster discovery
 
+<Warning>
+  **Public/External Access Required**: Kubernetes integration only works with clusters that are publicly accessible or have external endpoints. Internal-only clusters (accessible only within private networks) will fail to integrate as ProjectDiscovery cannot reach them from the cloud platform.
+</Warning>
+
 **Kubernetes Integration Method**
 
+<Note>
+  **Cluster Accessibility**: Before attempting integration, ensure your Kubernetes cluster has public/external endpoints that ProjectDiscovery can access. This includes:
+  - Publicly accessible API servers
+  - External load balancers exposing services
+  - Internet-facing ingress controllers
+  - Clusters with public IP addresses
+</Note>
+
 1. **Prepare Base64-Encoded Kubeconfig**
    - Your kubeconfig file is typically located at:
 
      ```
      ~/.kube/config
@@ -643,11 +655,11 @@
      ```
      cat ~/.kube/config | base64
      ```
    - Paste the output into the **Kubeconfig** field in the UI.
 
      > ⚠️ Ensure the entire content is copied without extra whitespace.
 2. **Specify Context (Optional)**
    - If your kubeconfig has multiple contexts, find them with:
 
      ```
      kubectl config get-contexts
@@ -660,7 +672,20 @@
    - Use the relevant context name if required.
 3. **Define Integration Name & Verify**
 
-   Choose a unique, descriptive name for this integration and click \*\*Verify \*\*to complete the integration.
+   Choose a unique, descriptive name for this integration and click **Verify** to complete the integration.
+
+**Troubleshooting Integration Failures**
+
+If your Kubernetes integration fails, the most common cause is cluster accessibility:
+
+- **Internal Clusters**: Clusters only accessible within private networks (VPN, internal VPCs) cannot be reached by ProjectDiscovery
+- **Firewall Restrictions**: Ensure your cluster's API server and services are accessible from the internet
+- **Network Policies**: Check that network policies allow external access to required endpoints
+- **Load Balancer Configuration**: Verify that external load balancers are properly configured and accessible
+
+<Info>
+  **Alternative for Internal Clusters**: For internal-only Kubernetes clusters, consider using the cloud provider integration (AWS EKS, GCP GKE, Azure AKS) which can discover cluster endpoints through the cloud provider's APIs, or manually add the cluster's external endpoints as assets.
+</Info>
 
 References
 
@@ -707,7 +732,7 @@
 
 ### Fastly
 
 <Card title="Configure Fastly Integration" icon="bolt" color="#FF282D" href="https://cloud.projectdiscovery.io/assets/configure?provider=fastly">
   Click here to open the Fastly integration configuration page in the ProjectDiscovery Cloud platform
 </Card>
 
@@ -718,16 +743,16 @@
   style={{ width:"65%" }}
 />
 
 **Fastly Integration Method**
 
 - Go to Fastly [account settings](https://manage.fastly.com/account/personal).
 - Under **API**, click **Create API token** if you don’t already have one.
 - Copy the API Key.
 - Now enter API Key in ProjectDiscovery Cloud Platform.
 - Give a unique Integration name and click **Verify**.
 
   <Tip>
     Tip: In Fastly's documentation and interfaces, "API Key" and "API Token" refer to the same thing. You can use the terms interchangeably throughout this guide.
   </Tip>
 
 References: