Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
  • Blog
  • Pricing
  • Documentation
Yandex project
© 2025 Yandex.Cloud LLC
Yandex Managed Service for Kubernetes
  • Comparison with other Yandex Cloud services
  • Getting started
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes

In this article:

  • Getting started
  • Create a Managed Service for Kubernetes cluster
  • Create a node group
  • Add credentials to the kubectl configuration file
  • What's next

Getting started with Managed Service for Kubernetes

Written by
Yandex Cloud
Updated at May 5, 2025
  • Getting started
  • Create a Managed Service for Kubernetes cluster
  • Create a node group
  • Add credentials to the kubectl configuration file
  • What's next

Create a Managed Service for Kubernetes cluster and node group and manage them using kubectl, the Kubernetes command line tool.

Getting startedGetting started

To get started with Managed Service for Kubernetes:

  1. Go to the management console and log in to Yandex Cloud or sign up if not signed up yet.

  2. On the Yandex Cloud Billing page, make sure you have a linked billing account and its status is ACTIVE or TRIAL_ACTIVE. If you do not have a billing account yet, create one.

  3. If you do not have a folder yet, create one.

  4. Install the Kubernetes CLI, kubectl.

  5. Make sure you have enough resources available in the cloud.

  6. If you do not have a network yet, create one.

  7. If you do not have any subnets yet, create them in the availability zones where your Managed Service for Kubernetes cluster and node group will be created.

  8. Create service accounts:

    • Service account with the k8s.clusters.agent and vpc.publicAdmin roles for the folder where the Managed Service for Kubernetes cluster is created. This service account will be used to create the resources required for the Managed Service for Kubernetes cluster.
    • Service account with the container-registry.images.puller role for the folder containing the Docker image registry. Managed Service for Kubernetes nodes will pull the required Docker images from the registry on behalf of this account.

    You can use the same service account for both operations.

    Note

    To create a cluster with tunnel mode, the cluster service account requires the k8s.tunnelClusters.agent role.

  9. Configure security groups for the network traffic of your Managed Service for Kubernetes cluster.

Create a Managed Service for Kubernetes clusterCreate a Managed Service for Kubernetes cluster

  1. In the management console, select the folder where you want to create a Managed Service for Kubernetes cluster.
  2. Select Managed Service for Kubernetes.
  3. Click Create cluster.
  4. Enter the Managed Service for Kubernetes cluster name. It must be unique within the folder.
  5. (Optional) Enter the Managed Service for Kubernetes cluster description.
  6. Service account for resources: Specify a service account with the k8s.clusters.agent annd vpc.publicAdmin roles to use for creating resources.
  7. Service account for nodes: Specify a service account with the container-registry.images.puller role that Managed Service for Kubernetes nodes will use to access the Docker image registry.
  8. Specify a release channel. You will not be able to edit this setting once you create a Managed Service for Kubernetes cluster.
  9. Under Master configuration:
    • Kubernetes version: Select a Kubernetes version to install on the Managed Service for Kubernetes master.
    • Public address: Select the IP address assignment method:
      • Auto: Assign a random IP address from the Yandex Cloud IP pool.
      • No address: Not to assign a public IP address.
    • Type of master: Select the master type:
      • Basic: To create a single master host in the selected availability zone. Specify a cloud network and select a subnet for the master host.
      • Highly available: To create a single master host in each availability zone. Specify a cloud network and subnet for each availability zone.
    • Select security groups for the Managed Service for Kubernetes cluster's network traffic.
  10. Under Cluster network settings:
    • CIDR cluster: Specify an IP range to allocate addresses to pods from.
    • CIDR services: Specify an IP range to allocate IP addresses to services from.
    • Set the Managed Service for Kubernetes node subnet mask and the maximum number of pods per node.
  11. Click Create.

For more information, see the step-by-step guide for creating a Managed Service for Kubernetes cluster.

Create a node groupCreate a node group

To create a Managed Service for Kubernetes node group:

  1. In the management console, select the folder where the required Managed Service for Kubernetes cluster was created.

  2. From the list of services, select Managed Service for Kubernetes.

  3. Select the Managed Service for Kubernetes cluster to create a node group for.

  4. On the Managed Service for Kubernetes cluster page, go to the Node manager tab.

  5. Click Create a node group.

  6. Enter a name and description for the Managed Service for Kubernetes node group.

  7. In the Kubernetes version field, select a Kubernetes version for Managed Service for Kubernetes nodes.

  8. Under Scaling, select its type:

    • Fixed, to keep the number of nodes in the Managed Service for Kubernetes group constant. Specify the number of nodes in the Managed Service for Kubernetes group.
    • Automatic, to control the number of nodes in the Managed Service for Kubernetes group via Managed Service for Kubernetes cluster autoscaling.
  9. Under Changes during creation and updates, specify the maximum number of instances by which you can exceed or reduce the size of the Managed Service for Kubernetes group.

  10. Under Computing resources:

    • Select a platform.
    • Specify the required number of vCPUs, guaranteed vCPU performance, and the amount of RAM.
    • Optionally, make the VM instance preemptible by checking the relevant box.
    • Optionally, enable a software-accelerated network.
  11. Under Storage:

    • Specify the Disk type for the Managed Service for Kubernetes group nodes:

      • HDD: Standard network drive; HDD network block storage.
      • SSD: Fast network drive; SSD network block storage.
      • Non-replicated SSD: Network drive with enhanced performance achieved by eliminating redundancy. You can only change the size of this type of disk in 93 GB increments.
      • SSD IO: Network drive with the same performance characteristics as Non-replicated SSD, plus redundancy. You can only change the size of this type of disk in 93 GB increments.

      For more information about disk types, see the Yandex Compute Cloud documentation.

    • Specify the disk size for the Managed Service for Kubernetes group nodes.

  12. Under Network settings:

    • In the Public address field, select an IP address assignment method:
      • Auto: Assign a random IP address from the Yandex Cloud IP pool.
      • No address: Not to assign a public IP address.
    • Select security groups.
    • Select an availability zone and subnet to deploy the Managed Service for Kubernetes group nodes in.
  13. Under Access, specify the information required to access the Managed Service for Kubernetes group nodes over SSH:

    • Login: Enter the username.
    • SSH key: Insert the contents of the public key file.
  14. Click Create.

For more information, see the step-by-step guide for creating Managed Service for Kubernetes node groups.

Add credentials to the kubectl configuration fileAdd credentials to the kubectl configuration file

With kubectl, you can manage the Managed Service for Kubernetes cluster. To configure the utility to work with the created cluster, add its credentials to the kubectl configuration file:

CLI

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. Run this command:

    yc managed-kubernetes cluster get-credentials test-k8s-cluster --external
    

    Tip

    You can also run this command from the management console. Go to the Overview page for the appropriate cluster and click Get started in the top-right corner.

    • By default, credentials are added to the $HOME/.kube/config directory.
    • If you need to change the configuration location, use --kubeconfig <file_path>.
  2. Check the kubectl configuration after adding the credentials:

    kubectl config view
    

    Result:

    apiVersion: v1
    clusters:
      - cluster:
        certificate-authority-data: DATA+OMITTED
    ...
    
  3. Check the connection to the cluster:

    kubectl get nodes
    

    The command will return information about the node group you created:

    NAME                       STATUS  ROLES   AGE  VERSION
    cl17i6943n92********-itif  Ready   <none>  31m  v1.13.3
    

    To learn more about connecting to a Managed Service for Kubernetes cluster, see Connection method overview.

What's nextWhat's next

  • Read about service concepts.
  • Learn how to work with a Managed Service for Kubernetes cluster and node groups.
  • Read questions and answers.
  • Review the recommendations for using Kubernetes.

Was the article helpful?

Previous
Comparison with other Yandex Cloud services
Next
All guides
Yandex project
© 2025 Yandex.Cloud LLC