Getting started with Managed Service for Kubernetes
Create a Managed Service for Kubernetes cluster and node group and manage them using kubectl, the Kubernetes command line tool.
Getting started
To get started with Managed Service for Kubernetes:
-
Go to the management console and log in to Yandex Cloud or sign up if not signed up yet.
-
On the Yandex Cloud Billing page, make sure you have a linked billing account and its status is
ACTIVEorTRIAL_ACTIVE. If you do not have a billing account yet, create one. -
If you do not have a folder yet, create one.
-
Install the Kubernetes CLI, kubectl.
-
Make sure you have enough resources available in the cloud.
-
If you do not have a network yet, create one.
-
If you do not have any subnets yet, create them in the availability zones where your Managed Service for Kubernetes cluster and node group will be created.
-
Create service accounts:
- Service account with the
k8s.clusters.agentandvpc.publicAdminroles for the folder where the Managed Service for Kubernetes cluster is created. This service account will be used to create the resources required for the Managed Service for Kubernetes cluster. - Service account with the container-registry.images.puller role for the folder containing the Docker image registry. Managed Service for Kubernetes nodes will pull the required Docker images from the registry on behalf of this account.
You can use the same service account for both operations.
Note
To create a cluster with tunnel mode, the cluster service account requires the
k8s.tunnelClusters.agentrole. - Service account with the
-
Configure security groups for the network traffic of your Managed Service for Kubernetes cluster.
Create a Managed Service for Kubernetes cluster
- In the management console, select the folder where you want to create a Managed Service for Kubernetes cluster.
- Select Managed Service for Kubernetes.
- Click Create cluster.
- Enter the Managed Service for Kubernetes cluster name. It must be unique within the folder.
- (Optional) Enter the Managed Service for Kubernetes cluster description.
- Service account for resources: Specify a service account with the
k8s.clusters.agentanndvpc.publicAdminroles to use for creating resources. - Service account for nodes: Specify a service account with the container-registry.images.puller role that Managed Service for Kubernetes nodes will use to access the Docker image registry.
- Specify a release channel. You will not be able to edit this setting once you create a Managed Service for Kubernetes cluster.
- Under Master configuration:
- Kubernetes version: Select a Kubernetes version to install on the Managed Service for Kubernetes master.
- Public address: Select the IP address assignment method:
Auto: Assign a random IP address from the Yandex Cloud IP pool.No address: Not to assign a public IP address.
- Type of master: Select the master type:
Basic: To create a single master host in the selected availability zone. Specify a cloud network and select a subnet for the master host.Highly available: To create a single master host in each availability zone. Specify a cloud network and subnet for each availability zone.
- Select security groups for the Managed Service for Kubernetes cluster's network traffic.
- Under Cluster network settings:
- Click Create.
For more information, see the step-by-step guide for creating a Managed Service for Kubernetes cluster.
Create a node group
To create a Managed Service for Kubernetes node group:
-
In the management console, select the folder where the required Managed Service for Kubernetes cluster was created.
-
From the list of services, select Managed Service for Kubernetes.
-
Select the Managed Service for Kubernetes cluster to create a node group for.
-
On the Managed Service for Kubernetes cluster page, go to the Node manager tab.
-
Click Create a node group.
-
Enter a name and description for the Managed Service for Kubernetes node group.
-
In the Kubernetes version field, select a Kubernetes version for Managed Service for Kubernetes nodes.
-
Under Scaling, select its type:
Fixed, to keep the number of nodes in the Managed Service for Kubernetes group constant. Specify the number of nodes in the Managed Service for Kubernetes group.Automatic, to control the number of nodes in the Managed Service for Kubernetes group via Managed Service for Kubernetes cluster autoscaling.
-
Under Changes during creation and updates, specify the maximum number of instances by which you can exceed or reduce the size of the Managed Service for Kubernetes group.
-
Under Computing resources:
- Select a platform.
- Specify the required number of vCPUs, guaranteed vCPU performance, and the amount of RAM.
- Optionally, make the VM instance preemptible by checking the relevant box.
- Optionally, enable a software-accelerated network.
-
Under Storage:
-
Specify the Disk type for the Managed Service for Kubernetes group nodes:
HDD: Standard network drive; HDD network block storage.SSD: Fast network drive; SSD network block storage.Non-replicated SSD: Network drive with enhanced performance achieved by eliminating redundancy. You can only change the size of this type of disk in 93 GB increments.SSD IO: Network drive with the same performance characteristics asNon-replicated SSD, plus redundancy. You can only change the size of this type of disk in 93 GB increments.
For more information about disk types, see the Yandex Compute Cloud documentation.
-
Specify the disk size for the Managed Service for Kubernetes group nodes.
-
-
Under Network settings:
- In the Public address field, select an IP address assignment method:
Auto: Assign a random IP address from the Yandex Cloud IP pool.No address: Not to assign a public IP address.
- Select security groups.
- Select an availability zone and subnet to deploy the Managed Service for Kubernetes group nodes in.
- In the Public address field, select an IP address assignment method:
-
Under Access, specify the information required to access the Managed Service for Kubernetes group nodes over SSH:
- Login: Enter the username.
- SSH key: Insert the contents of the public key file.
-
Click Create.
For more information, see the step-by-step guide for creating Managed Service for Kubernetes node groups.
Add credentials to the kubectl configuration file
With kubectl, you can manage the Managed Service for Kubernetes cluster. To configure the utility to work with the created cluster, add its credentials to the kubectl configuration file:
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.
-
Run this command:
yc managed-kubernetes cluster get-credentials test-k8s-cluster --externalTip
You can also run this command from the management console. Go to the Overview page for the appropriate cluster and click Get started in the top-right corner.
- By default, credentials are added to the
$HOME/.kube/configdirectory. - If you need to change the configuration location, use
--kubeconfig <file_path>.
- By default, credentials are added to the
-
Check the
kubectlconfiguration after adding the credentials:kubectl config viewResult:
apiVersion: v1 clusters: - cluster: certificate-authority-data: DATA+OMITTED ... -
Check the connection to the cluster:
kubectl get nodesThe command will return information about the node group you created:
NAME STATUS ROLES AGE VERSION cl17i6943n92********-itif Ready <none> 31m v1.13.3To learn more about connecting to a Managed Service for Kubernetes cluster, see Connection method overview.
What's next
- Read about service concepts.
- Learn how to work with a Managed Service for Kubernetes cluster and node groups.
- Read questions and answers.
- Review the recommendations for using Kubernetes.