Getting started with Managed Service for Kubernetes
Create a Managed Service for Kubernetes cluster and node group and manage them using kubectl, the Kubernetes command line tool.
Getting started
To get started with Managed Service for Kubernetes:
-
Go to the management console
and sign in to Yandex Cloud or sign up if you are not signed up yet. -
On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account yet, create one. -
If you do not have a folder yet, create one.
-
Install the Kubernetes command line tool, kubectl
. -
Make sure you have enough resources available in the cloud.
-
If you do not have a network yet, create one.
-
If you do not have any subnets, create them in the availability zones where your Managed Service for Kubernetes cluster and node group will be created.
-
Create the following service accounts:
- Service account with the
k8s.clusters.agent
andvpc.publicAdmin
roles for the folder where the Managed Service for Kubernetes cluster is created. This service account will be used to create the resources required for the Managed Service for Kubernetes cluster. - Service account with the container-registry.images.puller role for the folder containing the Docker image registry. Managed Service for Kubernetes nodes will pull the required Docker images from the registry on behalf of this account.
You can use the same service account for both operations.
Note
To create a cluster with tunnel mode, the cluster service account requires the
k8s.tunnelClusters.agent
role. - Service account with the
-
Configure security groups for the network traffic of your Managed Service for Kubernetes cluster.
Create a Managed Service for Kubernetes cluster
- In the management console, select the folder where you want to create a Managed Service for Kubernetes cluster.
- Select Managed Service for Kubernetes.
- Click Create cluster.
- Enter the Managed Service for Kubernetes cluster name. It must be unique within the folder.
- (Optional) Enter the Managed Service for Kubernetes cluster description.
- Service account for resources: Specify a service account with the
k8s.clusters.agent
anndvpc.publicAdmin
roles to use for creating resources. - Service account for nodes: Specify a service account with the container-registry.images.puller role that Managed Service for Kubernetes nodes will use to access the Docker image registry.
- Specify a release channel. You will not be able to edit this setting once you create a Managed Service for Kubernetes cluster.
- Under Master configuration:
- Kubernetes version: Select a Kubernetes version to install on the Managed Service for Kubernetes master.
- Public address: Select the IP address assignment method:
Auto
: Assign a random IP address from the Yandex Cloud IP pool.No address
: Not to assign a public IP address.
- Type of master: Select the master type:
Zonal
: To create a single master host in the selected availability zone. Specify a cloud network and select a subnet for the master host.Regional
: To create a single master host in each availability zone. Specify a cloud network and subnet for each availability zone.
- Select security groups for the Managed Service for Kubernetes cluster's network traffic.
- Under Cluster network settings:
- Click Create.
For more information, see the step-by-step guide for creating a Managed Service for Kubernetes cluster.
Create a node group
To create a Managed Service for Kubernetes node group:
-
In the management console
, select the folder where the required Managed Service for Kubernetes cluster was created. -
In the list of services, select Managed Service for Kubernetes.
-
Select the Managed Service for Kubernetes cluster to create a node group for.
-
On the Managed Service for Kubernetes cluster page, go to the
Nodes manager tab. -
Click Create a node group.
-
Enter a name and description for the Managed Service for Kubernetes node group.
-
In the Kubernetes version field, select a Kubernetes version for Managed Service for Kubernetes nodes.
-
Under Scaling, select its type:
Fixed
, to keep the number of nodes in the Managed Service for Kubernetes group constant. Specify the number of nodes in the Managed Service for Kubernetes group.Automatic
, to control the number of nodes in the Managed Service for Kubernetes group via Managed Service for Kubernetes cluster autoscaling.
-
Under Allow when creating and updating, specify the maximum number of instances by which you can exceed or reduce the size of the Managed Service for Kubernetes group.
-
Under Computing resources:
- Choose a platform.
- Specify the required number of vCPUs, guaranteed vCPU performance, and the amount of RAM.
- (Optional) Specify that the VM must be preemptible.
- (Optional) Enable a software-accelerated network.
-
Under Storage:
-
Specify the Disk type for the Managed Service for Kubernetes group nodes:
HDD
: Standard network drive; network block storage on an HDD.SSD
: Fast network drive; network block storage on an SSD.Non-replicated SSD
: Network drive with enhanced performance achieved by removing redundancy. You can only change the size of this type of disk in 93 GB increments.SSD IO
: Network drive with the same performance characteristics asNon-replicated SSD
, plus redundancy. You can only change the size of this type of disk in 93 GB increments.
For more information about disk types, see the Yandex Compute Cloud documentation.
-
Specify the disk size for the Managed Service for Kubernetes group nodes.
-
-
Under Network settings:
- In the Public address field, choose a method for IP address assignment:
Auto
: Assign a random IP address from the Yandex Cloud IP pool.No address
: Not to assign a public IP address.
- Select security groups.
- Select an availability zone and subnet to deploy the Managed Service for Kubernetes group nodes in.
- In the Public address field, choose a method for IP address assignment:
-
Under Access, specify the information required to access the Managed Service for Kubernetes group nodes over SSH:
- Login: Enter the username.
- SSH key: Insert the contents of the public key file.
-
Click Create.
For more information, see the step-by-step guide for creating Managed Service for Kubernetes node groups.
kubectl
configuration file
Add credentials to the With kubectl, you can manage the Managed Service for Kubernetes cluster. To configure the utility to work with the created cluster, add its credentials to the kubectl configuration file:
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
Run this command:
yc managed-kubernetes cluster get-credentials test-k8s-cluster --external
Tip
You can also run this command from the management console
. Go to the Overview page for the appropriate cluster and click Get started in the top-right corner.- By default, credentials are added to the
$HOME/.kube/config
directory. - If you need to change the configuration location, use
--kubeconfig <file_path>
.
- By default, credentials are added to the
-
Check the
kubectl
configuration after adding the credentials:kubectl config view
Result:
apiVersion: v1 clusters: - cluster: certificate-authority-data: DATA+OMITTED ...
-
Check the connection to the cluster:
kubectl get nodes
The command will return information about the node group you created:
NAME STATUS ROLES AGE VERSION cl17i6943n92********-itif Ready <none> 31m v1.13.3
To learn more about connecting to a Managed Service for Kubernetes cluster, see Connection method overview.
What's next
- Read about service concepts.
- Learn how to work with a Managed Service for Kubernetes cluster and node groups.
- Read questions and answers.
- Review the recommendations for using Kubernetes.