Contact UsGet started

Getting started with Managed Service for Kubernetes

Written by
Updated at July 8, 2024

Create a Managed Service for Kubernetes cluster and node group and manage them using kubectl, the Kubernetes command line tool.

Getting started

To get started with Managed Service for Kubernetes:

  1. Go to the management console and sign in to Yandex Cloud or sign up if you are not signed up yet.

  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account yet, create one.

  3. If you do not have a folder yet, create one.

  4. Install the Kubernetes command line tool, kubectl.

  5. Make sure you have enough resources available in the cloud.

  6. If you do not have a network yet, create one.

  7. If you do not have any subnets, create them in the availability zones where your Managed Service for Kubernetes cluster and node group will be created.

  8. Create the following service accounts:

    • Service account with the k8s.clusters.agent and vpc.publicAdmin roles for the folder where the Managed Service for Kubernetes cluster is created. This service account will be used to create the resources required for the Managed Service for Kubernetes cluster.
    • Service account with the container-registry.images.puller role for the folder containing the Docker image registry. Managed Service for Kubernetes nodes will pull the required Docker images from the registry on behalf of this account.

    You can use the same service account for both operations.

    Note

    To create a cluster with tunnel mode, the cluster service account requires the k8s.tunnelClusters.agent role.

  9. Configure security groups for the network traffic of your Managed Service for Kubernetes cluster.

Create a Managed Service for Kubernetes cluster

  1. In the management console, select the folder where you want to create a Managed Service for Kubernetes cluster.
  2. Select Managed Service for Kubernetes.
  3. Click Create cluster.
  4. Enter the Managed Service for Kubernetes cluster name. It must be unique within the folder.
  5. (Optional) Enter the Managed Service for Kubernetes cluster description.
  6. Service account for resources: Specify a service account with the k8s.clusters.agent and vpc.publicAdmin roles which you intend to use to create resources.
  7. Service account for nodes: Specify a service account with the container-registry.images.puller role that Managed Service for Kubernetes nodes will use to access the Docker image registry.
  8. Specify a release channel. You cannot edit this setting after you create a Managed Service for Kubernetes cluster.
  9. Under Master configuration:
    • Kubernetes version: Select a Kubernetes version to install on the Managed Service for Kubernetes master.
    • Public address: Select the IP address assignment method:
      • Auto: Assign a random IP address from the Yandex Cloud IP pool.
      • No address: Do not assign a public IP address.
    • Type of master: Select the master type:
      • Zonal: To create a single master host in the selected availability zone. Specify a cloud network and select a subnet for the master host.
      • Regional: To create a single master host in each availability zone. Specify a cloud network and subnet for each availability zone.
    • Select security groups for the Managed Service for Kubernetes cluster's network traffic.
  10. Under Cluster network settings:
    • CIDR cluster: Specify an IP range to allocate addresses to pods from.
    • CIDR services: Specify an IP range to allocate IP addresses to services from.
    • Set the Managed Service for Kubernetes node subnet mask and the maximum number of pods per node.
  11. Click Create.

For more information, see the step-by-step guide for creating a Managed Service for Kubernetes cluster.

Add credentials to the kubectl configuration file

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

To add Managed Service for Kubernetes cluster credentials to the kubectl configuration file:

  1. Run this command:

    yc managed-kubernetes cluster get-credentials test-k8s-cluster --external
    • By default, credentials are added to the $HOME/.kube/config directory.
    • If you need to change the configuration location, use the --kubeconfig <file_path> flag.

  2. Check the kubectl configuration after adding the credentials:

    kubectl config view

    Result:

    apiVersion: v1
clusters:
  - cluster:
    certificate-authority-data: DATA+OMITTED
...

Create a node group

To create a Managed Service for Kubernetes node group:

  1. In the management console, select the folder where the required Managed Service for Kubernetes cluster was created.

  2. In the list of services, select Managed Service for Kubernetes.

  3. Select the Managed Service for Kubernetes cluster to create a node group for.

  4. On the Managed Service for Kubernetes cluster page, click the Nodes manager tab.

  5. Click Create a node group.

  6. Enter a name and description for the Managed Service for Kubernetes node group.

  7. In the Kubernetes version field, select a Kubernetes version for Managed Service for Kubernetes nodes.

  8. Under Scaling, select its type:

    • Fixed, to keep the number of nodes in the Managed Service for Kubernetes group constant. Specify the number of nodes in the Managed Service for Kubernetes group.
    • Automatic, to control the number of nodes in the Managed Service for Kubernetes group via Managed Service for Kubernetes cluster autoscaling.

  9. Under Allow when creating and updating, specify the maximum number of instances by which you can exceed or decrease the size of the Managed Service for Kubernetes group.

  10. Under Computing resources:

  11. Under Storage:

    • Specify the Disk type for the Managed Service for Kubernetes group nodes:

      • HDD: Standard network drive; network block storage on an HDD.
      • SSD: Fast network drive; network block storage on an SSD.
      • Non-replicated SSD: Network drive with enhanced performance achieved by removing redundancy. You can only change the size of this type of disk in 93 GB increments.
      • SSD IO: Network drive with the same performance characteristics as Non-replicated SSD, plus redundancy. You can only change the size of this type of disk in 93 GB increments.

      For more information about disk types, see the Yandex Compute Cloud documentation.

    • Specify the disk size for the Managed Service for Kubernetes group nodes.

  12. Under Network settings:

    • In the Public address field, choose a method for IP address assignment:
      • Auto: Assign a random IP address from the Yandex Cloud IP pool.
      • No address: Do not assign a public IP address.
    • Select security groups.
    • Select an availability zone and subnet to deploy the Managed Service for Kubernetes group nodes in.

  13. Under Access, specify the information required to access the Managed Service for Kubernetes group nodes over SSH:

    • Login: Enter the username.
    • SSH key: Insert the contents of the public key file.

  14. Click Create.

For more information, see the step-by-step guide for creating Managed Service for Kubernetes node groups.

What's next

Previous
Comparison with other Yandex Cloud services
Next
All guides