Creating a product for Managed Service for Kubernetes
To add a software product for Managed Service for Kubernetes in Marketplace, upload its packages to the Yandex Cloud registry. This section will help you prepare your Marketplace product for Yandex Managed Service for Kubernetes.
For more information about setting up subscription-based product access, see Integration with the License Manager API.
You can also create products for Yandex Compute Cloud to run on Linux operating systems by following the relevant guidelines.
Hosting and naming images
-
A Helm chart and all its included docker images must be placed in the publisher registry created in Yandex Container Registry. To learn about creating a registry and uploading an image, see the documentation.
-
The name of the product's Helm chart should follow the format:
cr.yandex/<registry-id>/<vendor-name>/<product-name>/<chart>Where:
<registry-id>: Publisher's registry ID.<vendor-name>: Names of the product publisher.<product-name>: Product names.<chart>: Helm chart name.
-
The names of the product's docker images should follow the format:
cr.yandex/<registry-id>/<vendor-name>/<product-name>/<component-name>:<tag>Where:
<registry-id>: Publisher's registry ID.<vendor-name>: Names of the product publisher.<product-name>: Product names.<component-name>: Name of the product component provided as a docker image.<tag>: Docker image tag. Do not use thelatesttag.
During publication, all the images that come with the product are moved from the publisher's registry to the public yc-marketplace registry. The whole product hierarchy defined by the publisher is maintained in the process.
For example, the
cr.yandex/b1gq90dgh25bebiu75o/yandex-cloud/prometheus/pushgateway:1.0image will be published ascr.yandex/yc-marketplace/yandex-cloud/prometheus/pushgateway:1.0.
For more information on using the registry, see Pushing a Helm chart to a registry and Pushing a Docker image to a registry.
Helm chart specifics
A Helm chart must contain a file named values.yaml listing all docker images presented as parameters. The names of Docker images in the values.yaml file must start with the .Values prefix and refer to images in the publisher's registry to ensure error-free publication and subsequent installation of the product in the user's cluster.
Generic pod specification without parameters:
# pod spec
spec:
containers:
- image: cr.yandex/<registry-id>/<vendor-name>/<product-name>/<component-name>:<tag>
Pod specification with image name replaced with the YAML path variable described in values.yaml:
# pod spec
spec:
containers:
- image: {{ .Values.images.pushgateway }}
# values.yaml
images:
pushgateway: cr.yandex/<registry-id>/<vendor-name>/<product-name>/<component-name>:<tag>
Manifest
To publish a product, you need a manifest document that describes product deployment parameters. Prepare a manifest and upload it to Yandex Object Storage.
The manifest uses YAML format and contains the following data:
-
helm_chart: Required field. Contains the product's Helm chart name and tag.helm_chart: name: cr.yandex/<registry-id>/<vendor-name>/<product-name>/<chart> tag: <tag> -
requirements: Required field. Required parameters of the cluster where the product will be deployed. This section must include thek8s_versionparameter that defines the range of supported Kubernetes versions.requirements: k8s_version: ">=1.18" -
images: Required field. It contains a list of metadata of the images included in the product. The values of image metadata variables are YAML Path format references to variables fromvalues.yaml. Entries can be in one of the following formats:-
Image name, registry address, and tag are described in separate fields:
images: - registry: images.app.image.registry name_without_registry: images.app.image.name tag: images.app.image.tag# values.yaml images: app: image: registry: "cr.yandex" name: "<registry-id>/<vendor-name>/<product-name>/<component-name>" tag: "<tag>" -
Image name and registry address are described in one field, the tag in a different field:
images: - name_with_registry: images.app.config.image.name tag: images.app.config.image.tag# values.yaml images: app: config: image: name: "cr.yandex/<registry-id>/<vendor-name>/<product-name>/<component-name>" tag: "<tag>" -
The full path to the image is provided:
images: - full: images.app.image.name# values.yaml images: app: image: name: "cr.yandex/<registry-id>/<vendor-name>/<product-name>/<component-name>:<tag>"
-
-
user_values: Optional parameter. It stands for a list of product variables the user can override while installing or modifying an already installed product via the Yandex Cloud management console. Each variable is described by the required fields below:-
name: YAML Path of the variable fromvalues.yaml. -
title: Short name of the variable, either in Russian or English. The value must start with a capital letter.user_values: - name: app.port title: en: <English_title> ru: <Russian_title> -
description: Variable description, either in Russian or English. The value must start with a capital letter.user_values: - name: app.port title: <Header> description: en: <English_description> ru: <Russian_description> -
required(optional):Requiredflag. The flag can be set for any variable type exceptboolean_value. The available values aretrueandfalse. -
Variable type. Legal values:
-
simple_disabled. May contain a default value and the enable flag.user_values: - name: <name> disabled: true title: <Header> string_value: required: true default_value: "simple_string_value" -
integer_value. May contain a default value and a range of valid values.user_values: - name: <name> title: <Header> description: <Description> integer_value: default_value: <default_integer> required: true restrictions: min: <integer_1> max: <integer_2> -
boolean_value. May contain a default value.user_values: - name: <name> title: <Header> description: <Description> boolean_value: default_value: true -
string_selector_value: String from a pre-defined list. May contain a default value and a list of valid values.user_values: - name: <name> title: <Header> description: <Description> string_selector_value: default_value: <value_1> required: true values: - <value_1> - <value_2> - <value_3> -
integer_selector_value: Integer value from a pre-defined list. May contain a default value and a list of valid values.user_values: - name: <name> title: <Header> description: <Description> integer_selector_value: default_value: <integer_1> required: true values: - <integer_1> - <integer_2> - <integer_3> -
string_value: It may contain a flag and a secret field, as well as a value length limit.user_values: - name: <name> title: <Header> description: <Description> string_value: required: true secret: true length_restrictions: min: <min_row_length> max: <max_row_length> -
cloudiddisabled: Cloud ID in Yandex Cloud. If you provide a parameter, the appropriate product field in the management console will not be available for editing and will be automatically pre-filled.user_values: - name: <name> title: <Header> cloud_id_value: required: true -
cloudid: Cloud ID in Yandex Cloud which you can select from the management console.user_values: - name: <name> title: <Header> cloud_id_value: required: true -
folderid: Folder ID.user_values: - name: <name> title: <Header> folder_id_value: required: true -
clusterid: Kubernetes cluster ID.user_values: - name: <name> title: <Header> cluster_id_value: required: true -
networkid: Yandex Virtual Private Cloud network ID.user_values: - name: <name> title: <Header> network_id_value: required: true -
subnetid: Virtual Private Cloud subnet ID.user_values: - name: <name> title: <Header> subnet_id_value: required: true -
serviceaccountid: Service account ID.user_values: - name: <name> title: <Header> service_account_id_value: required: true -
serviceaccountkey: Service account's authorized key.user_values: - name: <name> title: <Header> service_account_key_value: required: true -
service_account_aws_key_value: Service account's static key for access to Object Storage. It is delivered in JSON format.user_values: - name: <name> title: <Header> description: <Description> service_account_aws_key_value: required: trueTo use the value of this field in a helm chart or transmit it in a file during manual installation, add the following code at the end of the
templates/_helpers.tpltemplate:Warning
Make sure to put
_generatedafter thenamefield value from the manifest.{{- define "<chart_name>.access_key_id" -}} {{- if .Values.saAccessKeyFile -}} {{- $key := .Values.saAccessKeyFile | fromJson -}} {{- $key.access_key.key_id -}} {{- else }} {{- .Values.<name_field_value_from_manifest>_generated.accessKeyID -}} {{- end }} {{- end }} {{- define "<chart_name>.access_key_secret" -}} {{- if .Values.saAccessKeyFile -}} {{- $key := .Values.saAccessKeyFile | fromJson -}} {{- $key.secret -}} {{- else }} {{- .Values.<name_field_value_from_manifest>_generated.secretAccessKey -}} {{- end }} {{- end }}Example of using values in the
Secretobject template:apiVersion: v1 kind: Secret metadata: name: {{ include "mychart.fullname" . }} labels: {{- include "mychart.labels" . | nindent 4 }} type: Opaque data: ACCESS_KEY_ID: {{ include "mychart.access_key_id" . | b64enc | quote }} SECRET_ACCESS_KEY: {{ include "mychart.access_key_secret" . | b64enc | quote }} -
ciliumvaluedisabled: Use of the Cilium network policy provider. If you provide a parameter, the appropriate product field in the management console will not be available for editing and will be automatically pre-filled.user_values: - name: <name> title: <Header> cilium_value: {} -
ciliumvalue: Use of the Cilium network policy provider.user_values: - name: <name> title: <Header> cilium_value: {} -
kubednsclusteripvaluedisabled: IP address of the Kubernetes cluster. If you provide a parameter, the appropriate product field in the management console will not be available for editing and will be automatically pre-filled.user_values: - name: <name> title: <Header> kube_dns_cluster_ip_value: required: true -
kubednsclusteripvalue: IP address of the Kubernetes cluster.user_values: - name: <name> title: <Header> kube_dns_cluster_ip_value: required: true -
loggroupidvalue: Yandex Cloud Logging log group ID.user_values: - name: <name> title: <Header> log_group_id_value: required: true -
kmskeyidvalue: Yandex Key Management Service key content.user_values: - name: <name> title: <Header> kms_key_id_value: required: true -
domainvalue: Domain to host the Kubernetes cluster.user_values: - name: <name> title: <Header> domain_value: required: true -
iamapikeyvalue: Service account's API key value. It is delivered in JSON format.user_values: - name: <name> title: <Header> iam_api_key_value: required: true -
storagebucketvalue: Object Storage bucket.user_values: - name: <name> title: <Header> storage_bucket_value: required: true -
prometheusworkspaceidvalue: Prometheus workspace name.user_values: - name: <name> title: <Header> prometheus_workspace_id_value: required: false -
licenseidvalue: Subscription ID from the License Manager API.user_values: - name: <name> title: <Header> license_id_value: required: false
-
-
The variable values specified by the user when installing the product in a Kubernetes cluster will override the values from the values.yaml file.
Example manifest and corresponding variable file
Manifest
# Link to helm chart in publisher registry.
helm_chart:
name: cr.yandex/b1gq90dgh25bebiu75o/Vendor/Product/chart
tag: 1.0-0
# Required parameters.
requirements:
k8s_version: ">=1.18"
images:
- registry: app1.image.registry
name_without_registry: app1.image.name
tag: app1.image.tag
- name_with_registry: app2.config.image.name
tag: app2.config.image.tag
- full: another-whatever-key.subkey.name
# Configurable parameters that might be changed by end user during installation of product. Should be presented in values.yaml
# Supported types: integer, boolean, string, string selector, integer selector.
user_values:
- name: app.port
title:
en: Application port
ru: Порт приложения
description:
en: Port that application will listen to
ru: Порт, на котором приложение принимает входящие запросы
integer_value:
default_value: 8080
required: true
restrictions:
min: 8000
max: 9000
- name: app.tls.use
title:
en: TLS
ru: TLS
description:
en: Use TLS
ru: Использовать TLS
boolean_value:
default_value: true
- name: app.admin.password
title:
en: Admin password
ru: Пароль администратора
description:
en: Password of administrator, should be at least 8 symbols
ru: Пароль администратора, должен быть длиной не менее 8 символов
string_value:
required: true
secret: true
length_restrictions:
min: 8
max: 20
- name: app.selector.string
title:
en: Custom string selector
ru: Строковая опция
description:
en: One value string selector
ru: Выбор одного строкового значения
string_selector_value:
default_value: opt1
required: true
values:
- opt1
- opt2
- opt3
- name: app.selector.integer
title:
en: Custom integer selector
ru: Числовая опция
description:
en: One value integer selector
ru: Выбор одного integer значения
integer_selector_value:
default_value: 1
required: true
values:
- 1
- 2
- 3
values.yaml variable file
# An example of values.xml related to publisher manifest above.
replicaCount: 1
podAnnotations: {}
podSecurityContext: {}
...
app1:
image:
registry: cr.yandex/b1gq90dgh25bebiu75o/
name: service-images/application-1
tag: 1.0
app2:
name: application-name
config:
# image can be declared on any level
image:
name: cr.yandex/b1gq90dgh25bebiu75o/service-images/application-2
tag: 2.0
pullPolicy: IfNotPresent
another-whatever-key: # key name is not fixed
subkey:
name: cr.yandex/b1gq90dgh25bebiu75o/service-images/application-3:3.0
...
# values
app:
port: 80
tls:
use: true
admin:
password: ""
selector:
string: "opt1"
integer: 1