External cluster nodes
Note
Connecting external nodes is at the Preview stage. You will not be charged for using them.
With Managed Service for Kubernetes, you can connect servers from outside Yandex Cloud as Kubernetes cluster nodes.
Requirements for connecting external nodes to a cluster
There are certain requirements you should fulfill to connect external nodes to a Managed Service for Kubernetes:
-
L3 network connectivity between your servers' local network infrastructure and your Managed Service for Kubernetes cluster's cloud network. External nodes only connect to a cluster master via its Yandex Cloud cloud network internal IP address.
You can establish a private dedicated connection between your local network infrastructure and Yandex Cloud:
- Using Yandex Cloud Interconnect.
- Manually, via a VPN, e.g., IPSec or WireGuard.
-
A Managed Service for Kubernetes cluster uses network tunneling.
-
Your external servers must have internet access.
-
External server OS: Ubuntu 24.04.
For information on connecting external nodes to a Managed Service for Kubernetes cluster, see Connecting external nodes to a cluster.
Responsibility
For reliable operation of external nodes, you must ensure continuous operation of:
- Your computing infrastructure, i.e., servers and their operating system.
- We do not recommend using external servers for anything other than the cluster node functions.
- Local network infrastructure of your servers.
- Connection between your local network infrastructure and Yandex Cloud.
Yandex Cloud offers reliable private connections between your local network and cloud infrastructure by means of Cloud Interconnect. Alternatively, you can configure and maintain the quality of such a connection yourself using a VPN.
Yandex Cloud does not offer management services or guarantee the reliability of any computing or network infrastructure outside the Yandex Cloud data centers. You can take advantage of a managed infrastructure by using Managed Service for Kubernetes regular node groups.
External node operation limitations
When designing load balancing for nodes in a Managed Service for Kubernetes cluster, you have to consider the following aspects:
- You cannot connect
PersistentVolumeobjects based on Yandex Cloud disks to external nodes. - Services based on Yandex Cloud L3 load balancers, e.g.,
LoadBalancer, do not distribute traffic to these nodes.
You must deploy any loads requiring this feature on Managed Service for Kubernetes cluster nodes located in Yandex Cloud only. For this, use the node affinity settings:
...
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: yandex.cloud/node-group-id # Kubernetes label for nodes located in Yandex Cloud.
operator: Exists
...
You can manage traffic at L7 instead of doing it using L3 load balancers. To do this, install an Ingress controller in your Managed Service for Kubernetes cluster and use the Ingress resources.
Marketplace products Ingress controller and Gateway API based on Yandex Application Load Balancer do not support balancing to external nodes.
Use the Gwin controller or one of the alternative Ingress controllers for balancing to external nodes.
To use the Gwin controller for balancing to external nodes:
-
The Application Load Balancer L7 load balancer must have access to the external node address.
-
The external node address must be present in the node's
statusas a resource, for example:kubectl get no -o yaml example-cluster-node-1 | yq ".status.addresses"- address: 10.0.0.7 type: InternalIP - address: 2001:db8::1 type: InternalIP - address: example-cluster-node-1 type: Hostname