External cluster nodes

Managed Service for Kubernetes enables you to connect servers from outside Yandex Cloud as Kubernetes cluster nodes.

Requirements for connecting external resources to a clusterRequirements for connecting external resources to a cluster

To connect external nodes to a Managed Service for Kubernetes cluster, the following requirements must be met:

• L3 network connectivity between your servers' local network infrastructure and your Managed Service for Kubernetes cluster's cloud network. External nodes connect to a cluster master via its Yandex Cloud cloud network internal IP address.

  You can use the following methods to establish a private dedicated connection between your local network infrastructure and Yandex Cloud:

  • Via Yandex Cloud Interconnect.
  • Manually, via a VPN.

• A Managed Service for Kubernetes cluster uses network tunneling.

• Connecting servers must have internet access.

• Connecting servers must have Ubuntu 20.04 as their operating system.

For information on connecting external nodes to a Managed Service for Kubernetes cluster, please see Connecting external nodes to the cluster.

Responsibility matrixResponsibility matrix

For external nodes to run predictably in a cluster, it is key that the elements below function without interruption:

• Computing infrastructure, such as the servers used and their relevant operating system.
  • We do not recommend using connecting servers in any capacity other than as nodes in a cluster.
• Local network infrastructure made up of the servers utilized.
• Links between your local network infrastructure and Yandex Cloud.

Yandex Cloud offers reliable private connections between your local network and cloud infrastructure that is part of Cloud Interconnect. Alternatively, you can configure and maintain the quality of such a connection yourself using a VPN.

Yandex Cloud does not offer management services or guarantee the reliability of any computing or network infrastructure outside Yandex Cloud data centers. You can take advantage of a managed infrastructure by using Managed Service for Kubernetes regular node groups.

Restrictions when working with external nodesRestrictions when working with external nodes

When designing load balancing for nodes in a Managed Service for Kubernetes cluster, you have to take the following into consideration:

• You cannot connect PersistentVolume objects built on cloud disks in Yandex Cloud to external nodes.
• Services based on Yandex Cloud L3 load balancers (such as LoadBalancer) do not distribute traffic to these nodes.

You must deploy any loads requiring this functionality on Managed Service for Kubernetes cluster nodes located in Yandex Cloud only. You may take advantage of node affinity settings to accomplish this:

...
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: yandex.cloud/node-group-id # Kubernetes-node labels for nodes located in Yandex Cloud.
            operator: Exists
...

You can manage traffic at L7 instead of doing it with L3 load balancers. To accomplish this, install an Ingress controller in your Managed Service for Kubernetes cluster and use Ingress resources.

Currently, the Yandex Application Load Balancer-based Ingress Controller does not support load balancing for external nodes. You can use one of the alternative ingress controllers as a workaround.