Connection method overview

You can connect to a Managed Service for Kubernetes cluster using the following methods:

• Over the internet if you configured public access for the cluster when creating it.
• From Yandex Cloud virtual machines located in the same cloud network.

To connect to a cluster, you can use:

• kubectl
• Static configuration file

To connect to cluster nodes, follow the instructions in Connecting to a node over SSH.

Configuring security groupsConfiguring security groups

Security groups may block cluster connections. To manage a cluster using kubectl, you must have rules in security groups that allow access to the Kubernetes API. If you need a step-by-step guide on setting up rules, see Rules to access the Kubernetes API.

Connecting to a clusterConnecting to a cluster

When connecting to a Kubernetes cluster, the user logs in to Yandex Identity and Access Management and is granted access based on the assigned role. To log in, you must install the Yandex Cloud command-line interface (CLI).

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

To connect to a cluster:

1. Install kubectl.

2. Add credentials to the kubectl configuration file depending on the type of the IP address of the cluster you are connecting to:

   Public IP address

   Internal IP address

   To get credentials to connect to the cluster's public IP address via the internet, run this command:

   yc managed-kubernetes cluster \
      get-credentials <cluster_name_or_ID> \
      --external
   

   You can also run this command from the management console. Go to the Overview page for the appropriate cluster and click Get started in the top-right corner.

   If you created your cluster with no public IP address, this cluster can only be connected to using its internal IP.

   To get credentials to connect to the cluster's internal IP address from a VM located in the same network, run this command:

   yc managed-kubernetes cluster \
      get-credentials <cluster_name_or_ID> \
      --internal
   

   You can also run this command from the management console. Go to the Overview page for the appropriate cluster and click Get started in the top-right corner.

   Note

   By default, credentials are added to the $HOME/.kube/config file. If you need to change the configuration location, use the --kubeconfig <file_path> flag.

3. Make sure the cluster is accessible:

   kubectl cluster-info
   

   If kubectl is configured correctly, the command will return cluster information.

Connecting using a static configurationConnecting using a static configuration

If you cannot use the Yandex Cloud CLI for some reason, connect to a cluster using static configuration files.