Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Getting started with Managed Service for Kubernetes

Written by
Updated at October 30, 2025

Create a Managed Service for Kubernetes cluster and node group and manage them using kubectl, the Kubernetes command line interface.

Getting started

To get started with Managed Service for Kubernetes:

  1. Navigate to the management console and log in to Yandex Cloud or sign up if not signed up yet.

  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and its status is ACTIVE or TRIAL_ACTIVE. If you do not have a billing account yet, create one.

  3. If you do not have a folder yet, create one.

  4. Install kubectl, the Kubernetes CLI.

  5. Make sure you have enough resources available in the cloud.

  6. If you do not have a network yet, create one.

  7. If you do not have any subnets yet, create them in the availability zones where your Managed Service for Kubernetes cluster and node group will reside.

  8. Create these service accounts:

    • Service account with the k8s.clusters.agent and vpc.publicAdmin roles for the folder where you want to create a Managed Service for Kubernetes cluster. This service account will be used to create the resources for the Managed Service for Kubernetes cluster.
    • Service account with the container-registry.images.puller role for the folder containing the Docker image registry. Managed Service for Kubernetes nodes will pull the required Docker images from the registry on behalf of this account.

    You can use the same service account for both operations.

    Note

    To create a cluster with tunnel mode, the cluster service account requires the k8s.tunnelClusters.agent role.

  9. Configure security groups for network traffic of your Managed Service for Kubernetes cluster.

Create a Managed Service for Kubernetes cluster

  1. In the management console, select the folder where you want to create a Managed Service for Kubernetes cluster.
  2. Select Managed Service for Kubernetes.
  3. Click Create cluster.
  4. Enter the Managed Service for Kubernetes cluster name. It must be unique within the folder.
  5. Optionally, enter a description for the Managed Service for Kubernetes cluster.
  6. Service account for resources: Specify the service account with the k8s.clusters.agent and vpc.publicAdmin roles to use for creating resources.
  7. Service account for nodes: Specify the service account with the container-registry.images.puller role that Managed Service for Kubernetes nodes will use to access the Docker image registry.
  8. Specify the release channel. You will not be able to edit this setting once you create the Managed Service for Kubernetes cluster.
  9. Under Master configuration:
    • Kubernetes version: Select the Kubernetes version to install on the Managed Service for Kubernetes master.
    • Public address: Select the IP address assignment method:
      • Auto: Assign a random IP address from the Yandex Cloud IP address pool.
      • No address: Do not assign a public IP address.
    • Type of master: Select the master type:
      • Basic: To create a single master host in the selected availability zone. Specify the cloud network and select the subnet for the master host.
      • Highly available: To create a single master host in each availability zone. Specify the cloud network and subnet for each availability zone.
    • Select security groups for the Managed Service for Kubernetes cluster's network traffic.
  10. Under Cluster network settings:
    • CIDR cluster: Specify the IP address range to allocate addresses to pods from.
    • CIDR services: Specify the IP address range to allocate IP addresses to services from.
    • Set the subnet mask for the Managed Service for Kubernetes nodes and the maximum number of pods per node.
  11. Click Create.

For more information, see this step-by-step guide for creating a Managed Service for Kubernetes cluster.

Create a node group

To create a Managed Service for Kubernetes node group:

  1. In the management console, select the folder where you created the required Managed Service for Kubernetes cluster.

  2. In the list of services, select Managed Service for Kubernetes.

  3. Select the Managed Service for Kubernetes cluster to create a node group for.

  4. On the Managed Service for Kubernetes cluster page, go to the Node manager tab.

  5. Click Create a node group.

  6. Enter a name and description for the Managed Service for Kubernetes node group.

  7. In the Kubernetes version field, select the Kubernetes version for the Managed Service for Kubernetes nodes.

  8. Under Scaling, select its type:

  9. Under Changes during creation and updates, specify the maximum number of VMs by which you can exceed or reduce the Managed Service for Kubernetes group size.

  10. Under Computing resources:

  11. Under Storage:

    • Specify the Disk type for the Managed Service for Kubernetes group nodes:

      • HDD: Standard network drive; HDD network block storage.
      • SSD: Fast network drive; SSD network block storage.
      • Non-replicated SSD: Network drive with enhanced performance achieved by eliminating redundancy. You can only change the size of this disk type in 93 GB increments.
      • SSD IO: Network drive with the same performance specifications as Non-replicated SSD, plus redundancy. You can only change the size of this disk type in 93 GB increments.

      For more information about disk types, see this Yandex Compute Cloud guide.

    • Specify the disk size for the Managed Service for Kubernetes group nodes.

  12. Under Network settings:

    • In the Public address field, select an IP address assignment method:
      • Auto: Assign a random IP address from the Yandex Cloud IP address pool.
      • No address: Do not assign a public IP address.
    • Select security groups.
    • Select the availability zone and subnet to place the Managed Service for Kubernetes group nodes in.

  13. Under Access, specify the access credentials for the Managed Service for Kubernetes group nodes over SSH:

    • Login: Enter the username.
    • SSH key: Paste the contents of the public key file.

  14. Click Create.

For more information, see this step-by-step guide for creating Managed Service for Kubernetes node groups.

Add credentials to the kubectl configuration file

With kubectl, you can manage a Managed Service for Kubernetes cluster. To configure the utility to work with the created cluster, add its credentials to the kubectl configuration file:

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. Run this command:

    yc managed-kubernetes cluster get-credentials test-k8s-cluster --external

    Tip

    You can also view the connection command in the management console on the cluster page under Access.

    • By default, credentials are added to the $HOME/.kube/config directory.
    • If you need to change the configuration location, use the --kubeconfig <file_path> parameter.

  2. Check the kubectl configuration after adding the credentials:

    kubectl config view

    Result:

    apiVersion: v1
clusters:
  - cluster:
    certificate-authority-data: DATA+OMITTED
...

  3. Check the connection to the cluster:

    kubectl get nodes

    The command will return information about the node group you created:

    NAME                       STATUS  ROLES   AGE  VERSION
cl17i6943n92********-itif  Ready   <none>  31m  v1.13.3

    To learn more about connecting to a Managed Service for Kubernetes cluster, see Overview of connection methods.

What's next

Previous
Comparing with other Yandex Cloud services
Next
All guides