Managed Kubernetes: Quick Start

You can work with a Managed Kubernetes cluster in the control panel, via the Managed Kubernetes API, or Terraform.

1. Create a cluster on a cloud server in the control panel.
2. Connect to the cluster.
3. Install Envoy Gateway.

1. Create a cluster on a cloud server in the control panel

1. Configure a cluster on a cloud server.
2. Configure a node group.
3. Configure automation.

1. Configure a cluster on a cloud server

1. In the control panel, on the top menu, click Products and select Managed Kubernetes.

2. Click Create cluster.

3. Enter a cluster name. The name will be included in cluster object names: node groups, nodes, load balancers, networks, and volumes. For example, if the cluster name is kelsie, the node group name will be kelsie-node-gdc8q, and the boot volume name — kelsie-node-gdc8q-volume.

4. Select a location. You cannot change the location after the cluster is created.

5. Select a Kubernetes version. After the cluster is created, you can upgrade the Kubernetes version.

6. Select a cluster type. You cannot change the cluster type after the cluster is created.

7. Optional: to make the cluster available over a private network and inaccessible from the internet, check the Private kube API checkbox. By default, the cluster is created in a public network and is automatically assigned a public kube API IP address accessible from the internet. You cannot change the kube API access type after the cluster is created.

8. In the Network block, select a private subnet with no internet access in which all cluster nodes will be grouped.

   To create a private subnet, in the Subnet for nodes field, select New private subnet. A private network <cluster_name>-network, a private subnet, and a router <cluster_name>-router will be created automatically, where <cluster_name> is the cluster name. The CIDR is assigned automatically.

   If a private subnet has been created, in the Subnet for nodes field, select an existing subnet. The subnet must meet the following conditions:

   • the subnet must be connected to a cloud router;
   • the subnet must not overlap with the 10.10.0.0/16, 10.96.0.0/12, 10.250.0.0/16 and 10.251.0.0/24. These ranges are used for internal Managed Kubernetes addressing;
   • DHCP must be disabled in the subnet.

9. Click Continue.

2. Configure a node group

1. In the Server type field, select Cloud server.

2. Select a location where all working nodes in the group will be located. You cannot change the location after the cluster is created.

3. Configure the working node configuration in the group:

   3.1. Click Select configuration and select a configuration for the working nodes in the group:

   • custom — any resource ratio can be specified;
   • or fixed with GPU — prebuilt node configurations with GPUs and a specified resource ratio.

   If default configurations do not suit your needs, after the cluster is created, you can add a node group with a fixed cloud server configuration via the Managed Kubernetes API or Terraform.

   3.2. If you have selected a custom configuration, specify the number of vCPUs, RAM, and select a boot disk. Specify the disk size.

   3.3. If you selected a fixed configuration with GPU, select a prebuilt node configuration with GPUs, a boot disk and specify the disk size. To install GPU drivers yourself, turn off the GPU drivers toggle. By default, the GPU drivers toggle is on, and preinstalled drivers are used in the cluster.

   3.4. Click Save.

4. Configure the number of working nodes. For fault-tolerant operation of system components and the Cilium network plugin, we recommend having at least two working nodes in the cluster; nodes can be in different groups:

   4.1. To have a fixed number of nodes in the node group, open the Fixed tab and specify the number of nodes.

   4.2. To use autoscaling via Cluster Autoscaler in the node group, open the With autoscaling tab and set the minimum and maximum number of nodes in the group — the number of nodes will only change within this range. Autoscaling is not available for node groups with GPU without drivers.

5. Optional: to make the node group preemptible, check the Preemptible node group checkbox. Preemptible node groups are available in the regions of St. Petersburg, Moscow, and Novosibirsk.

6. Optional: add node group labels:

   6.1. In the Labels field, click Add.

   6.2. Enter the label key.

   6.3. Enter the label value.

   6.4. Click Add.

7. Optional: add node group taints:

   7.1. In the Taints field, click Add.

   7.2. Enter the taint key.

   7.3. Enter the taint value.

   7.4. Select an effect:

   • NoSchedule — new pods will not be added, and existing ones will continue to run;
   • PreferNoSchedule — new pods will be added if there are no other available slots in the cluster;
   • NoExecute — running pods without tolerations will be evicted.

   7.5. Click Add.

8. Optional: add a script with custom parameters for configuring the Managed Kubernetes cluster:

   8.1. In the User data field, click Add.

   8.2. Paste the script. The maximum size of the script with data not encoded in Base64 is 47 KB. You can find example scripts and supported formats in the User data guide.

9. Optional: to add an additional working node group to the cluster, click Add node group. You can create a cluster with working node groups in different segments of the same pool. This will increase fault tolerance and help maintain application availability if a failure occurs in one of the segments.

10. In the Cloud network block, configure a private subnet without internet access in which all cluster nodes will be grouped.

    10.1. To create a private subnet, in the Subnet for nodes field, select New private subnet.

    A private network <cluster_name>-network, a private subnet, and a router <cluster_name>-router will be created automatically, where <cluster_name> is the cluster name. The CIDR is assigned automatically.

    The default security group will be assigned to node ports. Do not change its rules or assign a different security group. This will prevent cluster malfunctions.

    10.2. If a private subnet has been created, in the Subnet for nodes field, select an existing subnet. The subnet must meet the following conditions:

    • connected to a cloud router;
    • it must not overlap with the 10.10.0.0/16, 10.96.0.0/12, 10.250.0.0/16, and 10.251.0.0/24 ranges. These ranges are used for internal Managed Kubernetes addressing;
    • DHCP is disabled;
    • only the default security group is assigned to the ports. Do not change its rules or assign a different security group. This will prevent cluster malfunctions. You can view security groups on ports.

11. Click Continue.

3. Configure automation

1. Optional: to enable node auto-healing, check the Node auto-healing checkbox. If the cluster has only one working node, auto-healing is not available.

2. Optional: to enable auto-updating of patch versions, check the Auto-update patch versions checkbox. If the cluster has only one master node (base cluster) or one working node, Kubernetes patch version auto-updating is not available.

3. Select the maintenance start time for the cluster — the time when automatic cluster maintenance tasks will begin.

4. Optional: to enable audit logs, check the Audit logs checkbox. After the cluster is created, configure integration with a log storage and analysis system.

5. Check the cluster price on the cloud server.

6. Click Create. Cluster creation takes several minutes; during this time, the cluster will be in the status CREATING. The cluster will be ready for use when it switches to the ACTIVE status.

2. Connect to the cluster

To start working with the cluster, you need to configure kubectl.

For your information

We recommend performing all actions with cluster nodes, load balancers, and volumes only via kubectl.

After updating certificates for system components, you must reconnect to the cluster.

Linux

1. Install the kubectl Kubernetes command-line client following the official instructions.

2. In the control panel, on the top menu, click Products and select Managed Kubernetes.

3. Open the cluster page → Settings tab.

4. If you are using a private kube API, check access to it. The IP address is listed in the Kube API field.

5. Click Download kubeconfig. Downloading the kubeconfig file is unavailable if the cluster has the status PENDING_CREATE, PENDING_ROTATE_CERTS, PENDING_DELETE, or ERROR.

6. Export the path to your kubeconfig file to the KUBECONFIG environment variable:

   export KUBECONFIG=<path>

   Specify <path> — the path to the cluster_name.yaml kubeconfig file.

7. Check that the configuration is correct — access the cluster via kubectl:

   kubectl get nodes

   Nodes must be in the Ready status.

Windows

1. Install the kubectl Kubernetes command-line client following the official instructions.

2. In the control panel, on the top menu, click Products and select Managed Kubernetes.

3. Open the cluster page → Settings tab.

4. If you are using a private kube API, check access to it. The IP address is listed in the Kube API field.

5. Click Download kubeconfig. Downloading the kubeconfig file is unavailable if the cluster has the status PENDING_CREATE, PENDING_ROTATE_CERTS, PENDING_DELETE, or ERROR.

6. Run PowerShell as an administrator.

7. Export the path to your kubeconfig file to the KUBECONFIG environment variable:

   $env:KUBECONFIG = <path>

   Specify <path> — the path to the cluster_name.yaml kubeconfig file.

8. Check that the configuration is correct — access the cluster via kubectl:

   kubectl get nodes

   Nodes must be in the Ready status.

3. Install Envoy Gateway

Control panel

To run the application, a load balancer of the Basic redundant type and a public IP address will be created. The load balancer type cannot be changed after creation. If you want to change the load balancer type or its parameters, install the application using a Helm chart.

1. Ensure that a quota for at least one public IP address is allocated in the pool.
2. In the Control panel, on the top menu, click Products and select Managed Kubernetes.
3. Open the cluster page → Applications tab.
4. In the Available for installation block, click Envoy Gateway.
5. Check the price of the load balancer and the public IP address.
6. Click Install. A new Basic redundant load balancer with a public IP address will be created. The load balancer will appear in the Control panel: on the top menu, click Products and select Cloud servers → Load balancers section → tab Load balancers.

Helm

You can install Envoy Gateway:

• without configuring parameters — the default parameter values specified in the Helm chart are used. You can view the default values using the helm inspect values oci://docker.io/envoyproxy/gateway-helm; command;
• or with parameter configuration — you configure parameters in a file and use it for installation.

Without parameter configuration

1. Connect to the cluster.

2. Install the Helm package manager Helm.

3. Install Envoy Gateway:

   helm upgrade --install eg --create-namespace oci://docker.io/envoyproxy/gateway-helm --version v1.6.3 -n envoy-gateway-system

4. Ensure that Envoy Gateway is installed:

   kubectl get pods -n envoy-gateway-system

   Information about Envoy Gateway will appear in the response:

   NAME                              READY   STATUS    RESTARTS   AGE
   envoy-gateway-8545855df8-vjqtf    1/1     Running   0          35s

With parameter configuration

1. Connect to the cluster.

2. Install the Helm package manager Helm.

3. Get the default values for the envoyproxy/gateway-helm Helm chart and save them to the envoy-gateway-values.yaml file:

   helm inspect values oci://docker.io/envoyproxy/gateway-helm --version v1.6.3 > envoy-gateway-values.yaml

4. In the envoy-gateway-values.yaml file, configure the necessary parameters and save the changes.

5. Install Envoy Gateway:

   helm upgrade --install eg --create-namespace oci://docker.io/envoyproxy/gateway-helm --version v1.6.3 -n envoy-gateway-system --values envoy-gateway-values.yaml

6. Ensure that Envoy Gateway is installed:

   kubectl get pods

   Information about Envoy Gateway will appear in the response. For example:

   NAME                              READY   STATUS    RESTARTS   AGE
   envoy-gateway-8545855df8-vjqtf    1/1     Running   0          35s