Kubernetes
August 30, 2023
Региональный кластер 1.27+cilium+logs+kms. Public IP
В Данной статье создадим кластер версии 1.24+cilium.
SA с правами editor.
SG с ограниченными правами, подходящими только для кластера k8s.
export SG=$(yc vpc sg get k8s-sg --format json | jq -r '.id') export KMS=$(yc kms symmetric-key get k8s-key --format json | jq -r ".id") export FOLDER=$(yc config get folder-id) export ZONE=ru-central1-a export NETWORK=$(yc vpc network get cameda-test --format json | jq -r '.id') export SUBNET=subnet-a export SA=$(yc iam service-account get cameda-service --format json | jq -r '.id') export LogGroupID=$(yc log group get k8s --format json | jq -r ".id") yc k8s cluster create \ --folder-id $FOLDER \ --name cam-kuber-regional-test \ --description "regional k8s test cluster" \ --labels test=regionaal \ --network-id $NETWORK \ --regional \ --master-location subnet-name=subnet-a,zone=ru-central1-a \ --master-location subnet-name=subnet-b,zone=ru-central1-b \ --master-location subnet-name=subnet-c,zone=ru-central1-c \ --public-ip \ --release-channel rapid \ --version 1.27 \ --cluster-ipv4-range 10.90.0.0/16 \ --service-ipv4-range 10.91.0.0/16 \ --auto-upgrade=true \ --security-group-ids $SG \ --enable-network-policy \ --cilium \ --node-service-account-id $SA \ --service-account-id $SA \ --kms-key-id $KMS \ --daily-maintenance-window 'start=22:00,duration=2h' \ --master-logging enabled=true,log-group-id=$LogGroupID,cluster-autoscaler-enabled=true,kube-apiserver-enabled=true,audit-enabled=true,events-enabled=true \ --async
Создание фиксированной нод группы для кластера.
yc k8s node-group create \ --folder-id $FOLDER \ --name cam-fixed-group \ --cluster-name cam-kuber-regional-test \ --description "fixed-testgroup" \ --metadata serial-port-enable=1 \ --metadata-from-file=ssh-keys=/Users/cameda/ssh-pairs.txt \ --labels cam=fixed \ --node-labels env=test \ --location zone=$ZONE \ --platform standard-v3 \ --memory 16 \ --cores 8 \ --core-fraction 100 \ --disk-type network-ssd \ --disk-size 97 \ --network-acceleration-type standard \ --network-interface security-group-ids=$SG,subnets=$SUBNET,ipv4-address=nat \ --version 1.27 \ --container-runtime containerd \ --fixed-size 2 \ --auto-upgrade=true \ --auto-repair \ --max-expansion 1 \ --max-unavailable 1 \ --daily-maintenance-window 'start=22:00,duration=5h' \ --allowed-unsafe-sysctls net.ipv4.tcp_timestamps \ --async
Создание автомасштабируемой нод группы для кластера.
yc k8s node-group create \ --folder-id $FOLDER \ --name cam-autoscale-group \ --cluster-name cam-kuber-regional-test \ --description "autoscale-testgroup" \ --metadata serial-port-enable=1 \ --metadata-from-file=ssh-keys=/Users/cameda/ssh-pairs.txt \ --labels cam=autoscale \ --node-labels env=test \ --location zone=$ZONE \ --platform standard-v3 \ --memory 4 \ --cores 2 \ --core-fraction 100 \ --disk-type network-ssd \ --disk-size 96 \ --network-acceleration-type standard \ --network-interface security-group-ids=$SG,subnets=$SUBNET,ipv4-address=nat \ --version 1.27 \ --container-runtime containerd \ --auto-scale min=1,max=5,initial=1 \ --auto-upgrade=false \ --auto-repair \ --max-expansion 1 \ --max-unavailable 1 \ --weekly-maintenance-window 'days=[monday,tuesday],start=22:00,duration=10h' \ --allowed-unsafe-sysctls net.ipv4.tcp_timestamps \ --async