You need to create a service account with the editor role with the cloud provider so that Deckhouse can manage cloud resources. The detailed instructions for creating a service account with Yandex.Cloud are available in the provider’s documentation. Below, we will provide a brief overview of the necessary actions:

You may need to increase quotas.

Reserve a public IP address if necessary.

  • Create a user named deckhouse. The command response will contain its parameters:
    yc iam service-account create --name deckhouse
    id: <userID>
    folder_id: <folderID>
    created_at: "YYYY-MM-DDTHH:MM:SSZ"
    name: candi
    
  • Assign the editor role to the newly created user:
    yc resource-manager folder add-access-binding --id <folderID> --role editor --subject serviceAccount:<userID>
    
  • Create a JSON file containing the parameters for user authorization in the cloud. These parameters will be used to log in to the cloud:
    yc iam key create --service-account-name deckhouse --output candi-sa-key.json
    

Quotas

Note that you need to increase the quotas using the Yandex console when provisioning a new cluster. Recommended parameters:

  • The number of virtual processors: 64.
  • The total volume of SSD disks: 2000 GB.
  • The number of virtual machines: 25.
  • The total amount of RAM of virtual machines: 256 GB.