You need to create a service account with the editor role with the cloud provider so that Deckhouse can manage cloud resources. The detailed instructions for creating a service account with Yandex.Cloud are available in the provider’s documentation. Below, we will provide a brief overview of the necessary actions:
You may need to increase quotas.
Reserve a public IP address if necessary.
- Create a user named
deckhouse. The command response will contain its parameters:
yc iam service-account create --name deckhouse id: <userID> folder_id: <folderID> created_at: "YYYY-MM-DDTHH:MM:SSZ" name: candi
- Assign the
editorrole to the newly created user:
yc resource-manager folder add-access-binding --id <folderID> --role editor --subject serviceAccount:<userID>
- Create a JSON file containing the parameters for user authorization in the cloud. These parameters will be used to log in to the cloud:
yc iam key create --service-account-name deckhouse --output candi-sa-key.json
Note that you need to increase the quotas using the Yandex console when provisioning a new cluster. Recommended parameters:
- The number of virtual processors: 64.
- The total volume of SSD disks: 2000 GB.
- The number of virtual machines: 25.
- The total amount of RAM of virtual machines: 256 GB.