Deckhouse Kubernetes Platform in Yandex Cloud

1
Selecting infrastructure
2
Installation information
3
Preparing environment
4
Installation
5
Getting access to the cluster
6
What can I do next?

Before installation, ensure the following:

  • Cloud provider quotas for cluster deployment.
  • The cloud-init package is installed on the VMs. After the VM starts, services cloud-config.service, cloud-final.service, cloud-init.service must be running.
  • The virtual machine template contains only one disk.

Additional requirements and notes

  • For ContainerdV2 on cluster nodes, the OS on virtual machines must meet the requirements:
    • Linux kernel version 5.8 or newer;
    • CgroupsV2 support;
    • Systemd version 244 or newer;
    • erofs kernel module support.

    For more information, see the ClusterConfiguration resource.

  • From version 1.74, Deckhouse has a module integrity control mechanism (protection against replacement and modification). It turns on automatically when the OS on the nodes supports the erofs kernel module. Without it, Deckhouse runs as before but the mechanism is off — an alert will indicate it is unavailable.

You need to create a Yandex Cloud service account with the editor role to manage cloud resources. The detailed instructions for creating a service account with Yandex Cloud are available in the documentation. Below, we will provide a brief overview of the necessary actions:

  1. Create a user named deckhouse:

    yc iam service-account create --name deckhouse

    The command response will contain its parameters:

    id: <userID>
folder_id: <folderID>
created_at: "YYYY-MM-DDTHH:MM:SSZ"
name: deckhouse

  2. Assign the required roles to the newly created user for your cloud:

    yc resource-manager folder add-access-binding --id <folderID> --role compute.editor --subject serviceAccount:<userID>
yc resource-manager folder add-access-binding --id <folderID> --role vpc.admin --subject serviceAccount:<userID>
yc resource-manager folder add-access-binding --id <folderID> --role load-balancer.editor --subject serviceAccount:<userID>

  3. Create a JSON file containing the parameters for user authorization in the cloud. These parameters will be used to log in to the cloud:

    yc iam key create --service-account-name deckhouse --output deckhouse-sa-key.json
Go back Next: Installation