Compare languages | Cloud provider — Yandex Cloud: схемы размещения

Поддерживаются три схемы размещения. Ниже подробнее о каждой их них.

Three layouts are supported. Below is more information about each of them.

Standard

Standard

В данной схеме размещения узлы не будут иметь публичных IP-адресов, а будут выходить в интернет через NAT-шлюз (NAT Gateway) Yandex Cloud.

In this placement strategy, nodes do not have public IP addresses allocated to them; they use NAT gateway service in Yandex Cloud to connect to the Internet.

Схема размещения Standard в Yandex Cloud

Yandex Cloud Standard Layout scheme

Пример конфигурации схемы размещения:

Example of the layout configuration:

yaml apiVersion: deckhouse.io/v1 kind: YandexClusterConfiguration layout: Standard sshPublicKey: “" nodeNetworkCIDR: 192.168.12.13/24 existingNetworkID: provider: cloudID: folderID: serviceAccountJSON: | { "id": "id", "service_account_id": "service_account_id", "key_algorithm": "RSA_2048", "public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n" } masterNodeGroup: replicas: 1 zones:

  • ru-central1-a
  • ru-central1-b instanceClass: cores: 4 memory: 8192 imageID: testtest externalIPAddresses:
  • “198.51.100.5”
  • “Auto” externalSubnetID: additionalLabels: takes: priority nodeGroups:
  • name: worker replicas: 1 zones:
  • ru-central1-a instanceClass: cores: 4 memory: 8192 imageID: testtest coreFraction: 50 externalIPAddresses:
  • “198.51.100.5”
  • “Auto” externalSubnetID: additionalLabels: toy: example labels: billing: prod dhcpOptions: domainName: test.local domainNameServers:
  • 213.177.96.1
  • 231.177.97.1

yaml apiVersion: deckhouse.io/v1 kind: YandexClusterConfiguration layout: Standard provider: cloudID: folderID: serviceAccountJSON: | { "id": "id", "service_account_id": "service_account_id", "key_algorithm": "RSA_2048", "public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n" } masterNodeGroup: replicas: 1 zones:

  • ru-central1-a
  • ru-central1-b instanceClass: cores: 4 memory: 8192 imageID: fd8nb7ecsbvj76dfaa8b externalIPAddresses:
  • “198.51.100.5”
  • “Auto” externalSubnetID: additionalLabels: takes: priority nodeGroups:
  • name: worker replicas: 1 zones:
  • ru-central1-a instanceClass: cores: 4 memory: 8192 imageID: fd8nb7ecsbvj76dfaa8b coreFraction: 50 externalIPAddresses:
  • “198.51.100.5”
  • “Auto” externalSubnetID: additionalLabels: toy: example labels: billing: prod sshPublicKey: "" nodeNetworkCIDR: 192.168.12.13/24 existingNetworkID: dhcpOptions: domainName: test.local domainNameServers:
  • 213.177.96.1
  • 231.177.97.1

WithoutNAT

WithoutNAT

В данной схеме размещения NAT (любого вида) не используется, а каждому узлу выдается публичный IP-адрес.

In this layout, NAT (of any kind) is not used, and each node is assigned a public IP.

Внимание! В модуле cloud-provider-yandex пока нет поддержки групп безопасности (security group), поэтому все узлы кластера будут смотреть наружу.

Caution! Currently, the cloud-provider-yandex module does not support Security Groups; thus, is why all cluster nodes connect directly to the Internet.

Схема размещения WithoutNAT в Yandex Cloud

Yandex Cloud WithoutNAT Layout scheme

Пример конфигурации схемы размещения:

Example of the layout configuration:

yaml apiVersion: deckhouse.io/v1 kind: YandexClusterConfiguration layout: WithoutNAT provider: cloudID: folderID: serviceAccountJSON: | { "id": "id", "service_account_id": "service_account_id", "key_algorithm": "RSA_2048", "public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n" } masterNodeGroup: replicas: 1 instanceClass: cores: 4 memory: 8192 imageID: externalIPAddresses:

  • “198.51.100.5”
  • “Auto” externalSubnetID: zones:
  • ru-central1-a
  • ru-central1-b nodeGroups:
  • name: worker replicas: 1 instanceClass: cores: 4 memory: 8192 imageID: testtest coreFraction: 50 externalIPAddresses:
  • “198.51.100.5”
  • “Auto” externalSubnetID: zones:
  • ru-central1-a sshPublicKey: “" nodeNetworkCIDR: 192.168.12.13/24 existingNetworkID: dhcpOptions: domainName: test.local domainNameServers:
  • 8.8.8.8
  • 8.8.4.4

yaml apiVersion: deckhouse.io/v1 kind: YandexClusterConfiguration layout: WithoutNAT provider: cloudID: folderID: serviceAccountJSON: | { "id": "id", "service_account_id": "service_account_id", "key_algorithm": "RSA_2048", "public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n" } masterNodeGroup: replicas: 1 instanceClass: cores: 4 memory: 8192 imageID: externalIPAddresses:

  • “198.51.100.5”
  • “Auto” externalSubnetID: zones:
  • ru-central1-a
  • ru-central1-b nodeGroups:
  • name: worker replicas: 1 instanceClass: cores: 4 memory: 8192 imageID: testtest coreFraction: 50 externalIPAddresses:
  • “198.51.100.5”
  • “Auto” externalSubnetID: zones:
  • ru-central1-a sshPublicKey: “" nodeNetworkCIDR: 192.168.12.13/24 existingNetworkID: dhcpOptions: domainName: test.local domainNameServers:
  • 8.8.8.8
  • 8.8.4.4

WithNATInstance

WithNATInstance

В данной схеме размещения создается NAT-инстанс, а в таблицу маршрутизации добавляется правило на 0.0.0.0/0 с NAT-инстанса nexthop’ом.

In this placement strategy, Deckhouse creates a NAT instance and adds a rule to a route table containing a route to 0.0.0.0/0 with a NAT instance as the next hop.

Если задан withNATInstance.externalSubnetID — NAT-инстанс будет создан в зоне этого subnet.

If the withNATInstance.externalSubnetID parameter is set, the NAT instance will be created in this subnet.

Если withNATInstance.externalSubnetID не задан, а withNATInstance.internalSubnetID задан — NAT-инстанс будет создан в зоне этого subnet.

IF the withNATInstance.externalSubnetID parameter is not set and withNATInstance.internalSubnetID is set, the NAT instance will be created in this last subnet.

Если ни withNATInstance.externalSubnetID, ни withNATInstance.internalSubnetID не заданы — NAT-инстанс создастся в зоне ru-central1-a.

If neither withNATInstance.externalSubnetID nor withNATInstance.internalSubnetID is set, the NAT instance will be created in the ru-central1-a zone.

Если IP-адрес NAT-инстанса не имеет значения, можно передать пустой объект withNATInstance: {}, тогда необходимые сети и динамический IP-адрес будут созданы автоматически.

If the IP address of the NAT-instance does not matter, you can pass an empty object withNATInstance: {}, then the necessary networks and dynamic IP will be created automatically.

Схема размещения WithNATInstance в Yandex Cloud

Yandex Cloud WithNATInstance Layout scheme

Пример конфигурации схемы размещения:

Example of the layout configuration:

yaml apiVersion: deckhouse.io/v1 kind: YandexClusterConfiguration layout: WithNATInstance withNATInstance: natInstanceExternalAddress: internalSubnetID: externalSubnetID: provider: cloudID: folderID: serviceAccountJSON: | { "id": "id", "service_account_id": "service_account_id", "key_algorithm": "RSA_2048", "public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n" } masterNodeGroup: replicas: 1 instanceClass: cores: 4 memory: 8192 imageID: externalIPAddresses:

  • “1.1.1.1”
  • “Auto” externalSubnetID: zones:
  • ru-central1-a
  • ru-central1-b nodeGroups:
  • name: worker replicas: 1 instanceClass: cores: 4 memory: 8192 imageID: coreFraction: 50 externalIPAddresses:
  • “1.1.1.1”
  • “Auto” externalSubnetID: zones:
  • ru-central1-a sshPublicKey: “" nodeNetworkCIDR: 192.168.12.13/24 existingNetworkID: dhcpOptions: domainName: test.local domainNameServers:
  • 8.8.8.8
  • 8.8.4.4

yaml apiVersion: deckhouse.io/v1 kind: YandexClusterConfiguration layout: WithNATInstance withNATInstance: natInstanceExternalAddress: internalSubnetID: externalSubnetID: provider: cloudID: folderID: serviceAccountJSON: | { "id": "id", "service_account_id": "service_account_id", "key_algorithm": "RSA_2048", "public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n" } masterNodeGroup: replicas: 1 instanceClass: cores: 4 memory: 8192 imageID: externalIPAddresses:

  • “1.1.1.1”
  • “Auto” externalSubnetID: zones:
  • ru-central1-a
  • ru-central1-b nodeGroups:
  • name: worker replicas: 1 instanceClass: cores: 4 memory: 8192 imageID: coreFraction: 50 externalIPAddresses:
  • “1.1.1.1”
  • “Auto” externalSubnetID: zones:
  • ru-central1-a sshPublicKey: “" nodeNetworkCIDR: 192.168.12.13/24 existingNetworkID: dhcpOptions: domainName: test.local domainNameServers:
  • 8.8.8.8
  • 8.8.4.4