Installing Application Load Balancer Gateway API for Managed Service for Kubernetes

Gateway API Application Load Balancer for Yandex Managed Service for Kubernetes is provided as a Cloud Marketplace product or a chart of the Helm package manager for Kubernetes.

Before you begin

1. Create a Managed Service for Kubernetes cluster with the Public address setting : Auto.

2. Create a node group in any suitable configuration.

3. Create and configure a service account for working with the Gateway API:

   1. If you don't have the Yandex Cloud command line interface yet, install and initialize it.

      The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

   2. Create a service account, which is required for Gateway API:

   3. Assign it the roles:

      • alb.editor: To create the required resources.
      • vpc.publicAdmin: To manage external connectivity.
      • certificate-manager.certificates.admin: To manage certificates registered in Yandex Certificate Manager.
      • compute.viewer: To use Managed Service for Kubernetes cluster nodes in balancer target groups.

   4. Create an authorized key for the service account and save it to a file named sa-key.json:

      yc iam key create \
        --service-account-name <name_of_ service_account_for__Gateway_API> \
        --output sa-key.json
      

Installation using Yandex Cloud Marketplace

1. Go to the folder page and select Managed Service for Kubernetes.
2. Click the name of the desired cluster and select the Marketplace tab.
3. Under Applications available for installation, select Gateway API and click Use.
4. Configure the application:
   • Namespace: Select a namespace or create a new one.
   • Application name: Enter an application name.
   • Folder ID: Select the folder to create load balancers in.
   • Network ID: Select the network to host the load balancers.
   • Subnet ID: Select the subnet to host the load balancers. Currently, load balancers created through the Gateway API can only be placed in the same subnet.
   • Secret Key: Paste the contents of the sa-key.json file.
5. Click Install.

Installation using a Helm chart

1. Install the Kubernetes package manager Helm 3.

2. Install the kubectl and configure it to work with the created cluster.

3. Install the jq utility for JSON filtering:

   sudo apt update && sudo apt install jq
   

4. Create a namespace:

   kubectl create namespace yc-alb-ingress
   

5. To install a Helm chart with the Ingress controller, run the commands:

   export HELM_EXPERIMENTAL_OCI=1 && \
   cat sa-key.json | helm registry login cr.yandex --username 'json_key' --password-stdin && \
   helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/gateway-api/gateway-api-helm/gateway-api \
     --version 0.4.16 \
     --untar && \
   helm install \
     --namespace <namespace> \
     --set folderId=<folder_ID> \
     --set networkId=<network_ID> \
     --set subnetId=<subnet_ID> \
     --set-file saKeySecretKey=sa-key.json \
     yc-alb-gateway-api ./yc-alb-gateway-api-chart/
   

See also

• Gateway API project description.
• Reference of Application Load Balancer tools for Managed Service for Kubernetes.