Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Blog
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
Yandex project
© 2023 Yandex.Cloud LLC
Yandex Managed Service for Kubernetes
  • Comparison with other Yandex Cloud services
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Connecting to a node over SSH
    • Updating Kubernetes
    • Configuring autoscaling
    • Connecting to a cluster
      • Connection method overview
      • Configuring security groups
      • Creating a static configuration file
    • Installing applications from Cloud Marketplace
      • Basics of working with Cloud Marketplace
      • Installing Argo CD
      • Installing Container Storage Interface for S3
      • Installing Crossplane
      • Installing External Secrets Operator
      • Installing Filebeat
      • Installing Fluent Bit
      • Installing Gateway API
      • Installing GitLab Agent
      • Installing GitLab Runner
      • Installing HashiCorp Vault
      • Installing the Application Load Balancer Ingress controller
      • Installing Jaeger
      • Installing Kyverno & Kyverno Policies
      • Installing Metrics Provider
      • Installing NodeLocal DNS
      • Installing Policy Reporter
      • Installing Thumbor
    • Network scenarios
      • Granting access to an app running in a Kubernetes cluster
      • Configuring the Calico network policy controller
      • Configuring the Cilium network policy controller
      • Configuring NodeLocal DNS for the Cilium network policy controller
    • Working with persistent volumes
      • Dynamic volume provisioning
      • Static volume provisioning
      • Managing storage classes
      • Expanding a pod volume
      • Expanding a StatefulSet controller volume
      • Mounting a volume in Block mode
      • Integration with Object Storage
    • Managing a Kubernetes cluster
      • Getting information about a Kubernetes cluster
      • Creating a Kubernetes cluster
      • Editing a Kubernetes cluster
      • Creating a namespace in a Kubernetes cluster
      • Deleting a Kubernetes cluster
    • Managing a node group
      • Information about existing node groups
      • Creating a node group
      • Connecting to a node over SSH
      • Configuring autoscaling
      • Changing a node group
      • Managing Kubernetes cluster node labels
      • Deleting a node group
    • Connecting external nodes to the cluster
  • Practical guidelines
    • All tutorials
    • Creating a new Kubernetes project in Yandex Cloud
    • Integration with Container Registry
    • Running workloads with GPUs
    • Installing an NGINX Ingress controller with Let's Encrypt®
    • Installing an NGINX Ingress controller with a certificate from Certificate Manager
    • Backups to Object Storage
    • Horizontal application scaling in a cluster
    • Vertical application scaling in a cluster
    • Deploying and load testing a gRPC service with scaling
    • Working with snapshots
    • Integrating into a corporate DNS zone
    • Automatic DNS scaling by cluster size
    • Setting up local DNS caching
    • Checking DNS Challenge for Let's Encrypt® certificates
    • Monitoring a cluster using Prometheus and Grafana
    • Continuous deployment of containerized applications using GitLab
    • Using Cloud Marketplace products
      • Integrating with Argo CD
      • Integration with Crossplane
      • Syncing with Yandex Lockbox secrets
      • Configuring Fluent Bit for Cloud Logging
      • Setting up Gateway API
      • Configuring the Application Load Balancer Ingress controller
      • Using Jaeger to trace requests in Managed Service for YDB
      • Using Metrics Provider to stream metrics
  • Concepts
    • Relationships between service resources
    • Release channels and updates
    • Encrypting secrets
    • Using Kubernetes API objects
      • Volumes
      • Service
    • Node groups
      • Cluster autoscaler
      • Evicting pods from nodes
      • Dynamic resource allocation for a node
      • Node groups with GPUs
    • Network in Managed Service for Kubernetes
    • External cluster nodes
    • Network settings and cluster policies
    • Automatic scaling
    • Quotas and limits
    • Recommendations for using Managed Service for Kubernetes
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • ClusterService
      • NodeGroupService
      • VersionService
      • OperationService
    • REST
      • Overview
      • Cluster
        • Overview
        • create
        • delete
        • get
        • list
        • listNodeGroups
        • listNodes
        • listOperations
        • start
        • stop
        • update
      • NodeGroup
        • Overview
        • create
        • delete
        • get
        • list
        • listNodes
        • listOperations
        • update
      • Version
        • Overview
        • list
  • Questions and answers
    • General questions
    • Data storage
    • Configuring and updating
    • Automatic scaling
    • Resources
    • Logs
    • All questions on one page
  1. Practical guidelines
  2. Using Cloud Marketplace products
  3. Integration with Crossplane

Integration with Crossplane

Written by
Yandex Cloud
  • Prepare your cloud
  • Create Managed Service for Kubernetes resources
  • Create resources using Crossplane
  • Delete the resources you created

Crossplane is an open-source Kubernetes add-on that lets you bring solutions from different providers into a single infrastructure and provide application developers access to this infrastructure through high-level APIs. With Crossplane, users can manage third-party services in the same way they manage Kubernetes resources.

To create a Yandex Compute Cloud VM using the Crossplane application installed in a Kubernetes cluster:

  1. Create Managed Service for Kubernetes resources.
  2. Create resources using Crossplane.

If you no longer need these resources, delete them.

Prepare your cloud

  1. If you don't have the Yandex Cloud command line interface yet, install and initialize it.

    The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  2. Install the jq JSON stream processor.

Create Managed Service for Kubernetes resources

  1. Create a Kubernetes cluster and a group of nodes.

    Manually
    Using Terraform
    1. If you don't have a network, create one.

    2. If you don't have any subnets, create them in the availability zones where your Kubernetes cluster and node group will be created.

    3. Create service accounts:

      • With the editor role for the folder where a Kubernetes cluster is created. The resources that the Kubernetes cluster needs will be created on behalf of this account.
      • With the container-registry.images.puller role. Nodes will pull the required Docker images from the registry on behalf of this account.

      Tip

      You can use the same service account to manage your Kubernetes cluster and its node groups.

    4. Create a Kubernetes cluster and a node group in any suitable configuration.

    1. If you don't have Terraform, install it.

    2. Download the file with provider settings. Place it in a separate working directory and specify the parameter values.

    3. Download the cluster configuration file k8s-cluster.tf to the same working directory. The file describes:

      • Network.
      • Subnet.
      • Security group and the rules required for the Managed Service for Kubernetes cluster, node group, and Yandex Container Registry container to run:
        • Rules for service traffic.
        • Rules for accessing the Kubernetes API and managing the cluster with kubectl through ports 443 and 6443.
      • Kubernetes cluster.
      • Service account required to use the Managed Service for Kubernetes cluster and node group.
    4. Specify the following in the configuration file:

      • Folder ID.
      • Kubernetes version for the Kubernetes cluster and node groups.
      • Kubernetes cluster CIDR.
      • Name of the Managed Service for Kubernetes cluster service account.
    5. Run the terraform init command in the directory with the configuration files. This command initializes the provider specified in the configuration files and enables you to use the provider resources and data sources.

    6. Make sure the Terraform configuration files are correct using the command:

      terraform validate
      

      If there are errors in the configuration files, Terraform will point to them.

    7. Create the required infrastructure:

      1. Run the command to view planned changes:

        terraform plan
        

        If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.

      2. If you are happy with the planned changes, apply them:

        1. Run the command:

          terraform apply
          
        2. Confirm the update of resources.

        3. Wait for the operation to complete.

      All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console.

  2. Install the kubectl and configure it to work with the created cluster.

  3. Install Crossplane in the Kubernetes cluster.

  4. Enable egress NAT for the Kubernetes cluster node subnet.

Create resources using Crossplane

  1. Create a Crossplane providerconfig.yml manifest:

    apiVersion: yandex-cloud.jet.crossplane.io/v1alpha1
    kind: ProviderConfig
    metadata:
      name: yc-config
    spec:
      credentials:
        source: Secret
        secretRef:
          name: yc-creds
          namespace: <namespace for Crossplane>
          key: credentials
    
  2. Create a template manifest vm-instance-template.yml with a description of the network, subnet, and crossplane-vm instance created using Crossplane:

    apiVersion: vpc.yandex-cloud.jet.crossplane.io/v1alpha1
    kind: Network
    metadata:
      name: <NET_NAME>
      annotations:
        crossplane.io/external-name: <NET_ID>
    spec:
      deletionPolicy: Orphan
      forProvider:
        name: <NET_NAME>
        folderId: <FOLDER_ID>
    ---
    apiVersion: vpc.yandex-cloud.jet.crossplane.io/v1alpha1
    kind: Subnet
    metadata:
      name: <SUBNET_NAME>
      annotations:
        crossplane.io/external-name: <SUBNET_ID>
    spec:
      deletionPolicy: Orphan
      forProvider:
        name: <SUBNET_NAME>
        networkIdRef:
          name: <NET_NAME>
        v4CidrBlocks:
          - <SUBNET_PREFIX>
        zone: <ZONE_ID>
        folderId: <FOLDER_ID>
    ---
    apiVersion: compute.yandex-cloud.jet.crossplane.io/v1alpha1
    kind: Instance
    metadata:
      name: <VM_NAME>
    spec:
      forProvider:
        name: <VM_NAME>
        platformId: standard-v2
        zone: <ZONE_ID>
        resources:
          - cores: 2
            memory: 4
        bootDisk:
          - initializeParams:
              # LEMP stack
              # yc compute image get --folder-id standard-images --name=lemp-v20220606 --format=json | jq -r .id
              - imageId: <IMAGE_ID>
        networkInterface:
          - subnetIdRef:
              name: <SUBNET_NAME>
        folderId: <FOLDER_ID>
    

    Where:

    • ZONE_ID: Availability zone.
    • VM_NAME: Name of the VM to be created using Crossplane tools.
    • NET_NAME: Name of the Kubernetes cluster cloud network.
    • SUBNET_NAME: Name of the Kubernetes cluster node subnet.
    • SUBNET_ID: ID of the subnet.
    • NET_ID: ID of the network.
    • SUBNET_PREFIX: Subnet CIDR.
    • FOLDER_ID: ID of the folder.
    • IMAGE_ID: ID of the VM's boot image. You can fetch it with a list of images. This example uses the LEMP image.
  3. Apply the providerconfig.yml manifest:

    kubectl apply -f providerconfig.yml
    
  4. Apply the vm-instance.yml manifest:

    kubectl apply -f vm-instance.yml
    
  5. Check the state of the created resources:

    kubectl get network
    kubectl get subnet
    kubectl get instance
    
  6. Make sure the created crossplane-vm instance is now in the folder:

    yc compute instance list
    

Delete the resources you created

If you no longer need these resources, delete them:

  1. Delete the crossplane-vm instance:

    kubectl delete instance crossplane-vm
    
  2. Delete the other resources:

    Manually
    Using Terraform
    1. Delete a Kubernetes cluster.
    2. Delete the created subnets and networks.
    3. Delete the created service accounts.
    1. In the command line, go to the directory with the current Terraform configuration file with an infrastructure plan.

    2. Delete the k8s-cluster.tf configuration file.

    3. Make sure the Terraform configuration files are correct using the command:

      terraform validate
      

      If there are errors in the configuration files, Terraform will point to them.

    4. Confirm the update of resources.

      1. Run the command to view planned changes:

        terraform plan
        

        If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.

      2. If you are happy with the planned changes, apply them:

        1. Run the command:

          terraform apply
          
        2. Confirm the update of resources.

        3. Wait for the operation to complete.

      All the resources described in the k8s-cluster.tf configuration file will be deleted.

Was the article helpful?

Language / Region
Yandex project
© 2023 Yandex.Cloud LLC
In this article:
  • Prepare your cloud
  • Create Managed Service for Kubernetes resources
  • Create resources using Crossplane
  • Delete the resources you created