Compare languages | Cloud provider — Yandex Cloud: Layouts

Three layouts are supported. Below is more information about each of them.

Поддерживаются три схемы размещения. Ниже подробнее о каждой их них.

Standard

Standard

In this placement strategy, nodes do not have public IP addresses allocated to them; they use NAT gateway service in Yandex Cloud to connect to the Internet. NAT Gateway uses random public IP addresses from dedicated ranges. Because of this, it is impossible to whitelist the IP addresses of cloud resources located behind a specific NAT gateway on the side of other services.

В данной схеме размещения узлы не будут иметь публичных IP-адресов и будут выходить в интернет через NAT-шлюз (NAT Gateway) Yandex Cloud. NAT-шлюз (NAT Gateway) использует случайные публичные IP-адреса из выделенных диапазонов. Из-за этого невозможно добавить в белый список (whitelist) адреса облачных ресурсов, находящихся за конкретным NAT-шлюзом, на стороне других сервисов.

Yandex Cloud Standard Layout scheme

Схема размещения Standard в Yandex Cloud

Example of the layout configuration:

Пример конфигурации схемы размещения:

yaml apiVersion: deckhouse.io/v1 kind: YandexClusterConfiguration layout: Standard sshPublicKey: “" nodeNetworkCIDR: 192.168.12.13/24 existingNetworkID: provider: cloudID: folderID: serviceAccountJSON: | { "id": "id", "service_account_id": "service_account_id", "key_algorithm": "RSA_2048", "public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n" } masterNodeGroup: replicas: 3 zones:

  • ru-central1-a
  • ru-central1-b
  • ru-central1-d instanceClass: cores: 4 memory: 8192 imageID: externalIPAddresses:
  • "
  • “Auto”
  • “Auto” externalSubnetIDs:
  • additionalLabels: takes: priority nodeGroups:
  • name: worker replicas: 2 zones:
  • ru-central1-a
  • ru-central1-b instanceClass: cores: 4 memory: 8192 imageID: coreFraction: 50 externalIPAddresses:
  • “Auto”
  • “Auto” externalSubnetIDs:
  • additionalLabels: role: example labels: billing: prod dhcpOptions: domainName: test.local domainNameServers:

yaml apiVersion: deckhouse.io/v1 kind: YandexClusterConfiguration layout: Standard sshPublicKey: “" nodeNetworkCIDR: 192.168.12.13/24 existingNetworkID: provider: cloudID: folderID: serviceAccountJSON: | { "id": "id", "service_account_id": "service_account_id", "key_algorithm": "RSA_2048", "public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n" } masterNodeGroup: replicas: 3 zones:

  • ru-central1-a
  • ru-central1-b
  • ru-central1-d instanceClass: cores: 4 memory: 8192 imageID: externalIPAddresses:
  • "
  • “Auto”
  • “Auto” externalSubnetIDs:
  • additionalLabels: takes: priority nodeGroups:
  • name: worker replicas: 2 zones:
  • ru-central1-a
  • ru-central1-b instanceClass: cores: 4 memory: 8192 imageID: coreFraction: 50 externalIPAddresses:
  • “Auto”
  • “Auto” externalSubnetIDs:
  • additionalLabels: role: example labels: billing: prod dhcpOptions: domainName: test.local domainNameServers:

WithoutNAT

WithoutNAT

In this layout, NAT (of any kind) is not used, and each node is assigned a public IP.

В данной схеме размещения NAT (любого вида) не используется, а каждому узлу выдается публичный IP-адрес.

Caution! The cloud-provider-yandex module does not support Security Groups, so all cluster nodes will be available without connection restrictions.

Внимание! В модуле cloud-provider-yandex нет поддержки групп безопасности (security group), поэтому все узлы кластера будут доступны без ограничения подключения.

Yandex Cloud WithoutNAT Layout scheme

Схема размещения WithoutNAT в Yandex Cloud

Example of the layout configuration:

Пример конфигурации схемы размещения:

yaml apiVersion: deckhouse.io/v1 kind: YandexClusterConfiguration layout: WithoutNAT provider: cloudID: folderID: serviceAccountJSON: | { "id": "id", "service_account_id": "service_account_id", "key_algorithm": "RSA_2048", "public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n" } masterNodeGroup: replicas: 3 instanceClass: cores: 4 memory: 8192 imageID: externalIPAddresses:

  • “Auto”
  • “Auto”
  • “Auto” externalSubnetIDs:
  • zones:
  • ru-central1-a
  • ru-central1-b
  • ru-central1-d nodeGroups:
  • name: worker replicas: 2 instanceClass: cores: 4 memory: 8192 imageID: coreFraction: 50 externalIPAddresses:
  • "
  • “Auto” externalSubnetIDs:
  • zones:
  • ru-central1-a
  • ru-central1-b sshPublicKey: “" nodeNetworkCIDR: 192.168.12.13/24 existingNetworkID: dhcpOptions: domainName: test.local domainNameServers:

yaml apiVersion: deckhouse.io/v1 kind: YandexClusterConfiguration layout: WithoutNAT provider: cloudID: folderID: serviceAccountJSON: | { "id": "id", "service_account_id": "service_account_id", "key_algorithm": "RSA_2048", "public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n" } masterNodeGroup: replicas: 3 instanceClass: cores: 4 memory: 8192 imageID: externalIPAddresses:

  • “Auto”
  • “Auto”
  • “Auto” externalSubnetIDs:
  • zones:
  • ru-central1-a
  • ru-central1-b
  • ru-central1-d nodeGroups:
  • name: worker replicas: 2 instanceClass: cores: 4 memory: 8192 imageID: coreFraction: 50 externalIPAddresses:
  • "
  • “Auto” externalSubnetIDs:
  • zones:
  • ru-central1-a
  • ru-central1-b sshPublicKey: “" nodeNetworkCIDR: 192.168.12.13/24 existingNetworkID: dhcpOptions: domainName: test.local domainNameServers:

WithNATInstance

WithNATInstance

In this placement strategy, Deckhouse creates a NAT instance inside new separate subnet and adds a rule to a route table containing a route to 0.0.0.0/0 with a NAT instance as the next hop. The subnet is allocated to prevent routing loops and must not overlap with other networks used in the cluster.

В данной схеме размещения в отдельной подсети создается NAT-инстанс, а в таблицу маршрутизации подсетей зон добавляется правило с маршрутом на 0.0.0.0/0 с NAT-инстансом в качестве nexthop’а. Подсеть выделяется для предотвращения петли маршрутизации и не должна пересекаться с другими сетями, используемыми в кластере.

To place the NAT instance in an existing subnet, use the withNATInstance.internalSubnetID parameter — the instance will be created in the zone corresponding to that subnet.

Для размещения NAT-инстанса в существующей подсети используйте параметр withNATInstance.internalSubnetID — инстанс будет создан в зоне, соответствующей этой подсети.

If you need to create a new subnet, specify the withNATInstance.internalSubnetCIDR parameter — the NAT instance will be deployed in it.

Если необходимо создать новую подсеть, укажите параметр withNATInstance.internalSubnetCIDR — в ней будет размещён NAT-инстанс.

One of the parameters — withNATInstance.internalSubnetID or withNATInstance.internalSubnetCIDR — is required.

Обязателен один из параметров: withNATInstance.internalSubnetID или withNATInstance.internalSubnetCIDR.

If the withNATInstance.externalSubnetID is provided in addition to previous ones, the NAT instance will be attached to it via secondary interface.

Если withNATInstance.externalSubnetID указан в дополнение к предыдущим, NAT-инстанс будет подключен к нему через вторичный интерфейс.

Yandex Cloud WithNATInstance Layout scheme

Схема размещения WithNATInstance в Yandex Cloud

Example of the layout configuration:

Пример конфигурации схемы размещения:

yaml apiVersion: deckhouse.io/v1 kind: YandexClusterConfiguration layout: WithNATInstance withNATInstance: natInstanceExternalAddress: internalSubnetID: externalSubnetID: provider: cloudID: folderID: serviceAccountJSON: | { "id": "id", "service_account_id": "service_account_id", "key_algorithm": "RSA_2048", "public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n" } masterNodeGroup: replicas: 1 instanceClass: cores: 4 memory: 8192 imageID: externalIPAddresses:

  • “Auto” externalSubnetID: zones:
  • ru-central1-a nodeGroups:
  • name: worker replicas: 1 instanceClass: cores: 4 memory: 8192 imageID: coreFraction: 50 externalIPAddresses:
  • “Auto” externalSubnetID: zones:
  • ru-central1-a sshPublicKey: “" nodeNetworkCIDR: 192.168.12.13/24 existingNetworkID: dhcpOptions: domainName: test.local domainNameServers:

yaml apiVersion: deckhouse.io/v1 kind: YandexClusterConfiguration layout: WithNATInstance withNATInstance: natInstanceExternalAddress: internalSubnetID: externalSubnetID: provider: cloudID: folderID: serviceAccountJSON: | { "id": "id", "service_account_id": "service_account_id", "key_algorithm": "RSA_2048", "public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n" } masterNodeGroup: replicas: 1 instanceClass: cores: 4 memory: 8192 imageID: externalIPAddresses:

  • “Auto” externalSubnetID: zones:
  • ru-central1-a nodeGroups:
  • name: worker replicas: 1 instanceClass: cores: 4 memory: 8192 imageID: coreFraction: 50 externalIPAddresses:
  • “Auto” externalSubnetID: zones:
  • ru-central1-a sshPublicKey: “" nodeNetworkCIDR: 192.168.12.13/24 existingNetworkID: dhcpOptions: domainName: test.local domainNameServers: