Поддерживаются три схемы размещения. Ниже подробнее о каждой их них.
| Three layouts are supported. Below is more information about each of them.
|
Standard
| Standard
|
В данной схеме размещения узлы не будут иметь публичных IP-адресов и будут выходить в интернет через NAT-шлюз (NAT Gateway) Yandex Cloud. NAT-шлюз (NAT Gateway) использует случайные публичные IP-адреса из выделенных диапазонов. Из-за этого невозможно добавить в белый список (whitelist) адреса облачных ресурсов, находящихся за конкретным NAT-шлюзом, на стороне других сервисов.
| In this placement strategy, nodes do not have public IP addresses allocated to them; they use NAT gateway service in Yandex Cloud to connect to the Internet. NAT Gateway uses random public IP addresses from dedicated ranges. Because of this, it is impossible to whitelist the IP addresses of cloud resources located behind a specific NAT gateway on the side of other services.
|
|
|
Пример конфигурации схемы размещения:
| Example of the layout configuration:
|
yaml
apiVersion: deckhouse.io/v1
kind: YandexClusterConfiguration
layout: Standard
sshPublicKey: “"
nodeNetworkCIDR: 192.168.12.13/24
existingNetworkID:
provider:
cloudID:
folderID:
serviceAccountJSON: |
{
"id": "id",
"service_account_id": "service_account_id",
"key_algorithm": "RSA_2048",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n"
}
masterNodeGroup:
replicas: 3
zones:
- ru-central1-a
- ru-central1-b
- ru-central1-d
instanceClass:
cores: 4
memory: 8192
imageID:
externalIPAddresses:
- “"
- “Auto”
- “Auto”
externalSubnetIDs:
-
-
-
additionalLabels:
takes: priority
nodeGroups:
- name: worker
replicas: 2
zones:
- ru-central1-a
- ru-central1-b
instanceClass:
cores: 4
memory: 8192
imageID:
coreFraction: 50
externalIPAddresses:
- “Auto”
- “Auto”
externalSubnetIDs:
-
-
additionalLabels:
role: example
labels:
billing: prod
dhcpOptions:
domainName: test.local
domainNameServers:
-
-
| yaml
apiVersion: deckhouse.io/v1
kind: YandexClusterConfiguration
layout: Standard
sshPublicKey: “"
nodeNetworkCIDR: 192.168.12.13/24
existingNetworkID:
provider:
cloudID:
folderID:
serviceAccountJSON: |
{
"id": "id",
"service_account_id": "service_account_id",
"key_algorithm": "RSA_2048",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n"
}
masterNodeGroup:
replicas: 3
zones:
- ru-central1-a
- ru-central1-b
- ru-central1-d
instanceClass:
cores: 4
memory: 8192
imageID:
externalIPAddresses:
- “"
- “Auto”
- “Auto”
externalSubnetIDs:
-
-
-
additionalLabels:
takes: priority
nodeGroups:
- name: worker
replicas: 2
zones:
- ru-central1-a
- ru-central1-b
instanceClass:
cores: 4
memory: 8192
imageID:
coreFraction: 50
externalIPAddresses:
- “Auto”
- “Auto”
externalSubnetIDs:
-
-
additionalLabels:
role: example
labels:
billing: prod
dhcpOptions:
domainName: test.local
domainNameServers:
-
-
|
WithoutNAT
| WithoutNAT
|
В данной схеме размещения NAT (любого вида) не используется, а каждому узлу выдается публичный IP-адрес.
| In this layout, NAT (of any kind) is not used, and each node is assigned a public IP.
|
Внимание! В модуле cloud-provider-yandex пока нет поддержки групп безопасности (security group), поэтому все узлы кластера будут смотреть наружу.
|
Caution! Currently, the cloud-provider-yandex module does not support Security Groups; thus, is why all cluster nodes connect directly to the Internet.
|
|
|
Пример конфигурации схемы размещения:
| Example of the layout configuration:
|
yaml
apiVersion: deckhouse.io/v1
kind: YandexClusterConfiguration
layout: WithoutNAT
provider:
cloudID:
folderID:
serviceAccountJSON: |
{
"id": "id",
"service_account_id": "service_account_id",
"key_algorithm": "RSA_2048",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n"
}
masterNodeGroup:
replicas: 3
instanceClass:
cores: 4
memory: 8192
imageID:
externalIPAddresses:
- “Auto”
- “Auto”
- “Auto”
externalSubnetIDs:
-
-
-
zones:
- ru-central1-a
- ru-central1-b
- ru-central1-d
nodeGroups:
- name: worker
replicas: 2
instanceClass:
cores: 4
memory: 8192
imageID:
coreFraction: 50
externalIPAddresses:
- “"
- “Auto”
externalSubnetIDs:
-
-
zones:
- ru-central1-a
- ru-central1-b
sshPublicKey: “"
nodeNetworkCIDR: 192.168.12.13/24
existingNetworkID:
dhcpOptions:
domainName: test.local
domainNameServers:
-
-
| yaml
apiVersion: deckhouse.io/v1
kind: YandexClusterConfiguration
layout: WithoutNAT
provider:
cloudID:
folderID:
serviceAccountJSON: |
{
"id": "id",
"service_account_id": "service_account_id",
"key_algorithm": "RSA_2048",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n"
}
masterNodeGroup:
replicas: 3
instanceClass:
cores: 4
memory: 8192
imageID:
externalIPAddresses:
- “Auto”
- “Auto”
- “Auto”
externalSubnetIDs:
-
-
-
zones:
- ru-central1-a
- ru-central1-b
- ru-central1-d
nodeGroups:
- name: worker
replicas: 2
instanceClass:
cores: 4
memory: 8192
imageID:
coreFraction: 50
externalIPAddresses:
- “"
- “Auto”
externalSubnetIDs:
-
-
zones:
- ru-central1-a
- ru-central1-b
sshPublicKey: “"
nodeNetworkCIDR: 192.168.12.13/24
existingNetworkID:
dhcpOptions:
domainName: test.local
domainNameServers:
-
-
|
WithNATInstance
| WithNATInstance
|
В данной схеме размещения создается NAT-инстанс, а в таблицу маршрутизации добавляется правило на 0.0.0.0/0 с NAT-инстанса nexthop’ом.
| In this placement strategy, Deckhouse creates a NAT instance and adds a rule to a route table containing a route to 0.0.0.0/0 with a NAT instance as the next hop.
|
Если задан withNATInstance.externalSubnetID — NAT-инстанс будет создан в зоне этого subnet.
| If the withNATInstance.externalSubnetID parameter is set, the NAT instance will be created in this subnet.
|
Если withNATInstance.externalSubnetID не задан, а withNATInstance.internalSubnetID задан — NAT-инстанс будет создан в зоне этого subnet.
| IF the withNATInstance.externalSubnetID parameter is not set and withNATInstance.internalSubnetID is set, the NAT instance will be created in this last subnet.
|
Если ни withNATInstance.externalSubnetID, ни withNATInstance.internalSubnetID не заданы — NAT-инстанс создастся в зоне ru-central1-a.
| If neither withNATInstance.externalSubnetID nor withNATInstance.internalSubnetID is set, the NAT instance will be created in the ru-central1-a zone.
|
Если IP-адрес NAT-инстанса не имеет значения, можно передать пустой объект withNATInstance: {}, тогда необходимые сети и динамический IP-адрес будут созданы автоматически.
| If the IP address of the NAT-instance does not matter, you can pass an empty object withNATInstance: {}, then the necessary networks and dynamic IP will be created automatically.
|
|
|
Пример конфигурации схемы размещения:
| Example of the layout configuration:
|
yaml
apiVersion: deckhouse.io/v1
kind: YandexClusterConfiguration
layout: WithNATInstance
withNATInstance:
natInstanceExternalAddress:
internalSubnetID:
externalSubnetID:
provider:
cloudID:
folderID:
serviceAccountJSON: |
{
"id": "id",
"service_account_id": "service_account_id",
"key_algorithm": "RSA_2048",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n"
}
masterNodeGroup:
replicas: 1
instanceClass:
cores: 4
memory: 8192
imageID:
externalIPAddresses:
- “Auto”
externalSubnetID:
zones:
- ru-central1-a
nodeGroups:
- name: worker
replicas: 1
instanceClass:
cores: 4
memory: 8192
imageID:
coreFraction: 50
externalIPAddresses:
- “Auto”
externalSubnetID:
zones:
- ru-central1-a
sshPublicKey: “"
nodeNetworkCIDR: 192.168.12.13/24
existingNetworkID:
dhcpOptions:
domainName: test.local
domainNameServers:
-
-
| yaml
apiVersion: deckhouse.io/v1
kind: YandexClusterConfiguration
layout: WithNATInstance
withNATInstance:
natInstanceExternalAddress:
internalSubnetID:
externalSubnetID:
provider:
cloudID:
folderID:
serviceAccountJSON: |
{
"id": "id",
"service_account_id": "service_account_id",
"key_algorithm": "RSA_2048",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIwID....AQAB\n-----END PUBLIC KEY-----\n",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIE....1ZPJeBLt+\n-----END PRIVATE KEY-----\n"
}
masterNodeGroup:
replicas: 1
instanceClass:
cores: 4
memory: 8192
imageID:
externalIPAddresses:
- “Auto”
externalSubnetID:
zones:
- ru-central1-a
nodeGroups:
- name: worker
replicas: 1
instanceClass:
cores: 4
memory: 8192
imageID:
coreFraction: 50
externalIPAddresses:
- “Auto”
externalSubnetID:
zones:
- ru-central1-a
sshPublicKey: “"
nodeNetworkCIDR: 192.168.12.13/24
existingNetworkID:
dhcpOptions:
domainName: test.local
domainNameServers:
-
-
|