Skip to content

Installing Predicate in Yandex Cloud

Creating and Configuring Managed Service for Kubernetes

For further work with the cluster, install Yandex CLI, Helm, kubectl

Using the instructions, create a Managed Service for Kubernetes cluster.

Important

When creating a service account for the cluster (step 8), you must additionally add the role load-balancer.admin.

Service account page: Service account Created cluster page: Managed Service for Kubernetes

After creating the cluster, using the same instructions, create one node with the recommended resources.

Created node page: Node for Kubernetes

Next, run the command to obtain the cluster credentials, replacing CLUSTER_NAME with the name of the created cluster: 

yc managed-kubernetes cluster get-credentials $CLUSTER_NAME --external

To find out the name of the cluster context, run the command. After that, remember the name of the previously created context, which will be used in the variable CONTEXT_NAME: 

kubectl config get-contexts

Installing NFS Server

Important

If you already have an NFS server, skip this step.

The installation will be based on the Ganesha provisioner. To install, follow these steps:

  1. Add the repository 
    helm repo add nfs-ganesha-server-and-external-provisioner https://kubernetes-sigs.github.io/nfs-ganesha-server-and-external-provisioner
  2. Install the NFS server, specifying the CONTEXT_NAME parameter - the name of the cluster context 
    helm upgrade --install nfs-ganesha \
nfs-ganesha-server-and-external-provisioner/nfs-server-provisioner \
--set persistence.enabled=true \
--set persistence.storageClass="yc-network-hdd" \
--set persistence.size=70Gi \
--set service.nameOverride='nfs-ganesha-svc' \
--set rbac.serviceAccount.name='nfs-ganesha-sa' \
--set fullnameOverride='nfs-ganesha' \
--namespace default \
--kube-context $CONTEXT_NAME
  3. After installation, check that a StorageClass named nfs has been created. To do this, run the command: 
    kubectl config use-context $CONTEXT_NAME 
kubectl get sc

Installing Ingress Controller

Important

If you already have an Ingress Controller, skip this step.

Currently, the default delivery in YC does not include support for Cert Manager, as it requires access to a DNS server, and the delivery uses the nip.io service to provide access to services.

If you have your own domain name, you can use additional steps from the following instructions to install Cert Manager. To install only the Ingress Controller, perform the following step:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx && \
helm repo update && \
helm install ingress-nginx ingress-nginx/ingress-nginx \
--set controller.allowSnippetAnnotations=true \
--namespace default \
--kube-context $CONTEXT_NAME
The created controller will be installed behind the Yandex Network Load Balancer, which will be created automatically.

After installing the Ingress Controller, you need to find out the IP address of the load balancer, which will be used to access the services. To do this, run the command and remember the value in the EXTERNAL-IP field: 

kubectl config use-context $CONTEXT_NAME 
kubectl get svc ingress-nginx-controller

Creating S3 Storage and Configuring Access

To create a bucket in Yandex Object Storage, use the instructions. The recommended bucket size is 100Gb.

Created bucket page: Bucket

For further access to the bucket, create a service account with the role storage.editor or storage.admin (GET/UPDATE/DELETE objects). To do this, follow these steps:

  1. In the management console, select the folder.

  2. Go to the Service Accounts section and click Create Service Account.

  3. Enter a name, add the storage.editor role, and click Create.

  4. After creating the service account, click on it and click Create New Key -> Create Static Access Key.

  5. Enter the necessary description (e.g., s3-cred) and click Create.

  6. Save the obtained data (key ID and secret key) for future use.

Created access key page for the S3 service account: Service account

Installing Keycloak and Configuring Access

Installing Predicate

Important

Before installation, ensure that all previous steps have been completed successfully.

Example of filling in the fields in the application installation form. Detailed descriptions of the fields can be found by hovering over the question mark next to the field name: Predicate