Selectel Documentation/Selectel Cloud Platform/Managed Kubernetes/Clusters/

Managing Clusters

Please note that we don’t recommend performing actions with nodes, load balancers, and cluster volumes in the Control panel or via SSH in order to avoid incorrect operation of the cluster — when node auto-repairing is enabled, all settings will be reset to their initial state. We recommend performing all actions with nodes, load balancers, and cluster volumes only through kubectl.

Configuring the Environment

To start working with the cluster, configure the environment:

Depending on your OS, install the Kubernetes kubectl console client according to the official instructions.
Go to the Kubernetes section in the Cloud platform Control panel.
Select the required cluster and click Download kubeconfig on the Settings tab.
Export the <path> to the previously downloaded YAML file cluster_name.yaml into the KUBECONFIG environment variable.

For Linux:
```
export KUBECONFIG=<path>
```
For Windows:
```
SET KUBECONFIG=<path>
```
Check if the configuration is correct by accessing the cluster using kubectl:

~> kubectl get nodes
NAME                STATUS   ROLES    AGE   VERSION
cluster-node-5xx55   Ready    <none>   1m   v1.15.7
cluster-node-9gtgn   Ready    <none>   1m   v1.15.7
cluster-node-n9mkn   Ready    <none>   1m   v1.15.7

You can now manage your cluster using all available kubectl options. Learn more in the official documentation for Linux and Windows.

Cluster Statuses

Cluster status	Description
ACTIVE	The cluster is available
PENDING_CREATE	The cluster is being created
PENDING_ROTATE_CERTS	Certificates and keys for Kubernetes Control Plane are being updated
PENDING_DELETE	The cluster is being deleted
PENDING_RESIZE	The number of nodes or node groups is being changed
PENDING_NODE_REINSTALL	One of the nodes is being reinstalled
PENDING_UPGRADE_PATCH_VERSION	The cluster is being upgraded to a new patch version
PENDING_UPGRADE_MINOR_VERSION	The cluster is being upgraded to a new minor version
PENDING_UPGRADE_MASTERS_CONFIGURATION	Master node configuration is being upgraded
PENDING_UPGRADE_CLUSTER_CONFIGURATION	Cluster configuration is being upgraded
PENDING_UPDATE_NODEGROUP	Node group configuration is being updated (for example, adding labels)
ERROR	The cluster is not running, please create a ticket
MAINTENANCE	The cluster is in the maintenance window

Please note that all actions to change the cluster configuration through the API will be available only when the cluster’s status is ACTIVE.

Creating a Node Group

You can create a node group when creating a Kubernetes cluster.

In the Control panel, you can create a cluster with only four node groups. Please note that to add more than four node groups, you need to use the API.

Creating a Node Group in the Control Panel

To add a node group for the created cluster, from the Control panel:

Go to the Kubernetes section.
Select the cluster and go to the Contents tab.
Click Add node group.
Configure the nodes in a group: select the pool, configuration (vCPU, RAM, boot volume), number of nodes, labels, SSH key.
Click Add node group.

When creating a node group, the cluster’s status will change to PENDING_RESIZE.

Nodes created in groups will be displayed in the Servers section of the Cloud platform.

Creating a Node Group through Terraform

You can create a node group in a cluster through Terraform — an example on GitHub.

Changing the Configuration of Nodes in a Group

To change the configuration of nodes, from the Control panel:

Add the cluster to a new node group with the required configurations.
Transfer the data to the new nodes.
Delete the old node group.

Please note that you can change the configuration in the same way via kubectl.

Changing the Number of Nodes in a Group

To increase or decrease the number of nodes in a group, from the Control panel:

Go to the Kubernetes section.
Select the cluster and go to the Contents tab.
Select the node group and click Resize node group in the (⋮) group menu.
Enter the required number of nodes and click Resize.

When creating or deleting the nodes, the cluster’s status will change to PENDING_RESIZE.

The created nodes will be displayed in the Servers section of the Cloud platform. The deleted nodes will no longer be displayed in the list.

Managing Node Group Labels

Labels help to distinguish nodes of one group from others when using kubectl.

To add labels, from the Control panel:

Go to the Kubernetes section.
Select the cluster and go to the Contents tab.
Select the node group and click Edit labels in the (⋮) group menu.
Enter the Key and Label value.
Click + to add another key-value pair.

When adding the labels, the cluster’s status will change to PENDING_UPDATE_NODEGROUP.

Deleting a Node Group

To delete a node group, from the Control panel:

Go to the Kubernetes section.
Select the cluster and go to the Contents tab.
Select the node group and click Delete node group in the (⋮) group menu.
Enter the UUID and click Delete.

When deleting node groups, the cluster’s status will change to PENDING_RESIZE.

The deleted nodes will no longer be displayed on the Servers tab of the Cloud platform.

Node Reinstallation

Reinstalling all nodes in a group can be performed automatically using node auto-repairing. You can reinstall one or more nodes manually.

To reinstall a node, from the Control panel:

Go to the Kubernetes section.
Select the cluster and go to the Contents tab.
Select the node and click Reinstall node (Refresh icon) in the node line.
Confirm the reinstallation.

During node reinstallation, the cluster’s status will change to PENDING_NODE_REINSTALL.

Certificates

Certificates used for Kubernetes system components are renewed automatically every 30 days. The certificate in the cluster access file is also renewed.

To renew certificates before their expiration date, from the Control panel:

Go to the Kubernetes section.
Select the cluster and go to the Settings tab.
In the Access — Certificates block, click Rotate certificates.

During the renewal of certificates, the cluster’s status will change to PENDING_ROTATE_CERTS. After renewal, you need to download the updated kubeconfig file and re-configure the environment.

Please note that you can use Service Account Token — in this case, you don’t need to renew the certificates for authorization in the Kubernetes API.

Node Auto-Repairing

With the node auto-repairing option enabled, operating nodes will be automatically reinstalled if they do not respond to availability checks for about 15 minutes. During the repairing process, the pods will stop running on the idle node and will be redistributed to other nodes.

You can enable node auto-repairing when creating a cluster in the Control panel.

To enable/disable node auto-repairing for a running cluster, from the Control panel:

Go to the Kubernetes section.
Select the cluster and go to the Settings tab.
In the Automation block, enable or disable Auto-repairing of nodes.

Auto-repairing works for all cluster nodes at once. You can also reinstall only one node.

Please note that if you have changed the configuration of some nodes manually, then these changes will be reset to the settings of the entire node group. The settings that are not described in the cluster manifests will also be reset.

Patch Versions Auto-Upgrade

Kubernetes patch versions include fixes for bugs and security vulnerabilities of the minor Kubernetes version. They are compatible with each other within the same minor version. If auto-upgrade is enabled, the cluster will be upgraded to the latest available patch version during the next cluster maintenance window.

Please note that auto-upgrade is not available for the zonal clusters.

You can enable version auto-upgrade when creating a cluster in the Control panel.

To enable/disable auto-upgrade for a running cluster, from the Control panel:

Go to the Kubernetes section.
Select the cluster and go to the Settings tab.
In the Automation block, enable or disable Auto-upgrade of patch version.

Manual Version Upgrade

If Kubernetes patch versions auto-upgrade is disabled for the cluster, you can upgrade the version manually in the Control panel:

Go to the Kubernetes section.
Select the cluster and go to the Settings tab.
In the Cluster settings — Current version block, click Upgrade.
Select an available version and click Launch upgrade.

During the upgrade, the cluster’s status will change to PENDING_UPGRADE_MINOR_VERSION. The master nodes will be upgraded first, and then the worker nodes. The process can take several minutes.

Once launched, it will be impossible to stop the upgrade.

Maintenance Window

Automatic actions taken to maintain your clusters and auto-upgrade system certificates may be performed during the maintenance window.

Every day at the specified hour, the cluster switches to the MAINTENANCE mode. Any cluster scaling is unavailable during the maintenance window. This period may last up to two hours.

When creating a cluster in the Control panel, the default time will be set to 4 a.m. in your time zone.

To change the maintenance window for a running cluster, from the Control panel:

Go to the Kubernetes section.
Select the cluster and go to the Settings tab.
In the Automation block, select a new Maintenance window from the list.

Security

The Pod Security Policy option enables fine-grained authorization of pod creation and updates.

Please note that we recommend that you first add the policy manifests to the cluster and then enable the security option.

To manage security settings, from the Control panel:

Go to the Kubernetes section.
Select the cluster and go to the Settings tab.
Enable or disable the Pod Security Policy option in the Security block.