Our Service
Other service

Create a Public Cluster with Private Node Group

Prerequisites

To be able to initialize a Cluster and Deploy a Workload , you need:

  • There is at least 1 VPC and 1 Subnet in ACTIVE state . If you do not have a VPC or Subnet yet, please create a VPC or Subnet according to the instructions here .

  • There is at least 1 SSH key in ACTIVE state . If you do not have any SSH key, please create an SSH key according to the instructions here .

  • Installed and configured kubectl on your device. Please refer here if you are not sure how to install and use kuberctl. In addition, you should not use a kubectl version that is too old, we recommend that you use a kubectl version that is no more than one version different from the cluster version.

Attention:

  • To ensure that VMs in NodeGroups on the subnet can go outbound to the internet and connect to the Control Plane, you must set up a NAT Gateway. For more details, please refer to the section below.

Create Palo Alto or Pfsense as an alternative to NAT Gateway

Attention:

  • For the best support when using Palo Alto or Pfsense, please contact our team of experts via Hotline 1900 1549 or email support@vngcloud.vn

Or you can choose to use Palo Alto or Pfsense to work with Private Node Group according to instructions at:

Initialize Route Table

After Palo Alto, Pfsense is successfully initialized, you need to create a Route table to connect to different networks. Specifically, follow these steps to create a Route table:

Step 1: Visit https://hcm-3.console.vngcloud.vn/vserver/network/route-table

Step 2: In the navigation menu bar, select Network Tab/ Route table.

Step 3: Select Create Route table.

Step 4: Enter a descriptive name for the Route table. Route table names can include letters (az, AZ, 0-9, '_', '-'). The input data length is between 5 and 50. It must not include leading or trailing spaces.

Step 5: Select VPC for your Route table. If you do not have a VPC, you need to create a new VPC according to the instructions on the VPC Page . The VPC used to set up the Route table must be the VPC selected for Palo Alto or Pfsense and your Cluster.

Step 6 : Select Create to create a new Route table.

Step 7: Select the newly created Route table then select Edit Routes.

Step 8: In the add new Route section , enter the following information:

  • For Destination, enter Destination CIDR as 0.0.0.0/0

  • For Target, enter Target CIDR as the corresponding Palo Alto or Pfsense Network Interface IP address.

Initialize Cluster

A cluster in Kubernetes is a collection of one or more virtual machines (VMs) connected together to run containerized applications. Cluster provides a unified environment to deploy, manage, and operate containers at scale.

To initialize a Cluster, follow the steps below:

Step 1: Visit https://vks.console.vngcloud.vn/overview

Step 2: At the Overview screen , select Activate.

Step 3: Wait until we successfully create your VKS account. After Activate successfully, select Create a Cluster

Step 4: At the Cluster initialization screen, we have set up information for the Cluster and a Default Node Group for you. You can keep these default values ​​or adjust the desired parameters for the Cluster and Node Group at Cluster Configuration, Default Node Group Configuration, Plugin. By default we will create a Public Cluster for you with Public Node Group. You need to change your selection to Private Node Group .

Step 5: Select Create Kubernetes cluster. Please wait a few minutes for us to initialize your Cluster, the Cluster's status is now Creating .

Step 6: When the Cluster status is Active , you can view Cluster information and Node Group information by selecting Cluster Name in the Name column .

Connect and check the newly created Cluster information

After the Cluster is successfully initialized, you can connect and check the newly created Cluster information by following these steps:

Step 1: Visit https://vks.console.vngcloud.vn/k8s-cluster

Step 2: The Cluster list is displayed, select the iconand select Download config file to download the kubeconfig file. This file will give you full access to your Cluster.

Step 3 : Rename this file to config and save it to the ~/.kube/config directory

Step 4: Perform Cluster check via command:

  • Run the following command to test node

kubectl get nodes

  • If the results are returned as below, it means your Cluster was successfully initialized with 3 nodes as below.

NAME                                            STATUS     ROLES    AGE   VERSION
ng-0e10592c-e70e-404d-a4e8-5e3b80f805e4-834b7   Ready      <none>   50m   v1.28.8
ng-0e10592c-e70e-404d-a4e8-5e3b80f805e4-cf652   Ready      <none>   23m   v1.28.8
ng-0f4ed631-1252-49f7-8dfc-386fa0b2d29b-a8ef0   Ready      <none>   28m   v1.28.8

Deploy a Workload

The following is a guide for you to deploy the nginx service on Kubernetes.

Step 1 : Create Deployment for Nginx app.

  • Create nginx-service-lb4.yaml file with the following content:

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-app
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.19.1
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  type: LoadBalancer 
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80

    • Deploy This deployment equals:

    kubectl apply -f nginx-service-lb4.yaml

Step 2: Check Deployment and Service information before exposing it to the Internet.

  • Run the following command to test Deployment

kubectl get svc,deploy,pod -owide

  • If the results are returned as below, it means you have successfully deployed the nginx service.

NAME                    TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)           AGE     SELECTOR
service/kubernetes      ClusterIP      10.96.0.1       <none>        443/TCP           2d4h    <none>
service/nginx-app       NodePort       10.96.215.192   <none>        30080:31289/TCP   8m12s   app=nginx
service/nginx-service   LoadBalancer   10.96.179.221   <pending>     80:32624/TCP      2m16s   app=nginx

NAME                        READY   UP-TO-DATE   AVAILABLE   AGE     CONTAINERS   IMAGES         SELECTOR
deployment.apps/nginx-app   1/1     1            1           2m16s   nginx        nginx:1.19.1   app=nginx

NAME                             READY   STATUS    RESTARTS   AGE     IP              NODE                                            NOMINATED NODE   READINESS GATES
pod/nginx-app-7f45b65946-t7d7k   1/1     Running   0          2m16s   172.16.24.202   ng-3f06013a-f6a5-47ba-a51f-bc5e9c2b10a7-ecea1   <none>           <none

Step 3: To access the just exported nginx app, you can use the URL with the format:

http://Endpoint/

You can get Load Balancer Public Endpoint information at the vLB interface. Specifically, access at https://hcm-3.console.vngcloud.vn/vserver/load-balancer/vlb/

For example, below I have successfully accessed the nginx app with the address: http://180.93.181.20/

PreviousCreate a Public Cluster with Public Node GroupNextPalo Alto as a NAT Gateway

Last updated