Create a Managed Kubernetes cluster on an Intel® SGX-enabled cloud server
Creating a Managed Kubernetes cluster with Intel® SGX support is not available in Managed Kubernetes clusters on a dedicated server.
You can create a Managed Kubernetes cluster on an Intel® SGX-enabled cloud server. To view the availability of SGX-enabled cloud servers (fixed configuration lineup SGX Line) in the regions can be in the availability matrix Cloud servers.
You can create a cluster on an Intel® SGX-enabled cloud server by API Managed Kubernetes or Terraform.
- Install Terraform.
- Create a manifesto.
- Set up your providers.
- Create a cluster on a cloud server.
- Verify the configuration and deploy the infrastructure.
Install Terraform
Install Terraform on a cloud server or local computer before you begin.
Use instructions on the official Terraform website depending on the operating system.
Create a manifesto
- Create a directory. This directory will store Terraform and infrastructure manifests and saved states. Manifest files alone infrastructures must be in a separate directory.
- Create a file in this directory with the extension
.tffor example,main.tf.
Set up ISPs
In the manifest, list the Terraform providers needed to build the infrastructure. Typically, two providers are used for the job: Selectel и OpenStack.
-
Add a block to the manifest describing the providers:
terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source = "terraform-provider-openstack/openstack"
version = "~> 1.43.0"
}
selectel = {
source = "selectel/selectel"
version = "~> 3.9.1"
}
}
} -
To check for up-to-date versions of providers (
version) in the official documentation (Selectel и OpenStack), press USE PROVIDER. -
Add a token to the manifest to authorize the OpenStack provider:
provider "openstack" {
auth_url = "https://cloud.api.selcloud.ru/identity/v3"
domain_name = "<selectel_account>"
tenant_id = "<project_id>"
user_name = "<user_name>"
password = "<user_password>"
region = "<pool>"
}Specify:
<selectel_account>— Selectel account number (contract number). You can look in control panels in the upper right-hand corner;<project_id>— ID projects;<user_name>— OpenStack user tied to the project;<user_password>— OpenStack user password;<pool>— pool where the infrastructure will be deployed.
-
Add to the manifest to authorize the Selectel provider:
provider "selectel" {
token = "<selectel_token>"
}Specify
<selectel_token>— Selectel token (API key).
Create a cluster on a cloud server
Add a cluster description to the manifest. For more information, see the providers' documentation on the following sites Terraform и Github.
Example for creating a cluster with two groups of nodes with different flavors:
resource "selectel_mks_cluster_v1" "cluster_1" {
name = "cluster-1"
project_id = <selectel_project_id> # EDIT: add selectel project ID
region = "ru-7"
kube_version = "1.24.10"
}
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = "${selectel_mks_cluster_v1.cluster_1.id}"
project_id = "${selectel_mks_cluster_v1.cluster_1.project_id}"
region = "${selectel_mks_cluster_v1.cluster_1.region}"
availability_zone = "ru-7a"
nodes_count = 3
flavor_id = "<flavor_id>" # EDIT: add flavor ID, see the list of available flavors in the section below
volume_gb = 50
volume_type = "fast.ru-7a"
labels = {
"sgx.intel.com/capable": "true"
}
}
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = "${selectel_mks_cluster_v1.cluster_1.id}"
project_id = "${selectel_mks_cluster_v1.cluster_1.project_id}"
region = "${selectel_mks_cluster_v1.cluster_1.region}"
availability_zone = "ru-7a"
nodes_count = 3
flavor_id = "<flavor_id>" # EDIT: add flavor ID, see the list of available flavors in the section below
volume_gb = 50
volume_type = "fast.ru-7a"
labels = {
"sgx.intel.com/capable": "true"
}
}
Available flavorings
+------------+----------------------------+---------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+------------+----------------------------+---------+------+-----------+-------+-----------+
| 11011 | SGX1.1-4096-0-2034EPC | 4096 | 0 | 0 | 1 | True |
| 11012 | SGX1.2-8192-0-4071EPC | 8192 | 0 | 0 | 2 | True |
| 11013 | SGX1.4-16384-0-8143EPC | 16384 | 0 | 0 | 4 | True |
| 11014 | SGX1.8-32768-0-16286EPC | 32768 | 0 | 0 | 8 | True |
| 11015 | SGX1.16-65536-0-32572EPC | 65536 | 0 | 0 | 16 | True |
| 11016 | SGX1.24-98304-0-65144EPC | 98304 | 0 | 0 | 24 | True |
| 11311 | SGX1.1-4096-32-2034EPC | 4096 | 32 | 0 | 1 | True |
| 11312 | SGX1.2-8192-64-4071EPC | 8192 | 64 | 0 | 2 | True |
| 11313 | SGX1.4-16384-128-8143EPC | 16384 | 128 | 0 | 4 | True |
| 11314 | SGX1.8-32768-256-16286EPC | 32768 | 256 | 0 | 8 | True |
| 11315 | SGX1.16-65536-512-32572EPC | 65536 | 512 | 0 | 16 | True |
| 11316 | SGX1.24-98304-1024-65144EPC| 98304 | 1024 | 0 | 24 | True |
+------------+----------------------------+---------+------+-----------+-------+-----------+
The margins indicate:
ID— Flavor ID;Name— the name of the flavor;RAM— RAM size in MB;Disk— local disk size in GB;VCPUs— number of vCPUs;Is Public— flavor scope:True— publicFalse— private.
Create infrastructure
Run the following commands in the directory where the created manifest is located.
-
Initialize the Terraform environment:
terraform init -
Check that the plan is written without mistakes:
terraform planIf there are no errors in the description, the list of resources ready for creation will be displayed. If there are errors, they must be corrected.
-
Deploy infrastructure and create resources:
terraform apply -
Confirm creation — enter yes and press Enter. The created cluster will be automatically displayed in the control panel.