Skip to main content
Create a Managed Kubernetes cluster on an Intel® SGX-enabled server
Last update:

Create a Managed Kubernetes cluster on an Intel® SGX-enabled server

A Managed Kubernetes cluster can be created on Intel® SGX-enabled cloud server. To see the availability of cloud servers with SGX (fixed configuration line SGX Line) in the regions, you can see the availability matrix Cloud Servers.

You can create a cluster on an Intel® SGX-enabled server via API or Terraform.

  1. Install Terraform.
  2. Create manifest.
  3. Configure providers.
  4. Create cluster.
  5. Verify configuration and deploy infrastructure.

Install Terraform

Install Terraform on a cloud server or local computer before you begin.

Use instructions on the official Terraform website depending on the operating system.

Create a manifest

  1. Create a directory. This directory will store manifests and saved states of Terraform and the infrastructure. Files describing one infrastructure should be in a separate directory.
  2. Create a file in this directory with a .tf extension, such as main.tf.

Set up ISPs

In the manifest, list the Terraform providers needed to build the infrastructure. Typically, two providers are used for work: Selectel and OpenStack.

  1. Add a block to the manifest describing the providers:

    terraform {
    required_version = ">= 0.14.0"
      required_providers {
        openstack = {
          source = "terraform-provider-openstack/openstack"
          version = "~> 1.43.0"
        }
         selectel = {
          source = "selectel/selectel"
          version = "~> 3.9.1"
       }
      }
    }

  2. To check the current provider versions (version) in the official documentation (Selectel and OpenStack), click USE PROVIDER.

  3. Add a token to the manifest to authorize the OpenStack provider:

    provider "openstack" {
      auth_url = "https://cloud.api.selcloud.ru/identity/v3"
      domain_name = "<selectel_account>"
      tenant_id = "<project_id>"
      user_name = "<user_name>"
      password = "<user_password>"
      region = "<pool>"
    }

    Specify:

    • <selectel_account> — Selectel account number (contract number). You can look in control panel in the upper right corner;
    • <project_id> — ID cloud platform project;
    • <user_name> — OpenStack user bound to the cloud platform project;
    • <user_password> — OpenStack user password;
    • <pool> — pool where the infrastructure will be deployed.

  4. Add to the manifest to authorize the Selectel provider:

    provider "selectel" {
      token = "<selectel_token>"
    }

    Specify <selectel_token> — Selectel token (API key).

Create a cluster

Add a description of the cluster to the manifest. More details in the providers' documentation at Terraform and Github.

Example for creating a cluster with two groups of nodes with different flavors:

resource "selectel_mks_cluster_v1" "cluster_1" {
  name = "cluster-1"
  project_id = <selectel_project_id> # EDIT: add selectel project ID
  region = "ru-7"
  kube_version = "1.24.10"
}

resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
  cluster_id = "${selectel_mks_cluster_v1.cluster_1.id}"
  project_id = "${selectel_mks_cluster_v1.cluster_1.project_id}"
  region = "${selectel_mks_cluster_v1.cluster_1.region}"
  availability_zone = "ru-7a"
  nodes_count = 3
  flavor_id = "<flavor_id>" # EDIT: add flavor ID, see the list of available flavors in the section below
  volume_gb = 50
  volume_type = "fast.ru-7a"
  labels = {
    "sgx.intel.com/capable": "true"
  }
}

resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
  cluster_id = "${selectel_mks_cluster_v1.cluster_1.id}"
  project_id = "${selectel_mks_cluster_v1.cluster_1.project_id}"
  region = "${selectel_mks_cluster_v1.cluster_1.region}"
  availability_zone = "ru-7a"
  nodes_count = 3
  flavor_id = "<flavor_id>" # EDIT: add flavor ID, see the list of available flavors in the section below
  volume_gb = 50
  volume_type = "fast.ru-7a"
  labels = {
    "sgx.intel.com/capable": "true"
  }
}

Affordable Flavor

+------------+----------------------------+---------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+------------+----------------------------+---------+------+-----------+-------+-----------+-----------+
| 11011 | SGX1.1-4096-0-2034EPC | 4096 | 0 | 0 | 0 | 1 | True |
| 11012 | SGX1.2-8192-0-4071EPC | 8192 | 0 | 0 | 0 | 2 | True |
| 11013 | SGX1.4-16384-0-8143EPC | 16384 | 0 | 0 | 0 | 4 | True | True |
| 11014 | SGX1.8-32768-0-16286EPC | 32768 | 0 | 0 | 0 | 8 | True |
| 11015 | SGX1.16-65536-0-32572EPC | 65536 | 0 | 0 | 0 | 16 | True |
| 11016 | SGX1.24-98304-0-65144EPC | 98304 | 0 | 0 | 0 | 24 | True |
| 11311 | SGX1.1-4096-32-2034EPC | 4096 | 32 | 0 | 0 | 1 | True | True |
| 11312 | SGX1.2-8192-64-4071EPC | 8192 | 64 | 0 | 2 | True |
| 11313 | SGX1.4-16384-128-8143EPC | 16384 | 128 | 0 | 4 | True |
| 11314 | SGX1.8-32768-256-16286EPC | 32768 | 256 | 0 | 8 | True |
| 11315 | SGX1.16-65536-512-32572EPC | 65536 | 512 | 0 | 16 | True |
| 11316 | SGX1.24-98304-1024-65144EPC| 98304 | 1024 | 0 | 24 | True |
+------------+----------------------------+---------+---------+------+-----------+-------+-----------+.

The margins indicate:

  • ID is the ID of the flavor;
  • Name is the name of the flavor;
  • RAM — size of RAM in MB;
  • Disk — the size of the local disk in GB;
  • VCPUs — the number of vCPUs;
  • Is Public — the scope of the flavor: True — public or False — private.

Create an infrastructure

Run the following commands in the directory where the created manifest is located.

  1. Initialize the Terraform environment:

    terraform init

  2. Check that the plan is written without errors:

    terraform plan

    If there are no errors in the description, a list of resources ready for creation will be displayed. If there are errors, they need to be corrected.

  3. Deploy infrastructure and create resources:

    terraform apply

  4. Confirm the creation — enter yes and press Enter. The created cluster will automatically appear in the control panel.