Connect a Managed Kubernetes cluster on a dedicated server to other Selectel products

Last update: June 04 2026

A global router is used to set up network connectivity between a cluster on a dedicated server and other Selectel products. When creating a cluster on a dedicated server, a global router is created automatically. This is a service router that connects the dedicated server and the cloud platform resources required for the Managed Kubernetes cluster to function.

The process of setting up network connectivity depends on whether you are using other global routers:

• if you are not yet using a global router, you can connect products using a service global router;
• if your account already has a global router network, you can connect products by merging global routers.

You can view the list of routers in the Control panel: on the top menu, click Products and select Global Router. The service global router is named <cluster_name>-l3vpn, where <cluster_name> is the cluster name.

Connect products using a service global router

1. Connect networks and subnets to a global router for every VLAN and project whose products and services you want to connect. For Cloud powered by VMware, you can only add networks and subnets via technical support.
2. Specify routes on devices.

1. Connect networks and subnets to a global router

Dedicated server

Use for a dedicated or hosted server.

You can connect a new network to the router or an existing network if it is not already connected to any of the account's global routers.

1. In the Control panel, on the top menu, click Products and select Global Router.

2. Open the router page → Networks tab. The service global router is named <cluster_name>-l3vpn, where <cluster_name> is the cluster name.

3. Click Create network.

4. Enter a network name. It will only be used in the control panel.

5. Select the Servers and Hardware service.

6. Select the location of the network.

7. Select or enter a VLAN.

8. If you want to create a network to an internal segment (Q-in-Q), specify its tag — a number from 2 to 4094. If there is already a network for the VLAN, be sure to specify the Q-in-Q segment of this VLAN.

9. Enter a subnet name. It will only be used in the control panel.

10. Enter the CIDR — the private subnet IP address and mask. You can enter a new subnet or an existing private server subnet if it has not already been added to any of the global routers in the account. The subnet must meet the following conditions:

• belong to the RFC 1918 private address range: 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16;
• not overlap with the 10.10.0.0/16, 10.96.0.0/12, 10.222.0.0/16, 10.250.0.0/16, 10.251.0.0/24 and 172.250.0.0/14. These ranges are used for internal addressing in Managed Kubernetes, their use may lead to conflicts in the global router network;
• have a size of at least /29, as three addresses will be occupied by Selectel network equipment;
• do not overlap with other subnets added to this router — there must be no identical IP addresses in the subnets of one router.

11. Enter the gateway IP or leave the default first address from the subnet. Do not assign this address to your devices to avoid network disruption.

12. Enter the service IPs or leave the default last addresses from the subnet. Do not assign these addresses to your devices to avoid network disruption.

13. Click Create network.

14. Optional: check the network topology on the global router. In the Control panel, on the top menu, click Products → Global Router → router page → Network map.

15. If you specified a Q-in-Q tag, ensure you have configured Q-in-Q. When configuring, use the subnet you specified in step 10.

Cloud platform

Use for a cloud server, Managed Kubernetes cluster node, or Managed Database cluster.

You can connect a new network to the router or an existing network if it is not already connected to any of the account's global routers.

Connect a new network

1. In the Control panel, on the top menu, click Products and select Global Router.

2. Open the router page → Networks tab. The service global router is named <cluster_name>-l3vpn, where <cluster_name> is the cluster name.

3. Click Create network.

4. Enter a network name. It will only be used in the control panel.

5. Select the Cloud Platform service.

6. Select the network location.

7. Select a project.

8. Enter a subnet name. It will only be used in the control panel.

9. Enter the CIDR — the subnet IP address and mask. The subnet must meet the following conditions:

   • belong to the RFC 1918 private address range: 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16;
   • do not overlap with ranges 10.10.0.0/16, 10.96.0.0/12, 10.222.0.0/16, 10.250.0.0/16, 10.251.0.0/24 and 172.250.0.0/14. These ranges are used for internal Managed Kubernetes addressing; using them may cause conflicts in the global router network;
   • have a size of at least /29, as three addresses will be occupied by Selectel network equipment;
   • do not overlap with other subnets added to this router — there must be no identical IP addresses in the subnets of one router.

10. Enter the gateway IP or leave the default first address from the subnet. Do not assign this address to your devices to avoid network disruption.

11. Enter the service IPs or leave the default last addresses from the subnet. Do not assign these addresses to your devices to avoid network disruption.

12. Click Create network.

13. Optional: check the network topology on the global router. In the Control panel, on the top menu, click Products → Global Router → service global router page → Network map.

Connect an existing network

1. Ensure the network is not already added to any global router in your account. In the Control panel, on the top menu, click Products → Cloud Servers → Network → Private networks tab → check that the network card does not have the Global Router.

2. Verify that the subnet meets the conditions:

   • belongs to the RFC 1918 private address range: 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16;
   • do not overlap with ranges 10.10.0.0/16, 10.96.0.0/12, 10.222.0.0/16, 10.250.0.0/16, 10.251.0.0/24 and 172.250.0.0/14. These ranges are used for internal Managed Kubernetes addressing; using them may cause conflicts in the global router network;
   • is at least /29, since three addresses will be occupied by Selectel network equipment;
   • does not overlap with other subnets added to this router: the IP addresses of each subnet on the router must not overlap with the IP addresses of other subnets on it.

3. In the Control panel, on the top menu, click Products and select Cloud Servers.

4. Go to Network → Private networks tab.

5. In the menu of the network, select Connect to Global Router.

6. Select a service Global Router. The service Global Router is named <cluster_name>-l3vpn, where <cluster_name> is the cluster name.

7. For each network subnet, enter the IP address to be assigned to the router, or leave the default first available address from the subnet. Do not assign this address to your devices to avoid network disruption. The last two available subnet addresses will be reserved as service addresses.

8. Click Connect. Do not close the window until a message appears stating that the network is connected. After that, in the Control panel:

   • the network will appear in the section Selectel Global Router on the page of the router to which you connected it;
   • in the section Cloud Servers → Network → on the Private networks tab, a Global Router tag will appear for the network.

2. Specify routes on devices

Specify routes from the cluster to all devices in the network and from all devices in the network to the cluster.

Dedicated server, Cloud powered by VMware

Ubuntu

1. Connect to the server.

2. Open the network configuration file:

   vi /etc/netplan/01-netcfg.yaml

3. At the end of the data block for the required network interface, add the route:

   routes:
     - to: <ip_address>/<mask>
       via: <gateway>

   Specify:

   • <ip_address>/<mask> — the subnet to which you need to add a route, specifying the mask, for example 192.168.0.0/28;
   • <gateway> — the gateway for the current server's subnet, which is specified on the global router.

4. If you need to define multiple routes, add them sequentially in the same block, for example:

   routes:
   - to: 192.168.0.0/28
       via: 172.16.0.1
   - to: 192.168.1.0/28
       via: 172.16.0.1

5. Save the file.

6. Check the settings:

   sudo netplan try

7. Apply the changes:

   netplan apply

Debian

1. Connect to the server.

2. Open the network configuration file:

   vi  /etc/network/interfaces

3. At the end of the data block for the corresponding network interface, add the required route:

   up route add -net <ip_address> netmask <mask> gw <gateway>
   down route del -net <ip_address> netmask <mask> gw <gateway>

   Specify:

   • <ip_address> — the subnet to which you need to add a route, for example 192.168.0.0;
   • <mask> — the subnet mask to which you need to add a route, for example 255.255.255.0;
   • <gateway> — the gateway for the current server's subnet, which is specified on the global router.

4. If you need to define multiple routes, add them sequentially in the same block.

5. Save the file.

6. Restart the network:

   sudo /etc/init.d/networking restart

CentOS

1. Connect to the server.

2. Create and fill out the file for configuring static routes:

   echo "<ip_address>/<mask> via <gateway>" >> /etc/sysconfig/network-scripts/route-<eth_name>

   Specify:

   • <ip_address>/<mask> — the subnet to which you need to add a route, specifying the mask, for example 192.168.1.0/28;
   • <gateway> — the gateway for the current server's subnet, which is specified on the global router;
   • <eth_name> — the name of the corresponding local network interface.

   If you need to add multiple routes, specify them in one command. List each route on a new line, for example:

   echo "192.168.0.0/28 via 172.16.0.1
   192.168.1.0/28 via 172.16.0.1" >> /etc/sysconfig/network-scripts/route-eno2

3. Restart the network:

   systemctl restart network

Windows

1. Connect to the server via RDP or via KVM console.

2. Add the required routes one by one:

   route -p ADD <ip_address> MASK <mask> <gateway> METRIC <x>

   Specify:

   • <ip_address> — the subnet to which you need to add a route, for example 192.168.0.0;
   • <mask> — the subnet mask to which you need to add a route, for example 255.255.255.0;
   • <gateway> — the gateway for the current server's subnet, which is specified on the global router;
   • <x> — a parameter determining the priority of the specified gateway, 1 being the highest priority.

Cloud platform

To prescribe static routes for a cloud server, Managed Database cluster, or Managed Kubernetes cluster, you must configure static routes on the private subnet where the server or cluster resides.

In the subnet, you need to configure routes to all other subnets of the global router that will exchange traffic.

Connect products by merging global routers

1. Connect global routers.
2. Prescribe routes on the devices.

1. Merge global routers

1. Ensure that the subnets of the routers being connected do not overlap — the IP addresses of each subnet must not match the IP addresses of other subnets. You can view the list of subnets in the Control panel: in the top menu, click Products → Global Router → router page → Networks tab.
2. Create a ticket. In the ticket, specify the IDs of the global routers that need to be connected. You can copy the router ID in the Control panel: on the top menu, click Products → Global Router → router page → copy the ID under the router name.
3. Wait for a response in the ticket that the global routers have been merged.

2. Specify routes on devices

Specify routes from the cluster to all devices in the network and from all devices in the network to the cluster.

Dedicated server, Cloud powered by VMware

Ubuntu

1. Connect to the server.

2. Open the network configuration file:

   vi /etc/netplan/01-netcfg.yaml

3. At the end of the data block for the required network interface, add the route:

   routes:
     - to: <ip_address>/<mask>
       via: <gateway>

   Specify:

   • <ip_address>/<mask> — the subnet to which you need to add a route, specifying the mask, for example 192.168.0.0/28;
   • <gateway> — the gateway for the current server's subnet, which is specified on the global router.

4. If you need to define multiple routes, add them sequentially in the same block, for example:

   routes:
   - to: 192.168.0.0/28
       via: 172.16.0.1
   - to: 192.168.1.0/28
       via: 172.16.0.1

5. Save the file.

6. Check the settings:

   sudo netplan try

7. Apply the changes:

   netplan apply

Debian

1. Connect to the server.

2. Open the network configuration file:

   vi  /etc/network/interfaces

3. At the end of the data block for the corresponding network interface, add the required route:

   up route add -net <ip_address> netmask <mask> gw <gateway>
   down route del -net <ip_address> netmask <mask> gw <gateway>

   Specify:

   • <ip_address> — the subnet to which you need to add a route, for example 192.168.0.0;
   • <mask> — the subnet mask to which you need to add a route, for example 255.255.255.0;
   • <gateway> — the gateway for the current server's subnet, which is specified on the global router.

4. If you need to define multiple routes, add them sequentially in the same block.

5. Save the file.

6. Restart the network:

   sudo /etc/init.d/networking restart

CentOS

1. Connect to the server.

2. Create and fill out the file for configuring static routes:

   echo "<ip_address>/<mask> via <gateway>" >> /etc/sysconfig/network-scripts/route-<eth_name>

   Specify:

   • <ip_address>/<mask> — the subnet to which you need to add a route, specifying the mask, for example 192.168.1.0/28;
   • <gateway> — the gateway for the current server's subnet, which is specified on the global router;
   • <eth_name> — the name of the corresponding local network interface.

   If you need to add multiple routes, specify them in one command. List each route on a new line, for example:

   echo "192.168.0.0/28 via 172.16.0.1
   192.168.1.0/28 via 172.16.0.1" >> /etc/sysconfig/network-scripts/route-eno2

3. Restart the network:

   systemctl restart network

Windows

1. Connect to the server via RDP or via KVM console.

2. Add the required routes one by one:

   route -p ADD <ip_address> MASK <mask> <gateway> METRIC <x>

   Specify:

   • <ip_address> — the subnet to which you need to add a route, for example 192.168.0.0;
   • <mask> — the subnet mask to which you need to add a route, for example 255.255.255.0;
   • <gateway> — the gateway for the current server's subnet, which is specified on the global router;
   • <x> — a parameter determining the priority of the specified gateway, 1 being the highest priority.

Cloud platform

For a cloud server, Managed Database cluster, or Managed Kubernetes cluster, you must configure static routes on a private subnet.

In each subnet, you need to configure routes to all other subnets of the global router that will exchange traffic.