Documentation Index

Fetch the complete documentation index at: https://guide.ncloud-docs.com/llms.txt

Use this file to discover all available pages before exploring further.

Access and manage clusters

Prev Next

Available in VPC

Once cluster creation is complete, you can view the list of clusters and access clusters in the Ncloud Kubernetes Service dashboard. From the list of clusters, you can view cluster details, reconfigure files, and delete clusters.

In the VPC environment of the NAVER Cloud Platform console, click Menu > Services > Containers > Ncloud Kubernetes Service to view the list of created clusters.

Access a cluster

You can access a created cluster using the kubectl command.

To access a cluster using kubectl:

  1. In the VPC environment of the NAVER Cloud Platform console, navigate to Menu > Services > Containers > Ncloud Kubernetes Service.
  2. From the list of clusters, click the row of the cluster to access, then set up the configuration file according to the authentication method.
  • Admin authentication: Click [Download] to download the cluster configuration file.
  • IAM authentication: Click [IAM authentication guide] to install ncp-iam-authenticator and create a kubeconfig file.
    Note

    Admin authentication is supported only for clusters created before February 13, 2022.

  1. Specify the path of the downloaded configuration file using the --kubeconfig option as shown below, then run the command:
    $ kubectl --kubeconfig "configuration file" get nodes
    Note

    You can also manually add the configuration file to $HOME/.kube/config.

  2. Refer to the following code to set environment variables for your operating system:

  • Set environment variable $KUBE_CONFIG on macOS or Linux.

    $ export KUBE_CONFIG="${HOME}/Downloads/kubeconfig-1865.yaml"
$ echo $KUBE_CONFIG
/Users/user/Downloads/kubeconfig-1865.yaml

$ kubectl --kubeconfig $KUBE_CONFIG get nodes

  • Set environment variable $KUBE_CONFIG on Windows PowerShell.

    > $KUBE_CONFIG=$HOME+"\Downloads\kubeconfig-1865.yaml"
> $KUBE_CONFIG
C:\Users\NAVER\Downloads\kubeconfig-1865.yaml
> kubectl --kubeconfig $KUBE_CONFIG get nodes

  • Set environment variable $KUBE_CONFIG on Windows command prompt.

    > SET KUBE_CONFIG=%USERPROFILE%\Downloads\kubeconfig-1865.yaml
> kubectl --kubeconfig %KUBE_CONFIG% get nodes

If configured correctly, the result is displayed as shown in the following example:

NAME                  STATUS   ROLES   AGE
nks-pool-0000-w-001   Ready    node    5h22m
nks-pool-0000-w-002   Ready    node    5h22m
nks-pool-0000-w-003   Ready    node    5h22m

View cluster details

To view details, click the row of a cluster in the list of clusters.

  • You can view the cluster availability type (Single Zone/Multi Zone).
  • Click [View guide] to see how to access the cluster. For more information, see Access cluster.
  • Click [Edit] next to Audit log to enable or disable it.
    When Audit log is enabled, logs can be collected in Cloud Log Analytics. To enable it, you must first subscribe to Cloud Log Analytics (see CLA user guide).

Reset the kubeconfig file

You can reset the kubeconfig file. After resetting, the existing file can no longer be used, and you must download and use the new configuration file.

To reset the kubeconfig file:

  1. From the list of clusters, click the row of the target cluster.
  2. In the cluster details tab, click [Reset].
  3. Enter the name of the cluster for which you want to reset the authentication file, then click [Reset].
Note

The kubeconfig file can only be reset for clusters that support Admin authentication.

Delete a cluster

To delete a cluster:

  1. From the list of clusters, click the row of the cluster you want to delete.
  2. Click [Delete] in the upper left of the list of clusters.
  3. In the confirmation popup, enter the cluster name, then click [Delete].

Use Cluster Autoscaler

To automatically scale the number of worker nodes using Cluster Autoscaler, see Using Cluster Autoscaler.

Upgrade a cluster

You can upgrade a cluster to replace the internal management master component with a new version. Node pools added after the upgrade use the upgraded version. During the upgrade, viewing, editing, or deleting resources may be temporarily unavailable.

Check before an upgrade

To identify elements that may affect the service before upgrading the cluster, review the following:

  • Changes in the new version: To check whether changes in the new version may affect your service, see Kubernetes changelog.
  • Version skew policy: To check version compatibility between the cluster and its components, see Version Skew Policy.
  • Admission Webhook: If webhooks exist in the cluster, upgrades may cause a deadlock. To take necessary measures before upgrading, see Dynamic Admission Control.
  • Secure available servers: For a stable upgrade, ensure at least 3 available servers.
  • Resource backup and recovery: Resources such as kube-system components (including nodelocaldns and coredns ConfigMaps) and StorageClasses are replaced with new versions during the upgrade instead of being preserved. If you have modified these resources, back them up and reapply them after the upgrade is complete.

Use the following to configure upgrade-related settings:

  • PodDisruptionBudget: To maintain running pods at a desired ratio or number during cluster upgrades, see Specifying a Disruption Budget.
  • Readiness Probe: To ensure that only pods in a ready state are accessible through Ncloud Kubernetes Service resources when pods are rescheduled during node pool replacement, see Define readiness probes.

How to upgrade

To upgrade a cluster:

  1. From the list of clusters, click the row of the cluster you want to upgrade.
  2. In the cluster details tab, click [Upgrade].
  3. In the settings popup, select the version to upgrade to, then enter the cluster name.
  4. Click ** [Upgrade]**.

Configure IP ACLs for the Control Plane

You can restrict access to the Kubernetes Control Plane based on public IP addresses.

In the Kubernetes Console, select the cluster for which you want to edit the IP ACL, then click [Edit] under Endpoint > Edit IP ACL.

vnks_ip_acl_ko

Default action

If the public IP of a client attempting to access the Control Plane is not explicitly allowed or denied by rules registered in the IP ACL, access is filtered according to the default action.

IP ACL(Access Control List)

You can configure IP ACLs for the Kubernetes Control Plane based on public IP addresses.
You can register up to 20 entries.

  • Access source: Enter an IPv4-based CIDR block.
  • Action: Select how to handle access from IPs that match the specified CIDR.
  • Memo: Enter notes for the rule.

Example

Case 1: Blocking all access from public IPs and allowing access to the Kubernetes Control Plane only from VPC VM instances

  • Set the default action to deny.
  • Do not register any rules in the IP ACL.

With this configuration, all access using public IPs is blocked. Access from VM instances within the VPC network does not use public IPs and is therefore not affected by the IP ACL.

Case 2: Blocking access from a specific public IP (143.248.142.77) and allowing access from other public IPs

  • Set the default action to allow.
  • Set the IP ACL with access source 143.248.142.77/32 and action deny.

With this configuration, access from 143.248.142.77 is denied, while access from other public IPs is allowed according to the default action.

Business Registration Number: 129-86-31394 E-commerce Permit Number:No. 2009-GyeonggiSeongnam-0510
CEO: Kim Yuwon Address: NAVER Green Factory 17th–26th Floors, Buljeong-ro 6, Bundang-gu, Seongnam-si, Gyeonggi-do 13561, Republic of Korea. Customer Support Number: 1544-5876
© NAVER Cloud Corp. All Rights Reserved.