Questions and answers about Managed Service for Kubernetes
General questions
What services are available in Managed Service for Kubernetes clusters by default?
The following services are available by default:
- Metrics Server
for data aggregation on resource usage in a Kubernetes cluster. - Kubernetes plugin for CoreDNS
for name resolution in a cluster. - DaemonSet
supporting CSI plugins to work with persistent volumes (PersistentVolume
).
Which version of the Kubernetes CLI (kubectl) must be installed for comprehensive work with a cluster?
We recommend using the latest official version of kubectl
Can Nebius AI restore the health of the cluster if I configure it incorrectly?
The master is managed by Nebius AI, that's why you can't damage it. If you have issues with Kubernetes cluster components, contact technical support
Who will be monitoring the health of the cluster?
Nebius AI. A cluster is monitored for corrupted file system, kernel deadlock, internet connection loss and Kubernetes component issues. We're also developing a self-healing mechanism for faulty components.
How quickly does Nebius AI address vulnerabilities discovered in the security system? What do I do if an attacker has taken advantage of a vulnerability and my data is damaged?
Nebius AI services, images and master configuration initially undergo various security tests and checks for standard compliance.
Users can choose frequency of updates depending on their tasks and cluster configuration. It's important to consider attack targets and vulnerabilities in applications deployed in a Kubernetes cluster. Application security can be affected by such factors as vulnerabilities inside Docker containers and incorrect launch mode of containers in a cluster.
Data storage
What are the features of disk storage when a database (for example, MySQL or PostgreSQL) is located in a Kubernetes cluster?
For a database located in a Kubernetes cluster, use StatefulSet
How do I connect to managed Nebius AI databases?
To connect to a Nebius AI managed database located in the same network, specify its hostname and FQDN.
To connect a database certificate to a pod, use secret
or configmap
objects.
What's the right way to add a persistent volume to a container?
You can select connection mode for Compute Cloud disks depending on your needs:
- If you want Kubernetes to automatically provision a
PersistentVolume
object and configure a new disk, create a pod with a dynamically provisioned volume. - To use existing Compute Cloud volumes, create a pod with a statically provisioned pod.
For more information, see Working with persistent volumes.
What types of volumes does Managed Service for Kubernetes support?
Managed Service for Kubernetes supports temporary
volumes and persistent
volumes. For more information, see Volumes.
Automatic scaling
Why are there N nodes in my cluster now, but it's not getting downsized?
Autoscaling doesn't stop nodes with pods that can't be evicted. Scaling barriers:
- Pods whose eviction is limited with PodDisruptionBudget.
- Pods in the
kube-system
namespace:- That haven't been created under the DaemonSet
controller. - That don't have
PodDisruptionBudget
or whose eviction is limited byPodDisruptionBudget
.
- That haven't been created under the DaemonSet
- Pods that haven't been created under a replication controller (ReplicaSet
, Deployment , or StatefulSet ). - Pods with a
local storage
. - Pods that can't be evicted anywhere due to restrictions. For example, due to lack of resources or lack of nodes matching the affinity or anti-affinity
selectors. - Pods with an annotation that disables eviction:
"cluster-autoscaler.kubernetes.io/safe-to-evict": "false"
.
Note
Pods kube-system
, pods with local-storage
, and pods without a replication controller can be evicted. To do this, set the annotation "safe-to-evict": "true"
:
kubectl annotate pod <pod name> cluster-autoscaler.kubernetes.io/safe-to-evict=true
Other possible causes:
-
The node group has already reached its minimum size.
-
The node is idle for less than 10 minutes.
-
During the last 10 minutes, the node group has been scaled up.
-
During the last 3 minutes, there was an unsuccessful attempt to scale down the node group.
-
There was an unsuccessful attempt to stop a certain node. In this case, the next attempt occurs in 5 minutes.
-
The node has an annotation that prohibits stopping it on scale-down:
"cluster-autoscaler.kubernetes.io/scale-down-disabled": "true"
. You can add or remove an annotation usingkubectl
.Check for annotation on the node:
kubectl describe node <node name> | grep scale-down-disabled
Result:
Annotations: cluster-autoscaler.kubernetes.io/scale-down-disabled: true
Set the annotation:
kubectl annotate node <node name> cluster-autoscaler.kubernetes.io/scale-down-disabled=true
Remove the annotation by running the
kubectl
command with-
:kubectl annotate node <node name> cluster-autoscaler.kubernetes.io/scale-down-disabled-
Why has the pod been deleted, but the node group fails to downsize?
If the node is underloaded, it's removed in 10 minutes.
Why isn't autoscaling performed even when the number of nodes gets less than the minimum or greater than the maximum?
Autoscaling won't violate preset limits, but Managed Service for Kubernetes isn't explicitly controlling the limits. Scaling up will only trigger if there are pods in the unschedulable
status.
To get answers to other questions about autoscaling, see the documentation Kubernetes
Configuring and updating
What do I do if some data gets lost after I update the Kubernetes version?
Your data won't get lost: prior to updating the Kubernetes version Managed Service for Kubernetes creates a data backup. You can manually configure cluster backup in Object Storage. We also recommend backing up your database using the application tools.
Can I configure a backup for a Kubernetes cluster?
Data in Managed Service for Kubernetes clusters is stored securely and replicated within the Nebius AI infrastructure. However, you can back up data from Kubernetes cluster node groups at any time and store them in Object Storage or other types of storage.
For more information, see Managed Service for Kubernetes cluster backups in Object Storage.
Will resources be idle while the Kubernetes version is updating?
When a master is being updated, Control Plane resources will be idle. For this reason, operations like node group create or delete will be unavailable. User load on the application will continue to be processed.
Can I send you a YAML configuration file so that you apply it to my cluster?
No. You can a kubeconfig file to apply a YAML cluster configuration file on your own.
Can you install Web UI Dashboard, Rook, and other tools?
No. You can install all the necessary tools on your own.
Resources
What resources are needed to maintain a Kubernetes cluster with a group of, say, three nodes?
Each node needs resources to run the components in charge of running the node as part of the Kubernetes cluster. For more information, see Dynamic resource allocation.
Can I change resources for each node in a Kubernetes cluster?
You can change resources only for a node group. You can create groups with different configurations in a Kubernetes cluster. For more information, see Changing a node group.
Who monitors the scaling of a Kubernetes cluster?
In Managed Service for Kubernetes, you can enable automatic cluster scaling.
Logs
Can I get logs of my operations with services?
Yes, you can request log records about your resources from Nebius AI services. For more information, see Data requests.
Is Horizontal Pod Autoscaler supported?
Yes, Managed Service for Kubernetes supports horizontal pod autoscaling.