Creating Cluster

This guide walks you through creating a Kubernetes cluster using the Krutrim Kubernetes Service.

Before You Begin

Ensure you have:

A VPC created in your Krutrim Cloud account
At least one subnet configured in your VPC
Understanding of your network configuration requirements
Decided on your cluster's purpose (development, staging, production)

Cluster Configuration

When creating a cluster, you'll need to configure the following settings:

Basic Settings:

Cluster Name: Choose a descriptive name for your cluster.
Kubernetes Version:
- Select the Kubernetes version for your cluster:
  - Recommended: Use the default version of Krutrim Kubernetes Service
  - Specific Version: Choose if you have application compatibility requirements

Note: You can upgrade the Kubernetes version later, but you cannot downgrade.

Network Configurations

VPC Configuration:
- Select the VPC you want your cluster to be in
- This defines the network boundary for your cluster
Subnet Configuration:
- Specify the subnet where your cluster resources will be deployed
- Ensure the subnet has sufficient IP addresses
- Important: This subnet is used for LoadBalancer IP allocation

LoadBalancer IP Usage:

Every time you create a LoadBalancer Service:
├─ One IP address is allocated from this subnet
├─ The IP is taken from your subnet's available pool
└─ Plan accordingly for your expected LoadBalancer count

Kubernetes Network Configuration

Pod CIDR

Default: 192.168.0.0/16
Understanding Pod CIDR:
- This CIDR is the IP range for pods in your cluster
- Each node receives a /24 subnet (256 IPs) from this CIDR range
- Capacity: /16 = 256 nodes max, /18 = 64 nodes max, /20 = 16 nodes max
Pod CIDR cannot be changed after cluster creation. Plan for future growth!

Examples:

# Small cluster (up to 16 nodes)
Pod CIDR: 192.168.0.0/20

# Medium cluster (up to 64 nodes)
Pod CIDR: 192.168.0.0/18

# Large cluster (up to 256 nodes)
Pod CIDR: 192.168.0.0/16

Calculation:

Pod CIDR: 192.168.0.0/16
├─ Total IPs: 65,536
├─ Per-node allocation: /24 (256 IPs)
├─ Maximum nodes: 256
└─ Maximum pods per node: ~250 (after system overhead)

Reserved Range: Cannot use 172.24.0.0/13 (reserved for system use)

Service CIDR

Default: 10.100.0.0/16
Understanding Service CIDR:
- This CIDR is the IP range for Kubernetes Services (ClusterIP, NodePort, LoadBalancer)
- Each Service consumes one IP from this range
Service CIDR must not overlap with Pod CIDR

Examples:

# Standard configuration (65,536 service IPs)
Service CIDR: 10.100.0.0/16

# Smaller deployments (4,096 service IPs)
Service CIDR: 10.100.0.0/20

Reserved Range: Cannot use 172.24.0.0/13 (reserved for system use)

Network Configuration Examples

Development/Testing Cluster:

Cluster Name: dev-k8s-cluster
VPC: Select your dev VPC
Subnet: Select subnet with at least 100 available IPs
Pod CIDR: 192.168.0.0/20  # Supports up to 16 nodes
Service CIDR: 10.100.0.0/20  # Supports 4,096 services

Production Cluster:

Cluster Name: prod-web-cluster
VPC: Select your production VPC
Subnet: Select subnet with at least 200 available IPs
Pod CIDR: 192.168.0.0/16  # Supports up to 256 nodes
Service CIDR: 10.100.0.0/16  # Supports 65,536 services

Cluster Creation Process

After submitting your cluster configuration:

Verification Checklist

Before creating the cluster, verify:

Cluster name follows naming conventions
Kubernetes version is appropriate
VPC and subnet are correctly specified
Pod CIDR matches your scale requirements
Service CIDR doesn't overlap with Pod CIDR or Node Subnet
Network capacity is sufficient

Network Capacity Planning:

Question: How many nodes do I plan to run?
Answer: ____ nodes

Required Pod CIDR:
- Up to 16 nodes → /20 or larger
- Up to 64 nodes → /18 or larger
- Up to 256 nodes → /16 or larger

Cluster Creation Stages

Creating

Initial resources are being provisioned.

Timeline (part of total): Initial setup — 1-2 minutes

Provisioning

Control plane, network, and integrations are being configured.

Timeline (part of total): Control plane provisioning — 2-3 minutes; Network configuration — 1-2 minutes

Provisioned

Cluster is ready. Wait until status shows PROVISIONED before creating node groups.

Overall Timeline:

Total time: Approximately 5-8 minutes

What's Happening:

Control plane is being created

Network resources are being configured

OpenStack integration is being set up

Core infrastructure components are being installed

Monitoring Status:

Cluster status transitions: CREATING → PROVISIONING → PROVISIONED
Monitor the cluster status to track progress

⚠️ Important: Do not create node groups until the cluster status is PROVISIONED

Next Steps After Cluster Creation

Create Initial Node Groups

Once your cluster is provisioned, you need to create node groups to run your workloads.

Critical First Step: Create at least 1-2 nodes without taints to ensure system components can be scheduled.

Why This Matters:

Essential add-ons that need to be scheduled:
├─ CoreDNS (DNS resolution for the cluster)
└─ Cilium (CNI for pod networking)

If all nodes have taints:
├─ These add-ons cannot be scheduled
├─ Cluster remains in non-functional state
└─ Pods cannot start or communicate

Recommended Approach:

Create Initial Node Group (without taints)

Example configuration:

Name: general-nodes
Instance Type: 4vcpu-8gb or larger
Min Size: 1
Max Size: 3
Desired Size: 2
Taints: None
Labels:
  workload-type: general

Create Additional Node Groups (with or without taints)

Example configuration:

Name: workload-nodes
Instance Type: 4vcpu-8gb or larger
Min Size: 2
Max Size: 10
Desired Size: 3
Taints: Optional (based on workload requirements)
Labels:
  workload-type: application

See Managing Node Groups for detailed instructions.

Install Add-ons

After creating node groups, install necessary add-ons for your cluster.

Essential Add-ons

CoreDNS:

Provides DNS service for the cluster
Required for service discovery
Must be installed manually
You can choose to install your own cluster DNS service also

CNI (Container Network Interface) - REQUIRED

You must install a CNI for pod networking:

Option 1: Cilium (Recommended):

Optimized for Krutrim Cloud
eBPF-based networking
High performance and security
Important: Do NOT install kube-proxy if using Cilium

Option 2: Your Own CNI:

You can install kube-proxy
Then install your preferred CNI solution
Note: Our Cilium add-on may not work with kube-proxy

CNI Installation Priority:

1. Install Cilium (Krutrim optimized) - WITHOUT kube-proxy
   OR
2. Install kube-proxy first, then your own CNI solution

See Installing Add-ons for detailed instructions.

Access Your Cluster

Once all components are installed, you can access your cluster using the kubeconfig file.

Obtain Kubeconfig:

Retrieve the kubeconfig file for your cluster
Save the file securely (this contains cluster access credentials)

Verify Cluster Access:

export KUBECONFIG=/path/to/downloaded-kubeconfig
kubectl cluster-info

Check Node Status:

kubectl get nodes

Expected output:

NAME                STATUS   ROLES    AGE   VERSION
node-1              Ready    <none>   5m    v1.31.0
node-2              Ready    <none>   5m    v1.31.0
node-3              Ready    <none>   3m    v1.31.0

Verify System Pods:

kubectl get pods -A

All pods should be in Running state:

NAMESPACE     NAME                        READY   STATUS    RESTARTS   AGE
kube-system   coredns-xxx                 1/1     Running   0          10m
kube-system   cilium-xxx                  1/1     Running   0          8m
kube-system   konnectivity-agent-xxx      1/1     Running   0          10m

Common Issues During Creation

Issue: Cluster Stuck in CREATING

Possible Causes:

VPC or subnet validation issues
Network connectivity problems
Resource quota limits

Solution:

Check if VPC and subnet are accessible
Verify your account has sufficient quota
Contact support if issue persists

Issue: Node Groups Not Creating

Possible Causes:

Cluster not yet in PROVISIONED state
Insufficient subnet IPs
Invalid node configuration
Resource issue within Krutrim Cloud

Solution:

Wait for cluster to reach PROVISIONED state
Verify subnet has available IPs
Check node group configuration
Contact support if issue persists

Issue: Pods Not Starting

Possible Causes:

CNI not installed
All nodes have taints
No nodes without taints available

Solution:

Install Cilium or your CNI
Ensure at least 1-2 nodes without taints exist
Verify node status with kubectl get nodes

Best Practices for Cluster Creation

✅ Do's

Plan Network Ranges:
- Calculate required nodes before choosing Pod CIDR
- Use default CIDRs unless you have specific requirements
- Ensure no overlap between Pod and Service CIDRs
Create Untainted Nodes First:
- Always create 1-2 nodes without taints
- Use appropriate sizing (minimum 2vcpu-4gb)
- Wait for nodes to be ready before deploying workloads
Install CNI Immediately:
- Install Cilium or your CNI right after node creation
- Verify all nodes reach Ready state
- Check that all system pods are running
Use Descriptive Names:
- Include environment in name (dev, staging, prod)
- Include purpose (web, api, data)
- Use consistent naming conventions
Plan for Growth:
- Choose Pod CIDR with room for expansion
- Ensure subnet has sufficient IPs for future LoadBalancers
- Consider future node group additions

❌ Don'ts

Don't Use Small Pod CIDRs:
- Avoid /24 or /22 for production
- Don't underestimate growth
Don't Forget Untainted Nodes:
- Never create only tainted nodes
- Don't skip CoreDNS verification
Don't Mix CNI Strategies:
- Don't install both Cilium and kube-proxy
- Choose one networking approach
Don't Use Reserved Ranges:
- Avoid 172.24.0.0/13 for Pod or Service CIDR
- Check for conflicts with existing infrastructure

Next Steps

After successfully creating your cluster:

Configure Storage - Set up persistent storage for your applications
Create Load Balancers - Expose your services to the internet
Learn Best Practices - Optimize your cluster for production use

Additional Resources

Troubleshooting Guide - Common issues and solutions
Network Configuration - Detailed network planning
Managing Node Groups - Node group configuration
Installing Add-ons - Essential cluster add-ons

Last updated 4 days ago

Was this helpful?