Start Guide#

User account#

Once your company is registered in K2 Cloud, a notification is sent to your corporate e-mail. It contains an admin account password and login in the admin@<customer> format, where customer is the company ID specified at the registration.

Once created, the admin@<customer> user is granted global privileges for IAM and billing services, thus obtaining all necessary authorizations to register new users, create company projects, and retrieve billing data.

In addition to the administrative account, a default project is also automatically created, in which the admin@<customer> user is granted CloudAdministrators group privileges to manage cloud resources. You can use this project to deploy your cloud infrastructure or you can delete it and create your own one.

Attention

For security reasons, we strongly recommend to use the administrator account for working in the IAM section only. For operating with other cloud services, it is better to use only additional accounts, created without administrator privileges for IAM service.

Note

An account will be locked if inactive for more than 45 days. If you get a message when logging in to the cloud that your account is locked, contact your company administrator.

System user#

Along with the administrative account, a system user system@<customer> is created. This user is not shown in the user list. It is granted global privileges for the IAM service and the necessary project privileges to perform service functions. Project privileges are granted to this user when the project is created.

The system user prepares and maintains cloud resources required for normal operation of services, such as Auto Scaling, Kubernetes and PaaS. It is not displayed in the user list and has no access to user data that are stored in the cloud, but all operations it performs are logged in the Activity Log.

Logging in to the cloud#

K2 Cloud offers a straightforward graphical web interface to manage cloud resources. To access the web interface, go to console.k2.cloud.

Note

The information in this section applies to both the administrative user and additionally created users.

Supported browsers#

To use the web interface, we recommend the following browsers:

  • Chrome v.111 or later;

  • Firefox v.113 or later;

  • Opera v.97 or later;

  • Safari v.16.2 or later;

  • Edge v.111 or later.

Password requirements#

After you have entered your username and password for the first time, the cloud will prompt you to change your password. To reliably protect your account, set a secure password or generate a new one by clicking Generate Password.

The password must meet the following requirements:

  • Password must contain at least 8 characters.

  • The new password must not be the same as the login.

  • The password must contain at least one Latin letter in upper and lower cases, a digit and a special character.

  • The password must be an irregular combination of characters: it must not contain easy-to-guess words, consecutive letters and numbers, repeating character combinations, be similar to an email address, etc.

  • The new password must not be the same as the previous five passwords.

We recommend that you change your password at least every 60 days and follow common practices for handling passwords, in particular, avoid storing your password in the clear text format. The password can be changed in the user profile.

Attention

If you enter a wrong password for four times, the account is locked for 15 minutes. With repeated unsuccessful attempts, the locking interval may increase up to 60 minutes.

Available features#

Depending on the granted administrative and project privileges in K2 Cloud, different sections, resources, and features may be available to a particular user:

  1. Virtual machines – basic operations with instances, volumes and networks.

  2. Backup — backup management for instances and volumes.

  3. Object storage – operations with cloud object storage.

  4. Kubernetes clusters – container orchestration tool provided as a K2 Cloud service.

  5. PaaS – automated deployment of standalone or clustered PaaS services.

  6. Load balancing — automated distribution of incoming traffic among instances.

  7. Interconnect — VPC interconnections and attachment of external networks.

  8. DNSaaS — administering of public and private DNS zones.

  9. Monitoring— monitors your CROC Cloud resources in real time.

  10. Activity log – user activity logging and analysis.

  11. IAM — users, groups and project management according to assigned policies.

  12. Billing — cost control and detailing.

Cloud resources refers to a specific project. You can switch between projects using the drop-down list above the navigation menu.

Note

Projects can be selected for all sections except for IAM and Billing.

Configuring account, notifications and API access#

Note

The information in this section applies to both the administrative user and additionally created users.

After logging in to the web interface, you can change your account settings, API access settings, and notification subscriptions in your user profile. To open your profile, click your login in the upper right corner of the screen and select Profile from the drop-down list.

Profile setup#

Personal data#

In the profile settings, you can specify your personal details, i.e. name, email address, and phone number. To do so, edit the corresponding fields.

Email notifications#

Using switches, you can manage your email notification subscriptions.

Timezone#

You can specify an arbitrary time zone instead of the system time zone. It will be used to display the time in the web interface, for example, for the date of creation, modification or deletion of a resource.

Two-factor authentication#

To provide additional protection for your account, use two-factor authentication. To be able to use it, you need to have a two-factor authentication app installed on your smartphone or tablet.

To enforce the two-factor authentication,

  1. In your user profile, click Set up 2FA.

  2. Open two-factor authentication app installed on your smartphone or tablet (e.g. Google Authenticator) and add your account by scanning QR code.

  3. In the 2FA setup dialog, enter the authentication code generated by the app and click Apply.

Attention

The device on which the app is installed has to use the precise mobile network time.

From now on, at each logging in to K2 Cloud, you shall enter one-time passwords generated by the two-factor authentication app on your device.

To return to single-factor authentication, click Disable 2FA and confirm the action.

Receiving API access settings#

To receive settings for API access in .sh format, click Get API access settings in the user profile.

Changing API secret#

To change API secret, click Change API key in the user profile.

Attention

After the key is changed, you will have to reconfigure all external applications.

Starting a first instance#

To run virtual machines and manage other cloud resources, we recommend creating a separate user without administrative privileges for the IAM service. Below is described the minimum set of actions, settings, and privileges you will need to run an instance in an automatically created default project.

Creating a user#

  1. Log in to the K2 Cloud web interface under the administrative account.

  2. Go to the section IAM Users.

  3. Click Create.

  4. In the window that opens fill the following fields:

    • ID — an arbitrary user identifier.

    • Name — a user name, e.g. full name.

    • Password. You can generate it automatically or create your own one. Save the password.

  5. To complete the user creation, click Create.

For more details about user creation, see IAM documentation.

Granting privileges in a project#

A default project is used in this example, but you can create your own project.

  1. Click the ID of the created user to go to its page.

  2. Open the Projects tab and click Add.

  3. In the new window, select the default project and click Next.

  4. At the Groups step, select the InstanceAdministrators group, click Select and then Next. You can grant the user more privileges to manage other cloud resources as well by adding the user to the CloudAdministrators group.

  5. At the Policies step, click Add and then Yes, add without policies.

For more details about adding a user to a project, see IAM documentation.

Logging in to the user account#

After creating a user, log in to the user’s account.

  1. Log out of the K2 Cloud console. To do so, click your login in the upper right corner of the screen and select Sign out.

  2. After logging out, the cloud login page will be displayed. Enter the full login (<username>@<customer>) and password of the created user.

  3. Generate a new password automatically or set your own one.

Starting an instance#

The instance being created will run in the default project in the default VPC. For more details on creating and configuring an instance, see instance wizard description.

  1. Go to the Virtual Machines section Compute Instances.

  2. Click Create to run the instance wizard.

  3. In the new window, select a virtual machine image (Ubuntu, for example) and click Select.

  4. Skip the next step by clicking Next.

  5. Select any available instance type and click Select.

  6. In the next step, leave the default settings unchanged and click View and Run.

  7. Click Launch.

Launching an instance takes time. When done, the instance status will change to Running. Each created instance running in the cloud is assigned a unique ID in the i-xxxxxx format.

To access the created instance, upload an SSH key and assign it to the instance, allocate Elastic IP address, and associate it with the instance. For more details on how to connect to the instance via SSH, see instructions.

You can change the parameters of the created instance, attach or detach additional volumes, reboot or stop the instance, change the public address, etc. (see the documentation sections Actions with instances and Change instance parameters).