[Yandex Cloud documentation](../../index.md) > [Tutorials](../index.md) > [Container infrastructure](index.md) > Managed Service for Kubernetes > Using Cloud Marketplace products > Transferring a Managed Service for Kubernetes cluster's logs to Cloud Logging

# Transferring Yandex Managed Service for Kubernetes cluster logs to Yandex Cloud Logging


You can send [Managed Service for Kubernetes](../../managed-kubernetes/concepts/index.md#kubernetes-cluster) cluster logs to Cloud Logging:
* To enable sending [Managed Service for Kubernetes master](../../managed-kubernetes/concepts/index.md#master) logs, use the `master logging` setting when [creating](../../managed-kubernetes/operations/kubernetes-cluster/kubernetes-cluster-create.md) or [updating](../../managed-kubernetes/operations/kubernetes-cluster/kubernetes-cluster-update.md) a cluster. The setting is only available in the API, CLI, and Terraform.
* To send [pod](../../managed-kubernetes/concepts/index.md#pod) and [service](../../managed-kubernetes/concepts/index.md#service) logs, use the [Fluent Bit application with the Cloud Logging plugin](https://yandex.cloud/en/marketplace/products/yc/fluent-bit) in the Managed Service for Kubernetes cluster.


## Required paid resources {#paid-resources}

The support cost includes:

* Fee for using the master and outgoing traffic in a Managed Service for Kubernetes cluster (see [Managed Service for Kubernetes pricing](../../managed-kubernetes/pricing.md)).
* Fee for using computing resources, OS, and storage in cluster nodes (VMs) (see [Compute Cloud pricing](../../compute/pricing.md)).
* Fee for a public IP address assigned to cluster nodes (see [Virtual Private Cloud pricing](../../vpc/pricing.md#prices-public-ip)).
* Cloud Logging fee for data logging and storage (see [Cloud Logging pricing](../../logging/pricing.md)).


## Sending Managed Service for Kubernetes master logs to Cloud Logging using master logging {#master-logging}

To set up the transfer of Managed Service for Kubernetes master logs to Cloud Logging:
1. [Enable the master logging setting](#enable-master-logging).
1. [Check the result](#check-result-master-logging).

If you no longer need the resources you created, [delete them](#clear-out-master-logging).

### Getting started {#before-you-begin-master-logging}

Set up the infrastructure:

{% list tabs group=instructions %}

- Manually {#manual}

  1. If you do not have a [network](../../vpc/concepts/network.md#network) yet, [create one](../../vpc/operations/network-create.md).
  1. If you do not have any [subnets](../../vpc/concepts/network.md#subnet) yet, [create them](../../vpc/operations/subnet-create.md) in the [availability zones](../../overview/concepts/geo-scope.md) where your Managed Service for Kubernetes cluster and [node group](../../managed-kubernetes/concepts/index.md#node-group) will reside.
  1. [Create service accounts](../../iam/operations/sa/create.md#create-sa):
     * [Service account](../../iam/concepts/users/service-accounts.md) for the Managed Service for Kubernetes resources with the `k8s.clusters.agent` and `vpc.publicAdmin` [roles](../../iam/concepts/access-control/roles.md) for the [folder](../../resource-manager/concepts/resources-hierarchy.md#folder) where the Managed Service for Kubernetes cluster is being created.
     * Service account for Managed Service for Kubernetes nodes with the [container-registry.images.puller](../../container-registry/security/index.md#container-registry-images-puller) role for the folder containing the [Docker image](../../container-registry/concepts/docker-image.md) [registry](../../container-registry/concepts/registry.md). Managed Service for Kubernetes nodes will pull the required Docker images from the registry on behalf of this account.

       {% note tip %}

       You can use the same service account for both operations.

       {% endnote %}

  1. [Assign](../../iam/operations/sa/assign-role-for-sa.md#binding-role-resource) the [logging.writer](../../logging/security/index.md#logging-writer) role to the service account for resources. This role is required by the Managed Service for Kubernetes cluster to send logs to Cloud Logging.
  1. [Create a Managed Service for Kubernetes cluster](../../managed-kubernetes/operations/kubernetes-cluster/kubernetes-cluster-create.md#kubernetes-cluster-create) and a [node group](../../managed-kubernetes/operations/node-group/node-group-create.md). When creating a Managed Service for Kubernetes cluster, specify the previously created service accounts for the resources and nodes.
  1. [Configure security groups](../../managed-kubernetes/operations/connect/security-groups.md) for the Managed Service for Kubernetes cluster.
  1. [Create a log group](../../logging/operations/create-group.md).

- Terraform {#tf}

  1. If you do not have Terraform yet, [install it](../infrastructure-management/terraform-quickstart.md#install-terraform).
  1. Download the [file with provider settings](https://github.com/yandex-cloud-examples/yc-terraform-provider-settings/blob/main/provider.tf). Place it in a separate working directory and [specify the parameter values](../infrastructure-management/terraform-quickstart.md#configure-provider).
  1. Download the [k8s-cluster-with-master-logging.tf](https://github.com/yandex-cloud-examples/yc-mk8s-cloud-logging/blob/main/k8s-cluster-with-master-logging.tf) configuration file of the Managed Service for Kubernetes cluster to the same working directory.

     This file describes:
     * [Network](../../vpc/concepts/network.md#network).
     * [Subnet](../../vpc/concepts/network.md#subnet).
     * [Security groups](../../managed-kubernetes/operations/connect/security-groups.md) and rules required for a Managed Service for Kubernetes cluster and [node group](../../managed-kubernetes/concepts/index.md#node-group):
       * Rules for service traffic.
       * Rules for accessing the Kubernetes API and managing a Managed Service for Kubernetes cluster using `kubectl` through ports 443 and 6443.
       * Rules for accessing services from the internet.
     * [Service account](../../iam/concepts/users/service-accounts.md) for resources and Managed Service for Kubernetes nodes and for sending cluster logs to Cloud Logging.
     * Managed Service for Kubernetes cluster.
     * Managed Service for Kubernetes node group.
     * Cloud Logging [log group](../../logging/concepts/log-group.md).
  1. Specify the following in the configuration file:
     * [Folder ID](../../resource-manager/operations/folder/get-id.md).
     * [Kubernetes version](../../managed-kubernetes/concepts/release-channels-and-updates.md) for the Managed Service for Kubernetes cluster and node groups.
     * Name of the service account for resources and Managed Service for Kubernetes nodes and for sending cluster logs to Cloud Logging.
     * Cloud Logging log group name.
  1. Run the `terraform init` command in the directory with the configuration files. This command initializes the provider specified in the configuration files and enables you to use its resources and data sources.
  1. Make sure the Terraform configuration files are correct using this command:

     ```bash
     terraform validate
     ```

     Terraform will show any errors found in your configuration files.
  1. Create the required infrastructure:

     1. Run this command to view the planned changes:
     
        ```bash
        terraform plan
        ```
     
        If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.
     
     1. If everything looks correct, apply the changes:
        1. Run this command:
     
           ```bash
           terraform apply
           ```
     
        1. Confirm updating the resources.
        1. Wait for the operation to complete.

     All the required resources will be created in the specified folder. You can check resource availability and their settings in the [management console](https://console.yandex.cloud).

{% endlist %}

### Enable the master logging setting {#enable-master-logging}

If you created the infrastructure manually, enable the `master logging` setting:
1. If you do not have the Yandex Cloud CLI yet, [install and initialize it](../../cli/quickstart.md#install).

   The folder used by default is the one specified when [creating](../../cli/operations/profile/profile-create.md) the CLI profile. To change the default folder, use the `yc config set folder-id <folder_ID>` command. You can also specify a different folder for any command using `--folder-name` or `--folder-id`. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

1. Run this command:

   ```bash
   yc managed-kubernetes cluster update <cluster_name> \
     --master-logging enabled=true,`
       `log-group-id=<log_group_ID>,`
       `kube-apiserver-enabled=<send_kube-apiserver_logs>,`
       `cluster-autoscaler-enabled=<send_cluster-autoscaler_logs>,`
       `events-enabled=<send_Kubernetes_events>`
       `audit-enabled=<send_audit_events>
   ```

   Where:
   * `enabled`: Flag that enables sending logs.
   * `log-group-id`: ID of the [previously created](#before-you-begin-master-logging) log group to send the logs to.
   * `kube-apiserver-enabled`: Flag that enables sending [kube-apiserver](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/) logs, `true` or `false`.
   * `cluster-autoscaler-enabled`: Flag that enables sending `cluster-autoscaler` logs, `true` or `false`.
   * `events-enabled`: Flag that enables sending Kubernetes events, `true` or `false`.
   * `audit-enabled`: Flag that enables sending audit events, `true` or `false`.

### Check the result {#check-result-master-logging}

[Check the transfer](../../logging/operations/read-logs.md) of Managed Service for Kubernetes master logs to the Cloud Logging log group.

### Delete the resources you created {#clear-out-master-logging}

Some resources are not free of charge. To avoid paying for them, delete the resources you no longer need:

{% list tabs group=instructions %}

- Manually {#manual}

  1. [Delete the Managed Service for Kubernetes cluster](../../managed-kubernetes/operations/kubernetes-cluster/kubernetes-cluster-delete.md).
  1. If you reserved a static [public IP address](../../vpc/concepts/address.md#public-addresses) for your Managed Service for Kubernetes cluster, release and [delete it](../../vpc/operations/address-delete.md).
  1. [Delete the created subnets](../../vpc/operations/subnet-delete.md) and [networks](../../vpc/operations/network-delete.md).
  1. [Delete service accounts you created](../../iam/operations/sa/delete.md).
  1. [Delete the log group](../../logging/operations/delete-group.md).

- Terraform {#tf}

  1. In the terminal window, go to the directory containing the infrastructure plan.
  
      {% note warning %}
  
      Make sure the directory has no Terraform manifests with the resources you want to keep. Terraform deletes all resources that were created using the manifests in the current directory.
  
      {% endnote %}
  
  1. Delete resources:
  
      1. Run this command:
  
          ```bash
          terraform destroy
          ```
  
      1. Confirm deleting the resources and wait for the operation to complete.
  
      All the resources described in the Terraform manifests will be deleted.

{% endlist %}

## Sending pod logs and service logs via Fluent Bit {#fluent-bit}

# Configuring Fluent Bit for Cloud Logging

To configure transferring [pod](../../managed-kubernetes/concepts/index.md#pod) and [service](../../managed-kubernetes/concepts/index.md#service) logs, as well as [node](../../managed-kubernetes/concepts/index.md#node-group) system logs in [Yandex Managed Service for Kubernetes](../../managed-kubernetes/index.md) to [Yandex Cloud Logging](../../logging/index.md):
1. [Install and configure Fluent Bit](#fluent-bit-install).
1. [Check the result](#check-result).

If you no longer need the resources you created, [delete them](#clear-out).


## Required paid resources {#paid-resources}

The support cost for this solution includes:

* Fee for using the master and outgoing traffic in a Managed Service for Kubernetes cluster (see [Managed Service for Kubernetes pricing](../../managed-kubernetes/pricing.md)).
* Fee for using computing resources, OS, and storage in cluster nodes (VMs) (see [Compute Cloud pricing](../../compute/pricing.md)).
* Fee for a public IP address assigned to cluster nodes (see [Virtual Private Cloud pricing](../../vpc/pricing.md#prices-public-ip)).
* Cloud Logging fee for data logging and storage (see [Cloud Logging pricing](../../logging/pricing.md)).


## Getting started {#before-you-begin}

Set up your infrastructure:

{% list tabs group=instructions %}

- Manually {#manual}

  1. If you do not have a [network](../../vpc/concepts/network.md#network) yet, [create one](../../vpc/operations/network-create.md).
  1. If you do not have any [subnets](../../vpc/concepts/network.md#subnet) yet, [create them](../../vpc/operations/subnet-create.md) in the [availability zones](../../overview/concepts/geo-scope.md) the new [Managed Service for Kubernetes cluster](../../managed-kubernetes/concepts/index.md#kubernetes-cluster) and [node group](../../managed-kubernetes/concepts/index.md#node-group) will reside in.
  1. [Create service accounts](../../iam/operations/sa/create.md) for Managed Service for Kubernetes:
     * [Service account](../../iam/concepts/users/service-accounts.md) for the Managed Service for Kubernetes resources with the `k8s.clusters.agent` and `vpc.publicAdmin` [roles](../../iam/concepts/access-control/roles.md) for the [folder](../../resource-manager/concepts/resources-hierarchy.md#folder) where the Managed Service for Kubernetes cluster is being created.
     * Service account for Managed Service for Kubernetes nodes with the [container-registry.images.puller](../../container-registry/security/index.md#container-registry-images-puller) role for the folder containing the [Docker image](../../container-registry/concepts/docker-image.md) [registry](../../container-registry/concepts/registry.md). The Managed Service for Kubernetes nodes will use this account to pull the required Docker images from the registry.

     {% note tip %}

     You can use the same service account for both operations.

     {% endnote %}

  1. Create a service account for Cloud Logging with the [logging.writer](../../logging/security/index.md#roles-list) and [monitoring.editor](../../monitoring/security/index.md#monitoring-editor) roles. It will be used to run Fluent Bit.
  1. [Create an authorized key](../../iam/operations/authentication/manage-access-keys.md#create-access-key) for the Cloud Logging service account and save it to the `key.json` file.
  1. [Create security groups](../../managed-kubernetes/operations/connect/security-groups.md) for the Managed Service for Kubernetes cluster and its node groups.

        {% note warning %}
        
        The configuration of security groups determines performance and availability of the cluster and the services and applications running in it.
        
        {% endnote %}

  1. [Create a Managed Service for Kubernetes cluster](../../managed-kubernetes/operations/kubernetes-cluster/kubernetes-cluster-create.md#kubernetes-cluster-create) and a [node group](../../managed-kubernetes/operations/node-group/node-group-create.md). When creating a Managed Service for Kubernetes cluster, specify the previously created service accounts for resources and nodes, as well as the security groups.

  1. [Create a log group](../../logging/operations/create-group.md).

- Terraform {#tf}

  1. If you do not have Terraform yet, [install it](../infrastructure-management/terraform-quickstart.md#install-terraform).
  1. Download the [file with provider settings](https://github.com/yandex-cloud-examples/yc-terraform-provider-settings/blob/main/provider.tf). Place it in a separate working directory and [specify the parameter values](../infrastructure-management/terraform-quickstart.md#configure-provider).
  1. Download the [k8s-cluster-with-log-group.tf](https://github.com/yandex-cloud-examples/yc-mk8s-fluent-bit-logging/blob/main/k8s-cluster-with-log-group.tf) configuration file of the Managed Service for Kubernetes cluster to the same working directory.

     This file describes:
     * [Network](../../vpc/concepts/network.md#network).
     * [Subnet](../../vpc/concepts/network.md#subnet).
     * Cloud Logging [log group](../../logging/concepts/log-group.md).
     * Managed Service for Kubernetes cluster.
     * Managed Service for Kubernetes node group.
     * [Service account](../../iam/concepts/users/service-accounts.md) for Managed Service for Kubernetes resources and nodes.
     * Service account for Cloud Logging.
     * [Security groups](../../vpc/concepts/security-groups.md) which contain [rules](../../managed-kubernetes/operations/connect/security-groups.md) required for the Managed Service for Kubernetes cluster and its node groups.

        {% note warning %}
        
        The configuration of security groups determines performance and availability of the cluster and the services and applications running in it.
        
        {% endnote %}

  1. Specify the following in the configuration file:
     * [Folder ID](../../resource-manager/operations/folder/get-id.md).
     * [Kubernetes](../../managed-kubernetes/concepts/release-channels-and-updates.md) version for the Managed Service for Kubernetes cluster and node groups.
     * Name of the service account for Managed Service for Kubernetes resources and nodes.
     * Name of the service account for Cloud Logging.
     * Cloud Logging log group name.
  1. Run the `terraform init` command in the directory with the configuration files. This command initializes the provider specified in the configuration files and enables you to use its resources and data sources.
  1. Validate your Terraform configuration files using this command:

     ```bash
     terraform validate
     ```

     Terraform will display any configuration errors detected in your files.
  1. Create the required infrastructure:

     1. Run this command to view the planned changes:
     
        ```bash
        terraform plan
        ```
     
        If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.
     
     1. If everything looks correct, apply the changes:
        1. Run this command:
     
           ```bash
           terraform apply
           ```
     
        1. Confirm updating the resources.
        1. Wait for the operation to complete.

     All the required resources will be created in the specified folder. You can check resource availability and their settings in the [management console](https://console.yandex.cloud).

{% endlist %}

## Install and configure Fluent Bit {#fluent-bit-install}

Select the Fluent Bit installation option depending on what logs you want to collect and send to Cloud Logging:

* [Collect only Managed Service for Kubernetes pod and service logs](#pod-and-service-logs).
* [Collect Managed Service for Kubernetes pod, service, and node system logs](#system-logs).

### Installing Fluent Bit to collect pod and service logs {#pod-and-service-logs}

{% list tabs group=instructions %}


- Using Yandex Cloud Marketplace {#marketplace}

  Install Fluent Bit by following [this guide](../../managed-kubernetes/operations/applications/fluentbit.md#marketplace-install). In the application settings, specify the ID of the log group you [created earlier](#before-you-begin). You can request the log group ID with the [list of log groups in the folder](../../logging/operations/list.md).


- Manually {#manual}

  1. [Install kubect](https://kubernetes.io/docs/tasks/tools/install-kubectl) and [configure it to work with the new cluster](../../managed-kubernetes/operations/connect/index.md#kubectl-connect).
  1. Create the objects required for Fluent Bit to run:

     ```bash
     kubectl create namespace logging && \
     kubectl create -f https://raw.githubusercontent.com/fluent/fluent-bit-kubernetes-logging/master/fluent-bit-service-account.yaml && \
     kubectl create -f https://raw.githubusercontent.com/fluent/fluent-bit-kubernetes-logging/master/fluent-bit-role-1.22.yaml && \
     kubectl create -f https://raw.githubusercontent.com/fluent/fluent-bit-kubernetes-logging/master/fluent-bit-role-binding-1.22.yaml
     ```

  1. Create a secret containing the key of the service account for Cloud Logging you [created earlier](#before-you-begin):

     ```bash
     kubectl create secret generic secret-key-json \
       --from-file=key.json \
       --namespace logging
     ```

  1. Download the `config.yaml` configuration file:

     ```bash
     wget https://raw.githubusercontent.com/yandex-cloud-examples/yc-mk8s-fluent-bit-logging/main/config.yaml
     ```

  1. Specify the ID of the log group [created earlier](#before-you-begin) and (optionally) the cluster ID in the `[OUTPUT]` section of the `config.yaml` file:

     
     ```yaml
     ...
     output-elasticsearch.conf: |
       [OUTPUT]
         Name            yc-logging
         Match           *
         group_id        <log_group_ID>
         resource_id     <optional_cluster_ID>
         message_key     log
         authorization   iam-key-file:/etc/secret/key.json
     ...
     ```


     You can get the [log group](../../logging/concepts/log-group.md) ID with the [list of log groups in the folder](../../logging/operations/list.md), and the cluster ID [with the list of clusters in the folder](../../managed-kubernetes/operations/kubernetes-cluster/kubernetes-cluster-list.md#list).

     Specify [additional settings](https://github.com/yandex-cloud/fluent-bit-plugin-yandex#configuration-parameters) for Fluent Bit, if required.
  1. Create Fluent Bit objects:

     ```bash
     kubectl apply -f config.yaml
     ```

     Result:

     ```text
     configmap/fluent-bit-config created
     daemonset.apps/fluent-bit created
     ```

  1. Make sure the Fluent Bit pod has entered the `Running` state:

     ```bash
     kubectl get pods -n logging
     ```

{% endlist %}

### Installing Fluent Bit to collect pod, service logs and node system logs {#system-logs}

{% list tabs group=instructions %}


- Using Helm {#helm}

    1. [Install kubect](https://kubernetes.io/docs/tasks/tools/install-kubectl) and [configure it to work with the new cluster](../../managed-kubernetes/operations/connect/index.md#kubectl-connect).
    1. [Install Helm](https://helm.sh/docs/intro/install/) v3.8.0 or higher.
    1. Download the Fluent Bit configuration file named [systemd.yaml](https://github.com/yandex-cloud-examples/yc-mk8s-fluent-bit-logging/blob/main/systemd.yaml).
    1. To install a [Helm chart](https://helm.sh/docs/topics/charts/) with Fluent Bit, run this command:

        ```bash
        cat key.json | helm registry login cr.yandex --username 'json_key' --password-stdin && \
        helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/fluent-bit/fluent-bit \
          --version 2.1.7-3 \
          --untar && \
        helm install -f <systemd.yaml_file_path>\
          --namespace <namespace> \
          --create-namespace \
          --set loggingGroupId=<log_group_ID> \
          --set loggingFilter=<cluster_ID> \
          --set-file auth.json=key.json \
          fluentbit ./fluent-bit/
        ```

        For the current version of the Helm chart, see [this Yandex Cloud Marketplace page](https://yandex.cloud/en/marketplace/products/yc/fluent-bit).

        This command will create a new namespace required for Fluent Bit.

        {% note info %}
        
        If you are using a Helm version below 3.8.0, add the `export HELM_EXPERIMENTAL_OCI=1 && \` string at the beginning of the command to enable [Open Container Initiative](https://opencontainers.org/) (OCI) support in the Helm client.
        
        {% endnote %}


- Manually {#manual}

    1. [Install kubect](https://kubernetes.io/docs/tasks/tools/install-kubectl) and [configure it to work with the new cluster](../../managed-kubernetes/operations/connect/index.md#kubectl-connect).
    1. Create the objects required for Fluent Bit to run:

        ```bash
        kubectl create namespace logging && \
        kubectl create -f https://raw.githubusercontent.com/fluent/fluent-bit-kubernetes-logging/master/fluent-bit-service-account.yaml && \
        kubectl create -f https://raw.githubusercontent.com/fluent/fluent-bit-kubernetes-logging/master/fluent-bit-role-1.22.yaml && \
        kubectl create -f https://raw.githubusercontent.com/fluent/fluent-bit-kubernetes-logging/master/fluent-bit-role-binding-1.22.yaml
        ```

    1. Create a secret containing the key of the service account for Cloud Logging you [created earlier](#before-you-begin):

        ```bash
        kubectl create secret generic secret-key-json \
          --from-file=key.json \
          --namespace logging
        ```

    1. Download the Fluent Bit configuration file named [config.yaml](https://github.com/yandex-cloud-examples/yc-mk8s-fluent-bit-logging/blob/main/config.yaml).

    1. Specify the ID of the [previously created](#before-you-begin) log group in the `[OUTPUT]` sections of the `config.yaml` file:

        
        ```yaml
        ...
        output-elasticsearch.conf: |
          [OUTPUT]
            Name            yc-logging
            Match           kube.*
            group_id        <log_group_ID>
            resource_type   {kubernetes/namespace_name}
            resource_id     {kubernetes/pod_name}
            stream_name     {kubernetes/host}
            message_key     log
            level_key       severity
            default_level   INFO
            authorization   iam-key-file:/etc/secret/key.json

          [OUTPUT]
            Name            yc-logging
            Match           host.*
            group_id        <log_group_ID>
            resource_type   systemd
            resource_id     {_SYSTEMD_UNIT}
            stream_name     {_HOSTNAME}
            message_key     MESSAGE
            level_key       SEVERITY
            default_level   INFO
            authorization   iam-key-file:/etc/secret/key.json
        ...
        ```


        You can request the [log group](../../logging/concepts/log-group.md) ID with the [list of log groups in the folder](../../logging/operations/list.md).

        Specify [additional settings](https://github.com/yandex-cloud/fluent-bit-plugin-yandex#configuration-parameters) for Fluent Bit, if required.

    1. Create Fluent Bit objects:

        ```bash
        kubectl apply -f config.yaml
        ```

        Result:

        ```text
        configmap/fluent-bit-config created
        daemonset.apps/fluent-bit created
        ```

    1. Make sure the Fluent Bit pod has entered the `Running` state:

        ```bash
        kubectl get pods -n logging
        ```

{% endlist %}

## Check the result {#check-result}

[Test the transfer of logs](../../logging/operations/read-logs.md) of Managed Service for Kubernetes pods and services to your Cloud Logging log group.

## Delete the resources you created {#clear-out}

Some resources are not free of charge. Delete the resources you no longer need to avoid paying for them:

{% list tabs group=instructions %}

- Manually {#manual}

  1. [Delete the Managed Service for Kubernetes](../../managed-kubernetes/operations/kubernetes-cluster/kubernetes-cluster-delete.md) cluster.
  1. If you reserved a static [public IP address](../../vpc/concepts/address.md#public-addresses) for your Managed Service for Kubernetes cluster, release and [delete it](../../vpc/operations/address-delete.md).
  1. [Delete the created subnets](../../vpc/operations/subnet-delete.md) and [networks](../../vpc/operations/network-delete.md).
  1. [Delete service accounts you created](../../iam/operations/sa/delete.md).
  1. [Delete the log group](../../logging/operations/delete-group.md).

- Terraform {#tf}

  1. In the command line, go to the directory with the current Terraform configuration file with an infrastructure plan.
  1. Delete the `k8s-cluster-with-log-group.tf` configuration file.
  1. Validate your Terraform configuration files using this command:

     ```bash
     terraform validate
     ```

     Terraform will display any configuration errors detected in your files.
  1. Confirm resource changes.

     1. Run this command to view the planned changes:
     
        ```bash
        terraform plan
        ```
     
        If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.
     
     1. If everything looks correct, apply the changes:
        1. Run this command:
     
           ```bash
           terraform apply
           ```
     
        1. Confirm updating the resources.
        1. Wait for the operation to complete.

     This will delete all resources described in the `k8s-cluster-with-log-group.tf` configuration file.

{% endlist %}