sigs.k8s.io/cluster-api@v1.7.1/docs/book/src/tasks/experimental-features/runtime-sdk/deploy-runtime-extension.md (about)

     1  # Deploy Runtime Extensions
     2  
     3  <aside class="note warning">
     4  
     5  <h1>Caution</h1>
     6  
     7  Please note Runtime SDK is an advanced feature. If implemented incorrectly, a failing Runtime Extension can severely impact the Cluster API runtime.
     8  
     9  </aside>
    10  
    11  Cluster API requires that each Runtime Extension must be deployed using an endpoint accessible from the Cluster API
    12  controllers. The recommended deployment model is to deploy a Runtime Extension in the management cluster by:
    13  
    14  - Packing the Runtime Extension in a container image.
    15  - Using a Kubernetes Deployment to run the above container inside the Management Cluster.
    16  - Using a Cluster IP Service to make the Runtime Extension instances accessible via a stable DNS name.
    17  - Using a cert-manager generated Certificate to protect the endpoint.
    18  - Register the Runtime Extension using ExtensionConfig.
    19  
    20  For an example, please see our [test extension](https://github.com/kubernetes-sigs/cluster-api/tree/main/test/extension)
    21  which follows, as closely as possible, the kubebuilder setup used for controllers in Cluster API.
    22  
    23  There are a set of important guidelines that must be considered while choosing the deployment method:
    24  
    25  ## Availability
    26  
    27  It is recommended that Runtime Extensions should leverage some form of load-balancing, to provide high availability
    28  and performance benefits. You can run multiple Runtime Extension servers behind a Kubernetes Service to leverage the
    29  load-balancing that services support.
    30  
    31  ## Identity and access management
    32  
    33  The security model for each Runtime Extension should be carefully defined, similar to any other application deployed
    34  in the Cluster. If the Runtime Extension requires access to the apiserver the deployment must use a dedicated service 
    35  account with limited RBAC permission. Otherwise no service account should be used.
    36  
    37  On top of that, the container image for the Runtime Extension should be carefully designed in order to avoid
    38  privilege escalation (e.g using [distroless](https://github.com/GoogleContainerTools/distroless) base images).
    39  The Pod spec in the Deployment manifest should enforce security best practices (e.g. do not use privileged pods).
    40  
    41  ##  Alternative deployments methods
    42  
    43  Alternative deployment methods can be used as long as the HTTPs endpoint is accessible, like e.g.:
    44  
    45  - deploying the HTTPS Server as a part of another component, e.g. a controller.
    46  - deploying the HTTPS Server outside the Management Cluster.
    47  
    48  In those cases recommendations about availability and identity and access management still apply.