Deploy the Contrast runtime
This step configures the host environment on your Kubernetes worker nodes.
Applicability
Required for all Contrast deployments.
Prerequisites
How-to
Contrast depends on a custom Kubernetes RuntimeClass (contrast-cc), which needs to be installed in the cluster prior to the Coordinator or any confidential workloads.
This consists of a RuntimeClass resource and a DaemonSet that performs installation on worker nodes.
This step is only required once for each version of the runtime.
It can be shared between Contrast deployments.
Also, different Contrast runtime versions can be installed in the same cluster.
- AKS
- Bare metal (SEV-SNP)
- Bare metal (SEV-SNP, with GPU support)
- Bare metal (TDX)
kubectl apply -f https://github.com/edgelesssys/contrast/releases/latest/download/runtime-aks-clh-snp.yml
kubectl apply -f https://github.com/edgelesssys/contrast/releases/latest/download/runtime-k3s-qemu-snp.yml
kubectl apply -f https://github.com/edgelesssys/contrast/releases/latest/download/runtime-k3s-qemu-snp-gpu.yml
kubectl apply -f https://github.com/edgelesssys/contrast/releases/latest/download/runtime-k3s-qemu-tdx.yml
The Contrast node installer will modify the containerd configuration on the worker nodes to add the runtime class. A backup will be created for the original configuration.
Some Kubernetes platforms, for example K3s, use a template for the containerd configuration. Notice that Contrast can't modify these templates, but will write the templated version instead. Any modifications made to the template afterward won't take effect.
