Skip to main content
Version: Next

Deploy the Contrast runtime

This step configures the host environment on your Kubernetes worker nodes.

Applicability

Required for all Contrast deployments.

Prerequisites

  1. Set up cluster
  2. Install CLI

How-to

Contrast depends on a custom Kubernetes RuntimeClass (contrast-cc), which needs to be installed in the cluster prior to the Coordinator or any confidential workloads. This consists of a RuntimeClass resource and the node installer DaemonSet that performs installation on worker nodes. The node installer is deployed in the contrast-system namespace by default but this can be changed by modifying the YAML files if you wish. This step is only required once for each version of the runtime. It can be shared between Contrast deployments. Also, different Contrast runtime versions can be installed in the same cluster.

kubectl apply -f https://github.com/edgelesssys/contrast/releases/latest/download/runtime-metal-qemu-snp.yml
Modifications to containerd configuration

The Contrast node installer will modify the containerd configuration on the worker nodes to add the runtime class. A backup will be created for the original configuration.

Some Kubernetes platforms, for example K3s, use a template for the containerd configuration. Notice that Contrast can't modify these templates, but will write the templated version instead. Any modifications made to the template afterward won't take effect.

Multi-runtime configurations

Depending on the configuration of your cluster and the workloads to deploy, it can be desirable to use different runtime classes for pods some pods. For example, in a cluster consisting of both SEV-SNP and TDX machines, you might want to distribute the workload over all nodes.

Contrast supports these multi-runtime class configurations. For details, please see the multi-runtime class How To.