Home Explore Blog CI



kubernetes
1st chunk of `content/en/docs/tasks/extend-kubernetes/setup-extension-api-server.md`
a78ca2a9dc1153623bc2ceba49438ae1ecf43f50d07a3cff00000001000008b2
---
title: Set up an Extension API Server
reviewers:
- lavalamp
- cheftako
- chenopis
content_type: task
weight: 15
---

<!-- overview -->

Setting up an extension API server to work with the aggregation layer allows the Kubernetes apiserver to be extended with additional APIs, which are not part of the core Kubernetes APIs.



## {{% heading "prerequisites" %}}


{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}

* You must [configure the aggregation layer](/docs/tasks/extend-kubernetes/configure-aggregation-layer/) and enable the apiserver flags.



<!-- steps -->

## Set up an extension api-server to work with the aggregation layer

The following steps describe how to set up an extension-apiserver *at a high level*. These steps apply regardless if you're using YAML configs or using APIs. An attempt is made to specifically identify any differences between the two. For a concrete example of how they can be implemented using YAML configs, you can look at the [sample-apiserver](https://github.com/kubernetes/sample-apiserver/blob/master/README.md) in the Kubernetes repo.

Alternatively, you can use an existing 3rd party solution, such as [apiserver-builder](https://github.com/kubernetes-sigs/apiserver-builder-alpha/blob/master/README.md), which should generate a skeleton and automate all of the following steps for you.

1. Make sure the APIService API is enabled (check `--runtime-config`). It should be on by default, unless it's been deliberately turned off in your cluster.
1. You may need to make an RBAC rule allowing you to add APIService objects, or get your cluster administrator to make one. (Since API extensions affect the entire cluster, it is not recommended to do testing/development/debug of an API extension in a live cluster.)
1. Create the Kubernetes namespace you want to run your extension api-service in.
1. Create/get a CA cert to be used to sign the server cert the extension api-server uses for HTTPS.
1. Create a server cert/key for the api-server to use for HTTPS. This cert should be signed by the above CA. It should also have a CN of the Kube DNS name. This is derived from the Kubernetes service and be of the form `<service name>.<service name namespace>.svc`
Title: Setting up an Extension API Server for Kubernetes Aggregation Layer
Summary
This document outlines the steps to set up an extension API server to extend the Kubernetes API using the aggregation layer. It covers prerequisites like configuring the aggregation layer and enabling necessary apiserver flags. The steps include enabling the APIService API, creating RBAC rules, setting up a Kubernetes namespace, and creating CA and server certificates for HTTPS communication. The document also suggests using tools like apiserver-builder to automate the process.