website/content/en/docs/tasks/access-kubernetes-api/configure-aggregation-layer.md

---
title: Configure the aggregation layer
reviewers:
- lavalamp
- cheftako
- chenopis
content_template: templates/task
---

{{% capture overview %}}

Configuring the [aggregation layer](/docs/concepts/api-extension/apiserver-aggregation/) allows the Kubernetes apiserver to be extended with additional APIs, which are not part of the core Kubernetes APIs. 

{{% /capture %}}

{{% capture prerequisites %}}

{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}

**Note:** There are a few setup requirements for getting the aggregation layer working in your environment to support mutual TLS auth between the proxy and extension apiservers. Kubernetes and the kube-apiserver have multiple CAs, so make sure that the proxy is signed by the aggregation layer CA and not by something else, like the master CA.

{{% /capture %}}

{{% capture steps %}}

## Enable apiserver flags

Enable the aggregation layer via the following kube-apiserver flags. They may have already been taken care of by your provider.

    --requestheader-client-ca-file=<path to aggregator CA cert>
    --requestheader-allowed-names=aggregator
    --requestheader-extra-headers-prefix=X-Remote-Extra-
    --requestheader-group-headers=X-Remote-Group
    --requestheader-username-headers=X-Remote-User
    --proxy-client-cert-file=<path to aggregator proxy cert>
    --proxy-client-key-file=<path to aggregator proxy key>

If you are not running kube-proxy on a host running the API server, then you must make sure that the system is enabled with the following apiserver flag:

    --enable-aggregator-routing=true

{{% /capture %}}

{{% capture whatsnext %}}

* [Setup an extension api-server](/docs/tasks/access-kubernetes-api/setup-extension-api-server/) to work with the aggregation layer.
* For a high level overview, see [Extending the Kubernetes API with the aggregation layer](/docs/concepts/api-extension/apiserver-aggregation/).
* Learn how to [Extend the Kubernetes API Using Custom Resource Definitions](/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/).

{{% /capture %}}
API Aggregator (#4173) * API Aggregator * Additional bullet points * incorporated feedback for apiserver-aggregation.md * split setup-api-aggregator.md into two docs and address feedback * fix link * addressed docs feedback * incorporate feedback * integrate feedback 2017-06-27 07:22:47 +00:00			`---`
			`title: Configure the aggregation layer`
In front matter, change approvers to reviewers. (#7433) 2018-02-18 19:29:37 +00:00			`reviewers:`
API Aggregator (#4173) * API Aggregator * Additional bullet points * incorporated feedback for apiserver-aggregation.md * split setup-api-aggregator.md into two docs and address feedback * fix link * addressed docs feedback * incorporate feedback * integrate feedback 2017-06-27 07:22:47 +00:00			`- lavalamp`
			`- cheftako`
			`- chenopis`
Convert site to Hugo (#8316) This commit converts content and layout to use Hugo. 2018-05-05 16:00:51 +00:00			`content_template: templates/task`
API Aggregator (#4173) * API Aggregator * Additional bullet points * incorporated feedback for apiserver-aggregation.md * split setup-api-aggregator.md into two docs and address feedback * fix link * addressed docs feedback * incorporate feedback * integrate feedback 2017-06-27 07:22:47 +00:00			`---`

Convert site to Hugo (#8316) This commit converts content and layout to use Hugo. 2018-05-05 16:00:51 +00:00			`{{% capture overview %}}`
API Aggregator (#4173) * API Aggregator * Additional bullet points * incorporated feedback for apiserver-aggregation.md * split setup-api-aggregator.md into two docs and address feedback * fix link * addressed docs feedback * incorporate feedback * integrate feedback 2017-06-27 07:22:47 +00:00
			`Configuring the [aggregation layer](/docs/concepts/api-extension/apiserver-aggregation/) allows the Kubernetes apiserver to be extended with additional APIs, which are not part of the core Kubernetes APIs.`

Convert site to Hugo (#8316) This commit converts content and layout to use Hugo. 2018-05-05 16:00:51 +00:00			`{{% /capture %}}`
API Aggregator (#4173) * API Aggregator * Additional bullet points * incorporated feedback for apiserver-aggregation.md * split setup-api-aggregator.md into two docs and address feedback * fix link * addressed docs feedback * incorporate feedback * integrate feedback 2017-06-27 07:22:47 +00:00
Convert site to Hugo (#8316) This commit converts content and layout to use Hugo. 2018-05-05 16:00:51 +00:00			`{{% capture prerequisites %}}`
API Aggregator (#4173) * API Aggregator * Additional bullet points * incorporated feedback for apiserver-aggregation.md * split setup-api-aggregator.md into two docs and address feedback * fix link * addressed docs feedback * incorporate feedback * integrate feedback 2017-06-27 07:22:47 +00:00
Convert site to Hugo (#8316) This commit converts content and layout to use Hugo. 2018-05-05 16:00:51 +00:00			`{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}`
API Aggregator (#4173) * API Aggregator * Additional bullet points * incorporated feedback for apiserver-aggregation.md * split setup-api-aggregator.md into two docs and address feedback * fix link * addressed docs feedback * incorporate feedback * integrate feedback 2017-06-27 07:22:47 +00:00
			`Note: There are a few setup requirements for getting the aggregation layer working in your environment to support mutual TLS auth between the proxy and extension apiservers. Kubernetes and the kube-apiserver have multiple CAs, so make sure that the proxy is signed by the aggregation layer CA and not by something else, like the master CA.`

Convert site to Hugo (#8316) This commit converts content and layout to use Hugo. 2018-05-05 16:00:51 +00:00			`{{% /capture %}}`
API Aggregator (#4173) * API Aggregator * Additional bullet points * incorporated feedback for apiserver-aggregation.md * split setup-api-aggregator.md into two docs and address feedback * fix link * addressed docs feedback * incorporate feedback * integrate feedback 2017-06-27 07:22:47 +00:00
Convert site to Hugo (#8316) This commit converts content and layout to use Hugo. 2018-05-05 16:00:51 +00:00			`{{% capture steps %}}`
API Aggregator (#4173) * API Aggregator * Additional bullet points * incorporated feedback for apiserver-aggregation.md * split setup-api-aggregator.md into two docs and address feedback * fix link * addressed docs feedback * incorporate feedback * integrate feedback 2017-06-27 07:22:47 +00:00
			`## Enable apiserver flags`

			`Enable the aggregation layer via the following kube-apiserver flags. They may have already been taken care of by your provider.`

			`--requestheader-client-ca-file=<path to aggregator CA cert>`
			`--requestheader-allowed-names=aggregator`
			`--requestheader-extra-headers-prefix=X-Remote-Extra-`
			`--requestheader-group-headers=X-Remote-Group`
			`--requestheader-username-headers=X-Remote-User`
			`--proxy-client-cert-file=<path to aggregator proxy cert>`
			`--proxy-client-key-file=<path to aggregator proxy key>`

Update configure-aggregation-layer.md Missing a signal. 2017-08-27 10:27:48 +00:00			`If you are not running kube-proxy on a host running the API server, then you must make sure that the system is enabled with the following apiserver flag:`
API Aggregator (#4173) * API Aggregator * Additional bullet points * incorporated feedback for apiserver-aggregation.md * split setup-api-aggregator.md into two docs and address feedback * fix link * addressed docs feedback * incorporate feedback * integrate feedback 2017-06-27 07:22:47 +00:00
			`--enable-aggregator-routing=true`

Convert site to Hugo (#8316) This commit converts content and layout to use Hugo. 2018-05-05 16:00:51 +00:00			`{{% /capture %}}`
API Aggregator (#4173) * API Aggregator * Additional bullet points * incorporated feedback for apiserver-aggregation.md * split setup-api-aggregator.md into two docs and address feedback * fix link * addressed docs feedback * incorporate feedback * integrate feedback 2017-06-27 07:22:47 +00:00
Convert site to Hugo (#8316) This commit converts content and layout to use Hugo. 2018-05-05 16:00:51 +00:00			`{{% capture whatsnext %}}`
API Aggregator (#4173) * API Aggregator * Additional bullet points * incorporated feedback for apiserver-aggregation.md * split setup-api-aggregator.md into two docs and address feedback * fix link * addressed docs feedback * incorporate feedback * integrate feedback 2017-06-27 07:22:47 +00:00
			`* [Setup an extension api-server](/docs/tasks/access-kubernetes-api/setup-extension-api-server/) to work with the aggregation layer.`
			`* For a high level overview, see [Extending the Kubernetes API with the aggregation layer](/docs/concepts/api-extension/apiserver-aggregation/).`
			`* Learn how to [Extend the Kubernetes API Using Custom Resource Definitions](/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/).`

Convert site to Hugo (#8316) This commit converts content and layout to use Hugo. 2018-05-05 16:00:51 +00:00			`{{% /capture %}}`

API Aggregator (#4173) * API Aggregator * Additional bullet points * incorporated feedback for apiserver-aggregation.md * split setup-api-aggregator.md into two docs and address feedback * fix link * addressed docs feedback * incorporate feedback * integrate feedback 2017-06-27 07:22:47 +00:00