This topic explains how to deploy Contour into a workload cluster in Tanzu Kubernetes Grid. Contour is an ingress controller that uses the Envoy edge and service proxy. Tanzu Kubernetes Grid includes signed binaries for Contour and Envoy, which you can deploy into workload clusters to provide ingress control services in those clusters.
Prerequisites:
- Tanzu CLI, Tanzu CLI plugins, and kubectl.
- Carvel tools, as described in Install the Carvel Tools.
- yq v4.5 or later.
To deploy Contour, you will need to prepare your workload cluster by performing the following steps:
- Get the admin credentials of the workload cluster into which you want to deploy Contour.
kubectl config use-context my-cluster-admin@my-cluster
2. If the cluster does not already have the standard package repository installed, install it.
tanzu package repository add tanzu-standard --url projects.registry.vmware.com/tkg/packages/standard/repo:v2.1.1 --namespace tkg-system
Where PACKAGE-REPOSITORY-ENDPOINT is the URL of the standard package repository. For tkg 2.1.1 release, the URL is projects.registry.vmware.com/tkg/packages/standard/repo:v2.1.1.
3. Install cert-manager in the cluster.
4. Confirm that the Contour package is available in your workload cluster.
tanzu package available list -A
5. Retrieve the version of the available package.
tanzu package available list contour.tanzu.vmware.com -A
6. Create a configuration file for the Contour package by retrieving the default configuration of the package.
tanzu package available get contour.tanzu.vmware.com/1.23.5+vmware.1-tkg.1 --default-values-file-output contour-data-values.yaml
Configure the Contour package with the default values file output.
If you are installing Contour to a vSphere cluster that uses NSX ALB as a load balancer service provider, modify the contour-default-values.yaml file to set envoy.service.type to LoadBalancer.
infrastructure_provider: vsphere
namespace: tanzu-system-ingress
contour:
configFileContents: {}
useProxyProtocol: false
replicas: 1
pspNames: “vmware-system-restricted”
logLevel: info
envoy:
service:
type: LoadBalancer
annotations: {}
nodePorts:
http: null
https: null
externalTrafficPolicy: Cluster
disableWait: false
hostPorts:
enable: true
http: 80
https: 443
hostNetwork: false
terminationGracePeriodSeconds: 300
logLevel: info
pspNames: null
certificates:
duration: 8760h
renewBefore: 360h
7. If your contour-data-values.yaml file contains comments, remove them:yq -i eval '... comments=""' contour-data-values.yaml
8. Install the package.
tanzu package install contour --package contour.tanzu.vmware.com --version 1.23.5+vmware.1-tkg.1 --values-file contour-data-values.yaml --namespace my-packages
9. Confirm that the contour package has been installed.
kubectl get app contour --namespace PACKAGE-NAMESPACE -o yaml
10. Once you have completed these steps, you can confirm that Contour and Envoy pods are running in the tanzu-system-ingress namespace by running the following command:
kubectl get pods -n tanzu-system-ingress
You can also view the full status details of the contour app to troubleshoot any issues that may arise during the deployment process.
Reference: Install Contour for Ingress Control