Tanzu: How to Install Contour for Ingress Control on TKG Workload Cluster

This topic explains how to deploy Contour into a workload cluster in Tanzu Kubernetes Grid. Contour is an ingress controller that uses the Envoy edge and service proxy. Tanzu Kubernetes Grid includes signed binaries for Contour and Envoy, which you can deploy into workload clusters to provide ingress control services in those clusters.

Prerequisites:

To deploy Contour, you will need to prepare your workload cluster by performing the following steps:

  1. Get the admin credentials of the workload cluster into which you want to deploy Contour.

kubectl config use-context my-cluster-admin@my-cluster

2. If the cluster does not already have the standard package repository installed, install it.

tanzu package repository add tanzu-standard --url projects.registry.vmware.com/tkg/packages/standard/repo:v2.1.1 --namespace tkg-system
Where PACKAGE-REPOSITORY-ENDPOINT is the URL of the standard package repository. For tkg 2.1.1 release, the URL is projects.registry.vmware.com/tkg/packages/standard/repo:v2.1.1.

3. Install cert-manager in the cluster.

4. Confirm that the Contour package is available in your workload cluster.

tanzu package available list -A

5. Retrieve the version of the available package.

tanzu package available list contour.tanzu.vmware.com -A

6. Create a configuration file for the Contour package by retrieving the default configuration of the package.

tanzu package available get contour.tanzu.vmware.com/1.23.5+vmware.1-tkg.1 --default-values-file-output contour-data-values.yaml

Configure the Contour package with the default values file output.

If you are installing Contour to a vSphere cluster that uses NSX ALB as a load balancer service provider, modify the contour-default-values.yaml file to set envoy.service.type to LoadBalancer.

infrastructure_provider: vsphere

namespace: tanzu-system-ingress

contour:

 configFileContents: {}

 useProxyProtocol: false

 replicas: 1

 pspNames: “vmware-system-restricted”

 logLevel: info

envoy:

 service:

   type: LoadBalancer

   annotations: {}

   nodePorts:

     http: null

     https: null

   externalTrafficPolicy: Cluster

   disableWait: false

 hostPorts:

   enable: true

   http: 80

   https: 443

 hostNetwork: false

 terminationGracePeriodSeconds: 300

 logLevel: info

 pspNames: null

certificates:

 duration: 8760h

 renewBefore: 360h

7. If your contour-data-values.yaml file contains comments, remove them:
yq -i eval '... comments=""' contour-data-values.yaml

8. Install the package.

tanzu package install contour --package contour.tanzu.vmware.com --version 1.23.5+vmware.1-tkg.1 --values-file contour-data-values.yaml --namespace my-packages

9. Confirm that the contour package has been installed.

kubectl get app contour --namespace PACKAGE-NAMESPACE -o yaml

10. Once you have completed these steps, you can confirm that Contour and Envoy pods are running in the tanzu-system-ingress namespace by running the following command:

kubectl get pods -n tanzu-system-ingress

You can also view the full status details of the contour app to troubleshoot any issues that may arise during the deployment process.

Reference: Install Contour for Ingress Control

Leave a comment