Introduction
In the Kubernetes ecosystem, managing external access to services within your cluster is a critical task. While NGINX is a popular choice for Ingress controllers, Contour, an Envoy-based Ingress controller, offers a powerful alternative with its high performance, scalability, and deep integration with the Envoy proxy. In this post, we’ll guide you through deploying Contour as an Ingress controller on your Kubernetes cluster.
What is Contour?
Contour is a Kubernetes-native Ingress controller that uses Envoy as its data plane. It provides advanced features such as dynamic service discovery, load balancing, and routing for your applications. With Contour, you gain fine-grained control over your traffic management, making it an excellent choice for modern microservices architectures.
Why Contour?
Contour bridges gaps found in other solutions by offering several key advantages:
Dynamic Configuration Updates: Contour dynamically updates Ingress configurations with minimal dropped connections, ensuring high availability and seamless transitions during changes.
Multi-Tenancy Support: It safely supports various types of Ingress configurations, making it ideal for multi-team Kubernetes clusters where different teams might have different requirements.
Broad Protocol Support: Contour supports multiple Ingress types, including Ingress/v1, HTTPProxy (a custom resource defined by Contour), and the emerging Gateway API, giving you flexibility in managing traffic.
Seamless Kubernetes Integration: Contour integrates cleanly with the Kubernetes object model, providing a native experience that leverages the full power of Kubernetes for traffic management.
Prerequisites
Before we begin, ensure you have the following:
A running Kubernetes cluster. (Minikube, AKS, EKS, GKE, or any other)
kubectl command-line tool configured to interact with your cluster.
Helm installed on your local machine.
Step 1: Deploy Contour with Helm
Contour can be deployed quickly using Helm. First, add the Contour Helm repository:
helm repo add bitnami https://charts.bitnami.com/bitnami helm repo update Now, install Contour with the following command:
helm install contour bitnami/contour --namespace contour --create-namespace Step 2: Verify the Installation
After the installation is complete, verify that the Nginx Ingress Controller is running:
Check Pods
kubectl get pods -n contour Check Services
kubectl get svc -n contour You should see an output indicating that the contour Ingress Controller pods are running and that a service of type LoadBalancer is available.
Step 3: Deploy an Nginx Pod
To demonstrate the functionality of the contour Ingress Controller, we'll deploy a simple Nginx pod and expose it using a service.
Deploy an NGINX Pod
Deploying a pod is straightforward with the kubectl run command. This command creates a deployment with a single NGINX pod.
kubectl run nginx-pod --image=nginx Expose the NGINX Pod
To access the NGINX pod, you need to expose it. Let’s create a Service of type ClusterIP:
kubectl expose pod nginx-pod --port=80 --type=ClusterIP --name=nginx-service Step 4: Create a Secret for the SSL Certificate
If you plan to use TLS with your Ingress resource, you need to create a Kubernetes Secret to store your SSL certificate and private key.
Convert SSL Certificate to Base64
First, convert your SSL certificate (tls.crt) and private key (tls.key) to base64:
cat tls.crt | base64 cat tls.key | base64 Create the Secret File:
Create a file named contour-tls-secret.yaml with the following content, replacing and with the actual base64 encoded values:
apiVersion: v1 kind: Secret metadata: name: example-tls namespace: default data: tls.crt: <base64 encoded cert> tls.key: <base64 encoded key> type: kubernetes.io/tls Deploy the Secret:
kubectl create -f contour-tls-secret.yaml Step 5: Expose Your Application Using Ingress
Create an Ingress resource to expose your application, including TLS configuration:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: example-ingress annotations: kubernetes.io/ingress.class: contour spec: tls: - hosts: - example.com secretName: example-tls-secret rules: - host: example.com http: paths: - path: / pathType: Prefix backend: service: name: example-service port: number: 80 Apply the configuration:
kubectl apply -f example-ingress.yaml Step 6: Use HTTPProxy for Advanced Routing and TLS
For more complex scenarios, create an HTTPProxy resource with TLS:
apiVersion: projectcontour.io/v1 kind: HTTPProxy metadata: name: simple-httpproxy namespace: default spec: virtualhost: fqdn: example.com tls: secretName: example-tls-secret routes: - conditions: - prefix: / services: - name: example-servic port: 80 Apply the configuration:
kubectl apply -f example-httpproxy.yaml Step 7: Verifying Ingress and HTTPProxy Resources
Once you've deployed the Ingress resource or HTTPProxy resource, you can verify their status using the following commands:
Check Ingress Resources:
kubectl get ingress Check HTTPProxy Resources:
kubectl get httpproxy Step 8: Configure DNS Entry
After deploying the Contour Ingress resource or the HTTPProxy resource, you need to map your domain name (e.g., example.com) to the external IP address of the Contour Ingress Controller's load balancer.
Get the Load Balancer IP:
Run the following command to get the external IP address
kubectl get svc contour-envoy --namespace contour Update DNS Record:
Once you have the external IP address, update the DNS record for your domain to point to this IP address. This process will vary depending on your DNS provider, but generally, you will need to create an A record for example.com with the external IP address.
Conclusion
By following these steps, the Contour Ingress Controller is now successfully deployed in your Kubernetes cluster using Helm.
If you have any questions or encounter issues, feel free to comment below. Keep exploring Kubernetes and happy learning!
Top comments (0)