Install Contour
This topic tells you how to install Contour from the Tanzu Application Platform (commonly known as TAP) package repository.
NoteFollow the steps in this topic if you do not want to use a profile to install Contour. For more information about profiles, see Components and installation profiles.
To install Contour from the Tanzu Application Platform package repository without a profile:
-
List version information for the package by running:
tanzu package available list contour.tanzu.vmware.com -n tap-installFor example:
$ tanzu package available list contour.tanzu.vmware.com -n tap-install NAME VERSION RELEASED-AT contour.tanzu.vmware.com 1.24.4 2023-05-22 19:00:00 -0500 -05 -
Create a file named
contour-rbac.yamlby using the following sample and apply the configuration:apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: contour-tap-install-cluster-admin-role rules: - apiGroups: - '*' resources: - '*' verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: contour-tap-install-cluster-admin-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: contour-tap-install-cluster-admin-role subjects: - kind: ServiceAccount name: contour-tap-install-sa namespace: tap-install --- apiVersion: v1 kind: ServiceAccount metadata: name: contour-tap-install-sa namespace: tap-install -
Apply the configuration by running:
kubectl apply -f contour-rbac.yaml -
Create a file named
contour-install.yamlby using the following sample and apply the configuration:Note
The following configuration installs the Contour package with default options. To make changes to the default installation settings, go to the next step.
apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: contour namespace: tap-install spec: serviceAccountName: contour-tap-install-sa packageRef: refName: contour.tanzu.vmware.com versionSelection: constraints: "VERSION-NUMBER" prereleases: {}Where
VERSION-NUMBERis the version of the package listed earlier. -
(Optional) Make changes to the default installation settings:
-
Gather values schema by running:
tanzu package available get contour.tanzu.vmware.com/1.24.4 --values-schema -n tap-installFor example:
$ tanzu package available get contour.tanzu.vmware.com/1.24.4 --values-schema -n tap-install KEY DEFAULT TYPE DESCRIPTION kubernetes_distribution string The distribution of Kubernetes, used to determine if distribution-specific configurations need to be applied. Options are empty and openshift. If running on an OpenShift cluster, this must be set to openshift. When set to openshift, a Role and RoleBinding are created to associate Contour's controllers with the appropriate OpenShift Security Context Constraint resource. kubernetes_version 0.0.0 string The version of Kubernetes being used, for enabling version-specific behaviors. Accept any valid major.minor.patch version of Kubernetes. This field is optional. Currently only has effect when kubernetes_distribution is set to openshift. namespace tanzu-system-ingress string The namespace in which to deploy Contour and Envoy. registry_secret_names [contour-reg-creds] array The names of the placeholder secrets that will contain registry credentials to pull the Contour and Envoy images. certificates.duration 8760h string How long the certificates should be valid for. certificates.renewBefore 360h string How long before expiration the certificates should be renewed. contour.pspNames vmware-system-restricted string Pod security policy names to apply to Contour. contour.replicas 2 integer How many Contour pod replicas to have. contour.resources.contour.requests.memory string Memory request to apply to the contour container. contour.resources.contour.requests.cpu string CPU request to apply to the contour container. contour.resources.contour.limits.cpu string CPU limit to apply to the contour container. contour.resources.contour.limits.memory string Memory limit to apply to the contour container. contour.useProxyProtocol false boolean Whether to enable PROXY protocol for all Envoy listeners. contour.configFileContents <nil> <nil> The YAML contents of the Contour config file. See https://projectcontour.io/docs/1.24/configuration/#configuration-file for more information. contour.logLevel info string The Contour log level. Valid options are 'info' and 'debug'. envoy.pspNames string Pod security policy names to apply to Envoy. envoy.service.externalTrafficPolicy string The external traffic policy for the Envoy service. If type is 'ClusterIP', this field is ignored. Otherwise, defaults to 'Cluster' for vsphere and 'Local' for others. envoy.service.loadBalancerIP string The desired load balancer IP. If type is not 'LoadBalancer', this field is ignored. It is up to the cloud provider whether to honor this request. If not specified, then load balancer IP will be assigned by the cloud provider. envoy.service.nodePorts.http 0 integer The node port number to expose Envoy's HTTP listener on. If not specified, a node port will be auto-assigned by Kubernetes. envoy.service.nodePorts.https 0 integer The node port number to expose Envoy's HTTPS listener on. If not specified, a node port will be auto-assigned by Kubernetes. envoy.service.type string The type of Kubernetes service to provision for Envoy. Valid values are 'LoadBalancer', 'NodePort', and 'ClusterIP'. If not specified, will default to 'NodePort' for vsphere and 'LoadBalancer' for others. envoy.service.annotations <nil> <nil> Annotations to set on the Envoy service. envoy.service.aws.LBType classic string The type of AWS load balancer to provision. Options are 'classic' and 'nlb'. envoy.service.disableWait false boolean This setting is no longer supported and is included in the schema for backwards compatibility only. envoy.terminationGracePeriodSeconds 300 integer The termination grace period, in seconds, for the Envoy pods. envoy.workload.replicas 2 integer The number of Envoy replicas to deploy when 'type' is set to 'Deployment'. If not specified, it will default to '2'. envoy.workload.resources.envoy.limits.cpu string CPU limit to apply to the envoy container. envoy.workload.resources.envoy.limits.memory string Memory limit to apply to the envoy container. envoy.workload.resources.envoy.requests.cpu string CPU request to apply to the envoy container. envoy.workload.resources.envoy.requests.memory string Memory request to apply to the envoy container. envoy.workload.resources.shutdownManager.limits.cpu string CPU limit to apply to the shutdown-manager container. envoy.workload.resources.shutdownManager.limits.memory string Memory limit to apply to the shutdown-manager container. envoy.workload.resources.shutdownManager.requests.cpu string CPU request to apply to the shutdown-manager container. envoy.workload.resources.shutdownManager.requests.memory string Memory request to apply to the shutdown-manager container. envoy.workload.type DaemonSet string The type of Kubernetes workload Envoy is deployed as. Options are 'Deployment' or 'DaemonSet'. If not specified, will default to 'DaemonSet'. envoy.hostNetwork false boolean Whether to enable host networking for the Envoy pods. envoy.hostPorts.https 443 integer If enable == true, the host port number to expose Envoy's HTTPS listener on. envoy.hostPorts.enable true boolean Whether to enable host ports. If false, http & https are ignored. envoy.hostPorts.http 80 integer If enable == true, the host port number to expose Envoy's HTTP listener on. envoy.logLevel info string The Envoy log level. infrastructure_provider vsphere string The underlying infrastructure provider. Options are vsphere, aws, and azure. This field is not required, but enables better validation and defaulting if provided. -
Create a
contour-install.yamlfile by using the following sample as a guide:Note
This sample is for installation in an AWS public cloud with
LoadBalancerservices.apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: contour namespace: tap-install spec: serviceAccountName: contour-tap-install-sa packageRef: refName: contour.tanzu.vmware.com versionSelection: constraints: 1.24.4 prereleases: {} values: - secretRef: name: contour-values --- apiVersion: v1 kind: Secret metadata: name: contour-values namespace: tap-install stringData: values.yaml: | envoy: service: type: LoadBalancer infrastructure_provider: awsThe LoadBalancer type is appropriate for most installations, but local clusters such as
kindcan fail to complete the package install if LoadBalancer services are not supported.For local clusters, you can configure
contour.envoy.service.typeto beNodePort. If your local cluster is set up with extra port mappings on the nodes, you might also need configureenvoy.service.nodePorts.httpandenvoy.service.nodePorts.httpsto match the port mappings from your local machine into one of the nodes of your local cluster.Contour provides an Ingress implementation by default. If you have another Ingress implementation in your cluster, you must explicitly specify an IngressClass to select a particular implementation.
Cloud Native Runtimes programs Contour HTTPRoutes are based on the installed namespace. The default installation of Cloud Native Runtimes uses a single Contour to provide internet-visible services. You can install a second Contour instance with service type
ClusterIPif you want to expose some services to only the local cluster. The second instance must be installed in a separate namespace. You must set the Cloud Native Runtimes valueingress.internal.namespaceto point to this namespace.
-
-
Install the package by running:
kubectl apply -f contour-install.yaml -
Verify the package install by running:
tanzu package installed get contour -n tap-installFor example:
$ tanzu package installed get contour -n tap-install NAME: contour PACKAGE-NAME: contour.tanzu.vmware.com PACKAGE-VERSION: 1.24.4 STATUS: Reconcile succeeded CONDITIONS: [{ReconcileSucceeded True }] USEFUL-ERROR-MESSAGE:Verify that
STATUSisReconcile succeeded -
Verify the installation by running:
kubectl get po -n tanzu-system-ingressFor example:
$ kubectl get po -n tanzu-system-ingress NAME READY STATUS RESTARTS AGE contour-689789679f-cl8cg 1/1 Running 0 6d16h contour-689789679f-g2xjn 1/1 Running 0 6d16h envoy-2blkl 2/2 Running 0 6d16h envoy-2rjtb 2/2 Running 0 6d16h envoy-9sljz 2/2 Running 0 6d16h envoy-cv5fc 2/2 Running 0 6d16h envoy-gvtlf 2/2 Running 0 6d16h envoy-qtrxd 2/2 Running 0 6d16hEnsure that all pods are
Runningwith all containers ready.
