You deploy Contour and Envoy directly on Tanzu Kubernetes clusters. You do not need to deploy Contour on management clusters.

In this release of Tanzu Kubernetes Grid, the provided implementation of Contour and Envoy assumes that you use self-signed certificates. If you have Tanzu Kubernetes Grid Plus support, you can engage with Tanzu Kubernetes Grid Plus Customer Reliability Engineers, who can help you to configure Contour and Envoy with your own certificates.

Prerequisites

Procedure

The instructions in this procedure assume that you unpacked the bundle of Tanzu Kubernetes Grid extensions in the location in which your are running the commands.

Tanzu Kubernetes Grid does not support IPv6 addresses. This is because upstream Kubernetes only provides alpha support for IPv6. Always provide IPv4 addresses in the procedures in this topic.

  1. Set the focus of kubectl to the Tanzu Kubernetes cluster on which to deploy Contour.

    kubectl config use-context my-cluster-admin@my-cluster
    
  2. Install cert-manager on the cluster.

    kubectl apply -f tkg-extensions-v1.0.0/cert-manager/
    
  3. Deploy Contour and Envoy on the cluster.

    kubectl apply -f tkg-extensions-v1.0.0/ingress/contour/aws/
    
  4. Deploy some test pods and services on the cluster.

    kubectl apply -f ingress/contour/examples/common/
    
  5. Deploy the Kubernetes ingress resource on the cluster.

    kubectl apply -f ingress/contour/examples/https-ingress/
    
  6. Get the host name of the Envoy service load balancer.

    kubectl get service envoy -n tanzu-system-ingress -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'
    
  7. Get the IP address of the Envoy service load balancer.

    Replace <ENVOY_SERVICE_LB_HOSTNAME> in the following command with the output of the kubectl get service envoy command that you ran in the preceding step.

    nslookup <ENVOY_SERVICE_LB_HOSTNAME>
    
  8. Add an /etc/hosts entry to map the IP address of the Envoy service load balancer to foo.bar.com.

    Replace <ENVOY_SERVICE_LB_IP> in the following command with the output of the nslookup command that you ran in the preceding step.

    echo '<ENVOY_SERVICE_LB_IP> foo.bar.com' | sudo tee -a /etc/hosts > /dev/null
    
  9. Verify that the following URLs work by going to the following addresses.

    • https://foo.bar.com/foo
    • https://foo.bar.com/bar

    You should see output similar to the following:

    Hello, world!
    Version: 1.0.0
    Hostname: helloweb-7cd97b9cb8-vmnbj
    

What to Do Next

With Contour and Envoy running in your cluster, you can View Data from Your Contour Deployment

check-circle-line exclamation-circle-line close-line
Scroll to top icon