You deploy Contour and Envoy directly on Tanzu Kubernetes clusters. You do not need to deploy Contour on management clusters.

In this release of Tanzu Kubernetes Grid, the provided implementation of Contour and Envoy assumes that you use self-signed certificates. If you have Tanzu Kubernetes Grid Plus support, you can engage with Tanzu Kubernetes Grid Plus Customer Reliability Engineers, who can help you to configure Contour and Envoy with your own certificates.

Prerequisites

Procedure

The instructions in this procedure assume that you unpacked the bundle of Tanzu Kubernetes Grid extensions in the location in which your are running the commands.

Tanzu Kubernetes Grid does not support IPv6 addresses. This is because upstream Kubernetes only provides alpha support for IPv6. Always provide IPv4 addresses in the procedures in this topic.

  1. Set the focus of kubectl to the Tanzu Kubernetes cluster on which to deploy Contour.

    kubectl config use-context my-cluster-admin@my-cluster
    
  2. Install cert-manager on the cluster.

    kubectl apply -f tkg-extensions-v1.0.0/cert-manager/
    
  3. Deploy Contour and Envoy on the cluster.

    kubectl apply -f tkg-extensions-v1.0.0/ingress/contour/vsphere/
    
  4. Deploy some test pods and services on the cluster.

    kubectl apply -f tkg-extensions-v1.0.0/ingress/contour/examples/common/
    
  5. Deploy the Kubernetes ingress resource on the cluster.

    kubectl apply -f tkg-extensions-v1.0.0/ingress/contour/examples/https-ingress/
    
  6. Add an /etc/hosts entry to map one of the worker node IP addresses to foo.bar.com.

    Replace <WORKER_NODE_IP> in the following command with the IP address of one of the worker nodes in your Tanzu Kubernetes cluster.

    echo '<WORKER_NODE_IP> foo.bar.com' | sudo tee -a /etc/hosts > /dev/null
    
  7. Get the HTTPS node port of the Envoy service.

    kubectl get service envoy -n tanzu-system-ingress -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}'
    
  8. Verify that the following URLs work by going to the following addresses in a browser.

    Replace <ENVOY_SERVICE_HTTPS_NODE_PORT> in the following command with the output of the kubectl get service envoy command that you ran in the preceding step.

    • https://foo.bar.com:<ENVOY_SERVICE_HTTPS_NODE_PORT>/foo
    • https://foo.bar.com:<ENVOY_SERVICE_HTTPS_NODE_PORT>/bar

    You should see output similar to the following:

    Hello, world!
    Version: 1.0.0
    Hostname: helloweb-7cd97b9cb8-vmnbj
    

What to Do Next

With Contour and Envoy running in your cluster, you can View Data from Your Contour Deployment.

check-circle-line exclamation-circle-line close-line
Scroll to top icon