You can configure the Contour extension with custom settings.

Contour Extenion Configuration Parameters

The Contour configuration values for Tanzu Kubernetes clusters provisioned by the Tanzu Kubernetes Grid Service are set in /tkg-extensions/ingress/contour/vsphere/contour-data-values.yaml.
Table 1. Contour Extension Configuration Parameters
Parameter Description Type Default
infrastructure_provider Infrastructure Provider. Supported Values: vsphere, aws, azure string Mandatory parameter
contour.namespace Namespace where contour will be deployed string tanzu-system-ingress
contour.config.requestTimeout Client request timeout to be passed to Envoy time.Duration 0s
contour.config.server.xdsServerType XDS Server type to use: Supported Values: contour or envoy string Null
contour.config.tls.minimumProtocolVersion Minimum TLS version that Contour will negotiate string 1.1
contour.config.tls.fallbackCertificate.name Name of secret containing fallback certificate for requests that dont match SNI defined for a vhost string Null
contour.config.tls.fallbackCertificate.namespace Namespace of secret containing fallback certificate string Null
contour.config.tls.envoyClientCertificate.name Name of the secret to use as client certificate, private key for tls connection to backend service string Null
contour.config.tls.envoyClientCertificate.namespace Namespace of the secret to use as client certificate, private key for tls connection to backend service string Null
contour.config.leaderelection.configmapName Name of configmap to be used for contour leaderelection string leader-elect
contour.config.leaderelection.configmapNamespace Namespace of contour leaderelection configmap string tanzu-system-ingress
contour.config.disablePermitInsecure Disables ingressroute permitInsecure field boolean false
contour.config.accesslogFormat Access log format string envoy
contour.config.jsonFields Fields that will be logged array of strings https://godoc.org/github.com/projectcontour/contour/internal/envoy#JSONFields
contour.config.useProxyProtocol https://projectcontour.io/guides/proxy-proto/ boolean false
contour.config.defaultHTTPVersions HTTP versions that Contour should program Envoy to serve array of strings "HTTP/1.1 HTTP2"
contour.config.timeouts.requestTimeout The timeout for an entire request time.Duration Null (timeout is disabled)
contour.config.timeouts.connectionIdleTimeout The time to wait before terminating an idle connection time.Duration 60s
contour.config.timeouts.streamIdleTimeout The time to wait before terminating an request or stream with no activity time.Duration 5m
contour.config.timeouts.maxConnectionDuration The time to wait before terminating an connection irrespective of activity or not time.Duration Null (timeout is disabled)
contour.config.timeouts.ConnectionShutdownGracePeriod The time to wait between sending an initial and final GOAWAY time.Duration 5s
contour.config.cluster.dnsLookupFamily dns-lookup-family to use for upstream requests to externalName type services from an HTTPProxy route string Null (Supported Values: auto, v4, v6)
contour.config.debug Turn on contour debugging boolean false
contour.config.ingressStatusAddress The address to set on status of every Ingress resource string Null
contour.certificate.duration Duration for contour certificate time.Duration 8760h
contour.certificate.renewBefore Duration before contour certificate should be renewed time.Duration 360h
contour.deployment.replicas No of contour replicas integer 2
contour.image.repository Location of the repository with the Contour image. The default is the public VMware registry. Change this value if you are using a private repository (e.g., air-gapped environment). string projects.registry.vmware.com/tkg
contour.image.name Name of contour image string contour
contour.image.tag Contour image tag. This value may need to be udpated if you are upgrading the Contour version. string v1.11.0_vmware.1
contour.image.pullPolicy Contour image pull policy string IfNotPresent
envoy.image.repository Location of the repository with the Envoy image. The default is the public VMware registry. Change this value if you are using a private repository (e.g., air-gapped environment). string projects.registry.vmware.com/tkg
envoy.image.name Name of envoy image string envoy
envoy.image.tag Envoy image tag. This value may need to be updated if you upgrading the Envoy version. string v1.16.2_vmware.1
envoy.image.pullPolicy Envoy image pull policy string IfNotPresent
envoy.hostPort.enable Flag to expose envoy ports on host boolean true
envoy.hostPort.http Envoy HTTP host port integer 80
envoy.hostPort.https Envoy HTTPS host port integer 443
envoy.service.type Type of service to expose envoy. Supported Values: ClusterIP, NodePort, LoadBalancer string Mandatory parameter for vSphere: NodePort or LoadBalancer, AWS: LoadBalancer, Azure: LoadBalancer
envoy.service.annotations Envoy service annotations Map (Key-values) Empty Map
envoy.service.externalTrafficPolicy External traffic policy of envoy service. Supported Values: Local, Cluster string Cluster
envoy.service.nodePort.http Desired nodePort for service of type NodePort used for http requests integer Null - Kubernetes assigns a dynamic node port
envoy.service.nodePort.https Desired nodePort for service of type NodePort used for HTTPS requests integer Null - Kubernetes assigns a dynamic node port
envoy.deployment.hostNetwork Run envoy on hostNetwork boolean false
envoy.service.aws.LBType AWS LB type to be used for exposing envoy service. Supported Values: classic, nlb string classic
envoy.loglevel Log level to use for envoy string info