Refer to these instructions for installing standard packages on a TKG cluster provisioned with a TKr for vSphere 7.x.
Prerequisites
See Workflow for Installing Standard Packages on TKr for vSphere 7.x.
Install Contour with Envoy
- List the available Contour versions in the repository.
kubectl get packages -n tkg-system | grep contour
- Create the
contour.yamlspecification.See #GUID-ED287018-E690-4993-9D34-F10BCFEE7609__GUID-CC995CF8-0F4B-4D92-A782-A3832C0EA5AE.
- If necessary, customize
contour-data-valuesfor your environment. - Instal Contour.
kubectl apply -f contour.yaml
serviceaccount/contour-sa createdclusterrolebinding.rbac.authorization.k8s.io/contour-role-binding created packageinstall.packaging.carvel.dev/contour created secret/contour-data-values created
- Verify Contour package installation.
kubectl get pkgi -A
- Verify Contour objects.
kubectl get all -n contour-ingress
NAME READY STATUS RESTARTS AGE pod/contour-777bdddc69-fqnsp 1/1 Running 0 102s pod/contour-777bdddc69-gs5xv 1/1 Running 0 102s pod/envoy-d4jtt 2/2 Running 0 102s pod/envoy-g5h72 2/2 Running 0 102s pod/envoy-pjpzc 2/2 Running 0 102s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/contour ClusterIP 10.105.242.46 <none> 8001/TCP 102s service/envoy LoadBalancer 10.103.245.57 10.197.154.69 80:32642/TCP,443:30297/TCP 102s NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/envoy 3 3 3 3 3 <none> 102s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/contour 2/2 2 2 102s NAME DESIRED CURRENT READY AGE replicaset.apps/contour-777bdddc69 2 2 2 102s
The Contour package installs 2 Contour pods and 3 Envoy pods. Both Contour and Envoy are exposed as services. In this example the Envoy service has an external IP address of 10.197.154.69. This IP address is carved from the CIDR specified for . A load balancer instance is created for this IP address. The members of the server pool for this load balancer are the Envoy pods. The Envoy pods assume the IP addresses of the worker nodes on which they run. You can see these IPs by querying the cluster nodes (
kubectl get nodes -o wide).
contour.yaml
contour.yaml to install Contour with Envoy. Update the version variable to match the target package version.
apiVersion: v1
kind: ServiceAccount
metadata:
name: contour-sa
namespace: tkg-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: contour-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: contour-sa
namespace: tkg-system
---
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall
metadata:
name: contour
namespace: tkg-system
spec:
serviceAccountName: contour-sa
packageRef:
refName: contour.tanzu.vmware.com
versionSelection:
constraints: 1.26.1+vmware.1-tkg.1 #PKG-VERSION
values:
- secretRef:
name: contour-data-values
---
apiVersion: v1
kind: Secret
metadata:
name: contour-data-values
namespace: tkg-system
stringData:
values.yml: |
---
namespace: tanzu-system-ingress
contour:
configFileContents: {}
useProxyProtocol: false
replicas: 2
pspNames: "vmware-system-restricted"
logLevel: info
envoy:
service:
type: LoadBalancer
annotations: {}
externalTrafficPolicy: Cluster
disableWait: false
hostPorts:
enable: true
http: 80
https: 443
hostNetwork: false
terminationGracePeriodSeconds: 300
logLevel: info
certificates:
duration: 8760h
renewBefore: 360h
