Install Contour with Envoy

Follow these instructions to install Contour with Envoy on a TKG Service cluster that is running TKr for vSphere 8.x.

Prerequisites

Adhere to the following prerequisites.

Create Contour Data Values

Prepare to install Contour by creating the data values file.

List the available Contour package versions.
```
tanzu package available get contour.tanzu.vmware.com -n tkg-system
```
Or, using kubectl:
```
kubectl -n tkg-system get packages | grep contour
```
Note: Typically you should use the latest version unless your requirements differ.
Generate the contour-default-values.yaml file.
```
tanzu package available get contour.tanzu.vmware.com/1.28.2+vmware.1-tkg.1 --default-values-file-output contour-data-values.yaml
```
Where:
- 1.28.2+vmware.1-tkg.1 is the target package version
- contour-data-values.yaml is the name and path of the data values file to generate

Edit the contour-data-values.yaml file.

Set the Envoy service to LoadBalancer to allow traffic from outside the cluster to access Kubernetes services. Refer to the following example for guidance.

vi contour-data-values.yaml

---
infrastructure_provider: vsphere
namespace: tanzu-system-ingress
contour:
 configFileContents: {}
 useProxyProtocol: false
 replicas: 2
 pspNames: "vmware-system-restricted"
 logLevel: info
envoy:
 service:
   type: LoadBalancer
   annotations: {}
   externalTrafficPolicy: Cluster
   disableWait: false
 hostPorts:
   enable: true
   http: 80
   https: 443
 hostNetwork: false
 terminationGracePeriodSeconds: 300
 logLevel: info
certificates:
 duration: 8760h
 renewBefore: 360h

Install Contour

Complete these steps to install Contour ingress with Envoy.

Create a unique namespace for the Contour package.
```
kubectl create ns tanzu-system-ingress
```

Install Contour.

Adjust the version to meet your requirements.

tanzu package install contour -p contour.tanzu.vmware.com -v 1.28.2+vmware.1-tkg.1 --values-file contour-data-values.yaml -n tanzu-system-ingress

Verify the Contour installation.

tanzu package installed list -n tanzu-system-ingress

Verify Contour and Envoy objects.

kubectl -n tanzu-system-ingress get all

NAME                           READY   STATUS    RESTARTS   AGE
pod/contour-777bdddc69-fqnsp   1/1     Running   0          102s
pod/contour-777bdddc69-gs5xv   1/1     Running   0          102s
pod/envoy-d4jtt                2/2     Running   0          102s
pod/envoy-g5h72                2/2     Running   0          102s
pod/envoy-pjpzc                2/2     Running   0          102s

NAME              TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)                      AGE
service/contour   ClusterIP      10.105.242.46   <none>          8001/TCP                     102s
service/envoy     LoadBalancer   10.103.245.57   10.197.154.69   80:32642/TCP,443:30297/TCP   102s

NAME                   DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/envoy   3         3         3       3            3           <none>          102s

NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/contour   2/2     2            2           102s

NAME                                 DESIRED   CURRENT   READY   AGE
replicaset.apps/contour-777bdddc69   2         2         2       102s

In this example the Envoy service has an external IP address of 10.197.154.69. This IP address is carved from the CIDR range specified for Workload Network > Ingress. A new load balancer instance is created for this IP address. The members of the server pool for this load balancer are the Envoy pods. Since the Envoy pods assume the IP addresses of the worker nodes on which they run, you can see these IP addresses by querying the cluster nodes (kubectl get nodes -o wide).

Troubleshoot

Refer to the following topic as needed.

Contour Package Reference.