-
Overview
-
Practical sheets
-
-
-
-
-
-
-
- Backup : Agent-Level B&R via NSS for IAAS offer
- Backup : Create VCOD Backup
- Backup : Netbackup Agent Installation for Linux
- Backup : Netbackup Agent Installation for Windows
- Backup : Overall Design for VCOD Offer
- Backup : User's Guide for VCOD Offer
- NSX-T : Configuring a Distributed Firewall [FR]
- NSX-T : Create a VPN Ipsec
- NSX-T : Creation of T1
- NSX-T : DNAT configuration
- NSX-T : How to configure a Gateway Firewall
- NSX-T : SNAT configuration
- NSX-T: Create and Configure a Geneve Overlay Segment [FR]
- NSX-T: How to configure an IPSEC solution
- vCenter : Clone a VM [FR]
- VCenter : Create a new VM
- VCenter : Create a snapshot of a VM
- VCenter : Reset cloudadmin password
- VCenter : Storage Vmotion on a VM
- VCenter : Upgrade Vmware tools on a VM
- Show all articles (5) Collapse Articles
-
-
Q & A
-
Services
- Backup
- Bare metal server
- Block Storage
- BVPN access
- Certifications [FR]
- Cross Connect [FR]
- Dedicated Cluster
- DRaaS with VCDA
- Dual Site [FR]
- HA Dual-Room
- Internet access
- Kubernetes [FR]
- Licenses
- Loadbalancer As a Service
- Network
- Network Storage
- Object storage
- QoS Appliance
- Security
- Shared colocation switch option (Cross connect)
- Support and Coaching
- Tools [FR]
- VCenter On Demand
- VCenter On Demand
- VM Replication [FR]
- Show all articles (10) Collapse Articles
-
-
- Articles coming soon
-
- Articles coming soon
-
Install the Contour Ingress Controller
Introduction
This practical sheet provides a step by step procedure to install Contour Ingress Controller on workload clusters.
It is given as an example about how to use an Ingress Controller, but others Ingress Controller can be used. It is just for information and to help starting using an Ingress Controller.
To know more about Ingress Controller :
Install the Contour Ingress Controller
Please note !
This practical sheets is given as information only, Contour is not mandatory at all, you are free to install any other Ingress Controler on your clusters. No support can be provided on Contour.
Prerequisites
Before deploying Contour on the workload cluster, some prerequisite has to be installed either on the admin workstation or in the target workload cluster.
On the admin station
Install the Tanzu packages tools, using this page
On the cluster
Configure the vipSubnet to use
It is required to configure the vipSubnet to use for the load balancer.
Please follow the steps provided in this page : HERE
Install tkg package repository
Connect to the target cluster, then apply kapp controller yaml file :
kubectl apply -f https://github.com/vmware-tanzu/carvel-kapp-controller/releases/latest/download/release.yml
Add the repository
kubectl create ns packages
tanzu package repository add tanzu-standard --url projects.registry.vmware.com/tkg/packages/standard/repo:v2.2.0 -n packages
Install Cert-Manager
Get the correct version to install depending of the repository added in the above step. Use the LATEST-VERSION column and note the version, it will be required in next steps.
# tanzu package available list cert-manager.tanzu.vmware.com -A
- Retrieving available packages...
NAMESPACE NAME VERSION RELEASED-AT
packages cert-manager.tanzu.vmware.com 1.1.0+vmware.1-tkg.2 2020-11-24 18:00:00 +0000 UTC
packages cert-manager.tanzu.vmware.com 1.1.0+vmware.2-tkg.1 2020-11-24 18:00:00 +0000 UTC
packages cert-manager.tanzu.vmware.com 1.10.2+vmware.1-tkg.1 2023-01-11 12:00:00 +0000 UTC
packages cert-manager.tanzu.vmware.com 1.5.3+vmware.2-tkg.1 2021-08-23 17:22:51 +0000 UTC
packages cert-manager.tanzu.vmware.com 1.5.3+vmware.4-tkg.1 2021-08-23 17:22:51 +0000 UTC
packages cert-manager.tanzu.vmware.com 1.5.3+vmware.7-tkg.1 2021-08-23 17:22:51 +0000 UTC
packages cert-manager.tanzu.vmware.com 1.5.3+vmware.7-tkg.3 2021-08-23 17:22:51 +0000 UTC
packages cert-manager.tanzu.vmware.com 1.7.2+vmware.1-tkg.1 2021-10-29 12:00:00 +0000 UTC
packages cert-manager.tanzu.vmware.com 1.7.2+vmware.3-tkg.1 2021-10-29 12:00:00 +0000 UTC
packages cert-manager.tanzu.vmware.com 1.7.2+vmware.3-tkg.3 2021-10-29 12:00:00 +0000 UTC
Install cert manager in desired namespace :
- Replace NAMESPACE and VERSION using the version founded in the above step
tanzu package install cert-manager --package-name cert-manager.tanzu.vmware.com --namespace NAMESPACE --version VERSION
Example :
tanzu package install cert-manager --package cert-manager.tanzu.vmware.com --namespace packages --version 1.7.2+vmware.3-tkg.3
erify that cert-manager is successfully install
# tanzu package installed list -A
\ Retrieving installed packages...
NAME PACKAGE-NAME PACKAGE-VERSION STATUS NAMESPACE
cert-manager cert-manager.tanzu.vmware.com 1.7.2+vmware.3-tkg.3 Reconcile succeeded packages
Contour installation
Create a file named : contour-data-values.yaml with the following content :
---
infrastructure_provider: vsphere
namespace: tanzu-system-ingress
contour:
configFileContents: {}
useProxyProtocol: false
replicas: 2
pspNames: "vmware-system-restricted"
logLevel: info
envoy:
service:
type: LoadBalancer
annotations: {}
nodePorts:
http: null
https: null
externalTrafficPolicy: Cluster
disableWait: false
hostPorts:
enable: true
http: 80
https: 443
hostNetwork: false
terminationGracePeriodSeconds: 300
logLevel: info
pspNames: null
certificates:
duration: 8760h
renewBefore: 360h
Get the correct version to install depending of the repository added in the above step. Use the LATEST-VERSION column and note the version, it will be required in next steps.
# tanzu package available list contour.tanzu.vmware.com -A
- Retrieving available packages...
NAME DISPLAY-NAME SHORT-DESCRIPTION LATEST-VERSION NAMESPACE
contour.tanzu.vmware.com contour An ingress controller 1.18.2+vmware.1-tkg.1 packages
Install contour in desired namespace :
- Replace NAMESPACE and VERSION using the version founded in the above step
tanzu package install contour \
--package-name contour.tanzu.vmware.com \
--version VERSION \
--values-file contour-data-values.yaml \
--namespace NAMESPACE
Exemple :
tanzu package install contour \
--package-name contour.tanzu.vmware.com \
--version 1.18.2+vmware.1-tkg.1 \
--values-file contour-data-values.yaml \
--namespace packages
Verify that contour is successfully installed
tanzu package installed list -A
\ Retrieving installed packages...
NAME PACKAGE-NAME PACKAGE-VERSION STATUS NAMESPACE
contour contour.tanzu.vmware.com 1.18.2+vmware.1-tkg.1 Reconcile succeeded packages
Ingress controller sample usage
To test our Ingress Controller we will deploy two pods. One POD that will display a webpage with the text apple, and another POD that will display a webpage with the text banana.
Depending of the host url used to access the service the Ingress Controller will use the correct POD to give the answer to the web client.
This implementation require only one IP adress that are accessible outside the cluster (Envoy IP), it correspond to the service (type LoadBalancer) that we create during the contour installation process.
Please note !
For our demo we will use a public and free DNS service called nip.io. It will help and simplify our demo regarding the DNS resolution, but it is not mandatory at all, you can rely on your classical DNS resolution system.
nip.io will resolve the names by answering the IP provided in the name.
Example for :
banana.100.10.12.2.nip.ip will return the ip : 100.100.12.2
apple.100.10.12.2.nip.ip will return the ip : 100.100.12.2

PODs creation
First we need to define our PODS and services, for that create these two files :
apple.yaml
kind: Pod
apiVersion: v1
metadata:
name: apple-app
labels:
app: apple
spec:
containers:
- name: apple-app
image: hashicorp/http-echo
args:
- "-text=apple"
---
kind: Service
apiVersion: v1
metadata:
name: apple-service
spec:
selector:
app: apple
ports:
- port: 5678 # Default port for image
banana.yaml
kind: Pod
apiVersion: v1
metadata:
name: banana-app
labels:
app: banana
spec:
containers:
- name: banana-app
image: hashicorp/http-echo
args:
- "-text=banana"
---
kind: Service
apiVersion: v1
metadata:
name: banana-service
spec:
selector:
app: banana
ports:
- port: 5678 # Default port for image
Deploy the PODS
kubectl apply -f apple.yaml
kubectl apply -f banana.yaml
Verify that pods status are RUNNING after some times
kubectl get pods banana
kubectl get pods apple
Ingress Deployment
Get the ingress controller service IP. For that use the EXTERNAL-IP value, note the IP it will be required for next step.
Please note !
if you just installed Contour recently the EXTERNAL-IP address can take some minutes to be affected to your Load Balancer.
kubectl get svc envoy -n tanzu-system-ingress
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
envoy LoadBalancer 100.65.98.108 100.101.191.4 80:30411/TCP,443:30934/TCP 4d3h
Create a file named ingress.yaml with the below content
- replace the [IP] in the host parameter by the external-ip retrieved with the above command
- you can also use your own dns extension instead of nip.io, but for test purpose it will be more easier to use nip.io.
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: apple-ingress annotations: ingress.kubernetes.io/rewrite-target: / spec: rules: - host: apple.[IP].nip.io http: paths: - path: / backend: serviceName: apple-service servicePort: 5678 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: banana-ingress annotations: ingress.kubernetes.io/rewrite-target: / spec: rules: - host: banana.[IP].nip.io http: paths: - path: / backend: serviceName: banana-service servicePort: 5678
Deploy the ingress object.
kubectl apply -f ingress.yaml
Verify the status of the ingress
kubectl get ingress
Test the web page access
Open a web browser that can access to your Ingress Controller IP and try the both ingress URL.
- http://banana.[IP].nip.io (replace the [IP] with the exernal ip)
- http://apple.[IP].nip.io (replace the [IP] with the exernal ip)
Additional test usage
It is also possible to use a same url and redirect the flow depending of the path in the url.
For example :
- http://myapp.[IP].nip.io/apple will use the POD apple
- http://myapp.[IP].nip.io/banana will use the POD banana
The sample yaml file to use for this kind of ingerss is :
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myapp.[IP].nip.io
http:
paths:
- path: /apple
backend:
serviceName: apple-service
servicePort: 5678
- path: /banana
backend:
serviceName: banana-service
servicePort: 5678