Install the Contour Ingress Controller

Introduction

This practical sheet provides a step by step procedure to install Contour Ingress Controller on workload clusters.

It is given as an example about how to use an Ingress Controller, but others Ingress Controller can be used. It is just for information and to help starting using an Ingress Controller.

To know more about Ingress Controller :

Kubernetes : Ingress Controller

KaaS Standard#ingress_controller

Prerequisites

Before deploying Contour on the workload cluster, some prerequisite has to be installed either on the admin workstation or in the target workload cluster.

On the admin station

Install the Tanzu packages tools, using this page

KaaS – Tooling

On the cluster

Configure the vipSubnet to use

It is required to configure the vipSubnet to use for the load balancer.

Please follow the steps provided in this page : HERE

Install tkg package repository

Connect to the target cluster, then apply kapp controller yaml file :

Add the repository

Install Cert-Manager

Get the correct version to install depending of the repository added in the above step. Use the LATEST-VERSION column and note the version, it will be required in next steps.

# tanzu package available list cert-manager.tanzu.vmware.com -A

- Retrieving available packages...
  NAMESPACE   NAME                           VERSION                RELEASED-AT 
  packages  cert-manager.tanzu.vmware.com  1.1.0+vmware.1-tkg.2   2020-11-24 18:00:00 +0000 UTC  
  packages  cert-manager.tanzu.vmware.com  1.1.0+vmware.2-tkg.1   2020-11-24 18:00:00 +0000 UTC  
  packages  cert-manager.tanzu.vmware.com  1.10.2+vmware.1-tkg.1  2023-01-11 12:00:00 +0000 UTC  
  packages  cert-manager.tanzu.vmware.com  1.5.3+vmware.2-tkg.1   2021-08-23 17:22:51 +0000 UTC  
  packages  cert-manager.tanzu.vmware.com  1.5.3+vmware.4-tkg.1   2021-08-23 17:22:51 +0000 UTC  
  packages  cert-manager.tanzu.vmware.com  1.5.3+vmware.7-tkg.1   2021-08-23 17:22:51 +0000 UTC  
  packages  cert-manager.tanzu.vmware.com  1.5.3+vmware.7-tkg.3   2021-08-23 17:22:51 +0000 UTC  
  packages  cert-manager.tanzu.vmware.com  1.7.2+vmware.1-tkg.1   2021-10-29 12:00:00 +0000 UTC  
  packages  cert-manager.tanzu.vmware.com  1.7.2+vmware.3-tkg.1   2021-10-29 12:00:00 +0000 UTC  
  packages  cert-manager.tanzu.vmware.com  1.7.2+vmware.3-tkg.3   2021-10-29 12:00:00 +0000 UTC

Install cert manager in desired namespace :

Replace NAMESPACE and VERSION using the version founded in the above step

Example :

erify that cert-manager is successfully install

Contour installation

Create a file named : contour-data-values.yaml with the following content :

---
infrastructure_provider: vsphere
namespace: tanzu-system-ingress
contour:
 configFileContents: {}
 useProxyProtocol: false
 replicas: 2
 pspNames: "vmware-system-restricted"
 logLevel: info
envoy:
 service:
   type: LoadBalancer
   annotations: {}
   nodePorts:
     http: null
     https: null
   externalTrafficPolicy: Cluster
   disableWait: false
 hostPorts:
   enable: true
   http: 80
   https: 443
 hostNetwork: false
 terminationGracePeriodSeconds: 300
 logLevel: info
 pspNames: null
certificates:
 duration: 8760h
 renewBefore: 360h

Get the correct version to install depending of the repository added in the above step. Use the LATEST-VERSION column and note the version, it will be required in next steps.

Install contour in desired namespace :

Replace NAMESPACE and VERSION using the version founded in the above step

Exemple :

Verify that contour is successfully installed

Ingress controller sample usage

To test our Ingress Controller we will deploy two pods. One POD that will display a webpage with the text apple, and another POD that will display a webpage with the text banana.

Depending of the host url used to access the service the Ingress Controller will use the correct POD to give the answer to the web client.

This implementation require only one IP adress that are accessible outside the cluster (Envoy IP), it correspond to the service (type LoadBalancer) that we create during the contour installation process.

For our demo we will use a public and free DNS service called nip.io. It will help and simplify our demo regarding the DNS resolution, but it is not mandatory at all, you can rely on your classical DNS resolution system.

nip.io will resolve the names by answering the IP provided in the name.
Example for :

banana.100.10.12.2.nip.ip will return the ip : 100.100.12.2

apple.100.10.12.2.nip.ip will return the ip : 100.100.12.2

PODs creation

First we need to define our PODS and services, for that create these two files :

apple.yaml

banana.yaml

Deploy the PODS

Verify that pods status are RUNNING after some times

Ingress Deployment

Get the ingress controller service IP. For that use the EXTERNAL-IP value, note the IP it will be required for next step.

Create a file named ingress.yaml with the below content

replace the [IP] in the host parameter by the external-ip retrieved with the above command
you can also use your own dns extension instead of nip.io, but for test purpose it will be more easier to use nip.io.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: apple-ingress
  annotations:
    ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: apple.[IP].nip.io
    http:
      paths:
        - path: /
          backend:
            serviceName: apple-service
            servicePort: 5678
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: banana-ingress
  annotations:
    ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: banana.[IP].nip.io
    http:
      paths:
        - path: /
          backend:
            serviceName: banana-service
            servicePort: 5678

Deploy the ingress object.

Verify the status of the ingress

Test the web page access

Open a web browser that can access to your Ingress Controller IP and try the both ingress URL.

http://banana.[IP].nip.io (replace the [IP] with the exernal ip)
http://apple.[IP].nip.io (replace the [IP] with the exernal ip)

Additional test usage

It is also possible to use a same url and redirect the flow depending of the path in the url.

For example :

http://myapp.[IP].nip.io/apple will use the POD apple
http://myapp.[IP].nip.io/banana will use the POD banana

The sample yaml file to use for this kind of ingerss is :

Overview

Practical sheets

API

Backup

Cloud Customer Space

Contractual documents

Help and technical assistance

Online help

Roles and users

Technical Dashboards

The Support

Virtual Data Center ressources

Kubernetes

Additional components

KaaS

Tooling & Troubleshooting

Network

Networks and External Interconnections (links)

VDC Networks

Security

Services Area

Log in to the service area

Services

Storage

Objet Storage (S3)

Advanced features implementation guide

Getting Started

Service user manual

Shared storage (Network storage)

VDC & Virtual Machines

vCOD

Virtual Machines

Advanced Operations

Known Issues

Main Operations

VMware Cloud Director (VCD)

Catalogs

VMWare Cloud Director Availability (vCDA)

Q & A