Contour is an Ingress controller for Kubernetes that works by deploying the Envoy proxy as a reverse proxy and load balancer. Contour supports dynamic configuration updates out of the box while maintaining a lightweight profile.
Contour also introduces a new ingress API (IngressRoute) which is implemented via a Custom Resource Definition (CRD). Its goal is to expand upon the functionality of the Ingress API to allow for a richer user experience as well as solve shortcomings in the original design.
Contour is tested with Kubernetes clusters running version 1.10 and later, but should work with earlier versions where Custom Resource Definitions are supported (Kubernetes 1.7+).
RBAC must be enabled on your cluster.
You can try out Contour by creating a deployment from a hosted manifest -- no clone or local install necessary.
What you do need:
- A Kubernetes cluster that supports Service objects of
type: LoadBalancer
(AWS Quickstart cluster or Minikube, for example) kubectl
configured with admin access to your cluster
See the deployment documentation for more deployment options if you don't meet these requirements.
Run:
kubectl apply -f https://raw.githubusercontent.com/heptio/contour/master/examples/render/contour.yaml
This command creates:
- A new namespace
heptio-contour
with two instances of Contour in the namespace - A Service of
type: LoadBalancer
that points to the Contour instances - Depending on your configuration, new cloud resources -- for example, ELBs in AWS
See also TLS support for details on configuring TLS support for the services behind Contour.
For information on configuring TLS for gRPC between Contour and Envoy, see grpc-tls-howto.md
If you don't have an application ready to run with Contour, you can explore with kuard.
Run:
kubectl apply -f https://raw.githubusercontent.com/heptio/contour/master/examples/example-workload/kuard.yaml
This example specifies a default backend for all hosts, so that you can test your Contour install. It's recommended for exploration and testing only, however, because it responds to all requests regardless of the incoming DNS that is mapped. You probably want to run with specific Ingress rules for specific hostnames.
Now you can retrieve the external address of Contour's load balancer:
$ kubectl get -n heptio-contour service contour -o wide
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
contour 10.106.53.14 a47761ccbb9ce11e7b27f023b7e83d33-2036788482.ap-southeast-2.elb.amazonaws.com 80:30274/TCP 3h app=contour
How you configure DNS depends on your platform:
- On AWS, create a CNAME record that maps the host in your Ingress object to the ELB address.
- If you have an IP address instead (on GCE, for example), create an A record.
For more deployment options, including uninstalling Contour, see the deployment documentation.
See also the Kubernetes documentation for Services, Ingress, and IngressRoutes.
The detailed documentation provides additional information, including an introduction to Envoy and an explanation of how Contour maps key Envoy concepts to Kubernetes.
We've also got an FAQ for short-answer questions and conceptual stuff that doesn't quite belong in the docs.
If you encounter issues, review the troubleshooting docs, file an issue, or talk to us on the #contour channel on the Kubernetes Slack server.
Thanks for taking the time to join our community and start contributing!
- Please familiarize yourself with the Code of Conduct before contributing.
- See CONTRIBUTING.md for information about setting up your environment, the workflow that we expect, and instructions on the developer certificate of origin that we require.
- Check out the open issues.
See the list of releases to find out about feature changes.