Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/kadras-io/package-for-contour

Kubernetes-native package for Contour, a high performance ingress controller using Envoy.
https://github.com/kadras-io/package-for-contour

carvel contour envoy gateway-api ingress ingress-controller kadras kapp-controller kubernetes package-management

Last synced: 4 months ago
JSON representation

Kubernetes-native package for Contour, a high performance ingress controller using Envoy.

Awesome Lists containing this project

README 

          
# Contour



![Test Workflow](https://github.com/kadras-io/package-for-contour/actions/workflows/test.yml/badge.svg)

![Release Workflow](https://github.com/kadras-io/package-for-contour/actions/workflows/release.yml/badge.svg)

[![The SLSA Level 3 badge](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev/spec/v1.0/levels)

[![The Apache 2.0 license badge](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)

[![Follow us on Bluesky](https://img.shields.io/static/v1?label=Bluesky&message=Follow&color=1DA1F2)](https://bsky.app/profile/kadras.bsky.social)



A Carvel package for [Contour](https://projectcontour.io), a high performance ingress controller for Kubernetes based on Envoy.



## 🚀  Getting Started



### Prerequisites



* Kubernetes 1.33+

* Carvel [`kctrl`](https://carvel.dev/kapp-controller/docs/latest/install/#installing-kapp-controller-cli-kctrl) CLI.

* Carvel [kapp-controller](https://carvel.dev/kapp-controller) deployed in your Kubernetes cluster. You can install it with Carvel [`kapp`](https://carvel.dev/kapp/docs/latest/install) (recommended choice) or `kubectl`.



  ```shell

  kapp deploy -a kapp-controller -y \

    -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml

  ```



### Installation



Add the Kadras [package repository](https://github.com/kadras-io/kadras-packages) to your Kubernetes cluster:



  ```shell

  kctrl package repository add -r kadras-packages \

    --url ghcr.io/kadras-io/kadras-packages \

    -n kadras-system --create-namespace

  ```



Installation without package repository

The recommended way of installing the Contour package is via the Kadras package repository. If you prefer not using the repository, you can add the package definition directly using kapp or kubectl.



  ```shell

  kubectl create namespace kadras-system

  kapp deploy -a contour-package -n kadras-system -y \

    -f https://github.com/kadras-io/package-for-contour/releases/latest/download/metadata.yml \

    -f https://github.com/kadras-io/package-for-contour/releases/latest/download/package.yml

  ```



Install the Contour package:



  ```shell

  kctrl package install -i contour \

    -p contour.packages.kadras.io \

    -v ${VERSION} \

    -n kadras-system

  ```



> **Note**

> You can find the `${VERSION}` value by retrieving the list of package versions available in the Kadras package repository installed on your cluster.

> 

>   ```shell

>   kctrl package available list -p contour.packages.kadras.io -n kadras-system

>   ```



Verify the installed packages and their status:



  ```shell

  kctrl package installed list -n kadras-system

  ```



## 📙  Documentation



Documentation, tutorials and examples for this package are available in the [docs](docs) folder.

For documentation specific to Contour, check out [projectcontour.io](https://projectcontour.io).



## 🎯  Configuration



The Contour package can be customized via a `values.yml` file.



  ```yaml

  contour:

    config:

      logFormat: json

      useProxyProtocol: true

  ```



Reference the `values.yml` file from the `kctrl` command when installing or upgrading the package.



  ```shell

  kctrl package install -i contour \

    -p contour.packages.kadras.io \

    -v ${VERSION} \

    -n kadras-system \

    --values-file values.yml

  ```



### Values



The Contour package has the following configurable properties.



Configurable properties



| Config | Default | Description |

|--------|---------|-------------|

| `namespace` | `projectcontour` | The namespace in which to deploy Contour and Envoy. |



Settings for the Contour component.



| Config | Default | Description |

|--------|---------|-------------|

| `contour.replicas` | `2` | The number of Contour replicas. In order to enable high availability, it should be greater than 1. |

| `contour.config.logFormat` | `text` | Log output format for Contour. Either `text` (default) or `json`. |

| `contour.config.logLevel` | `info` | The Contour log level. Valid options are `info` and `debug`. |

| `contour.config.useProxyProtocol` | `false` | Whether to enable PROXY protocol for all Envoy listeners. |

| `contour.configMapData` | `{}` | The YAML contents of the `contour` ConfigMap. See https://projectcontour.io/docs/latest/configuration/#configuration-file for more information. |



Settings for the Envoy component.



| Config | Default | Description |

|--------|---------|-------------|

| `envoy.workload.type` | `DaemonSet` | The type of Kubernetes workload that Envoy is deployed as. Options are `Deployment` or `DaemonSet`. |

| `envoy.workload.replicas` | `2` | The number of Envoy replicas to deploy when `type` is set to `Deployment`. |

| `envoy.workload.hostPorts.enabled` | `true` | Whether to enable host ports. If false, `http` & `https` are ignored. |

| `envoy.workload.hostPorts.http` | `80` | If enabled, the host port number to expose Envoy's HTTP listener on. |

| `envoy.workload.hostPorts.https` | `443` | If enabled, the host port number to expose Envoy's HTTPS listener on. |

| `envoy.workload.hostNetwork` | `false` | Whether to enable host networking for the Envoy pods. |

| `envoy.workload.terminationGracePeriodSeconds` | `300` | The termination grace period, in seconds, for the Envoy pods. |

| `envoy.config.logLevel` | `info` | The Envoy log level. Valid options are `trace`, `debug`, `info`, `warning`, `warn`, `error`, `critical`, and `off`. |

| `envoy.service.type` | `LoadBalancer` | The type of Kubernetes service to provision for Envoy. Valid options are `NodePort`, `ClusterIP`, and `LoadBalancer`. |

| `envoy.service.loadBalancerIP` | `""` | The desired load balancer IP. If `type` is not `LoadBalancer', this field is ignored. It is up to the cloud provider whether to honor this request. If not specified, the load balancer IP will be assigned by the cloud provider. |

| `envoy.service.externalTrafficPolicy` | `Local` | The external traffic policy for the Envoy service. Valid options are `Cluster` and `Local`. |

| `envoy.service.annotations` | `{}` | Annotations to set on the Envoy service. |

| `envoy.service.nodePorts.http` | `0` | The node port number to expose Envoy's HTTP listener on. If not specified, a node port will be auto-assigned by Kubernetes. |

| `envoy.service.nodePorts.https` | `0` | The node port number to expose Envoy's HTTPS listener on. If not specified, a node port will be auto-assigned by Kubernetes. |



Settings for Prometheus metrics.



| Config | Default | Description |

|--------|---------|-------------|

| `prometheus.enabled` | `true` | Whether to enable Prometheus annotations for automatic scraping of Contour metrics. |



Settings for distributed tracing.



| Config | Default | Description |

|--------|---------|-------------|

| `tracing.enabled` | `false` | Whether to enable distributed tracing for Contour and Envoy. If `true`, an OpenTelemetry compatible tracing backend must be available to receive the traces. |

| `tracing.collector.service_name` | `""` | The name of the OpenTelemetry collector service. |

| `tracing.collector.service_namespace` | `""` | The namespace of the OpenTelemetry collector service. |

| `tracing.collector.port` | `4317` | The port on the OpenTelemetry collector service to send traces to. |



TLS configuration to secure the communication between Contour and Envoy.



| Config | Default | Description |

|--------|---------|-------------|

| `certificates.useCertManager` | `false` | Whether to use cert-manager to provision TLS certificates for securing the communication between Contour and Envoy. If `false`, the `contour-certgen` Job will be used to provision certificates. If `true`, cert-manager must be installed in the cluster. See: https://github.com/kadras-io/package-for-cert-manager. |

| `certificates.duration` | `8760h` | If using cert-manager, how long the certificates should be valid for. If `useCertManager` is false, this field is ignored. |

| `certificates.renewBefore` | `360h` | If using cert-manager, how long before expiration the certificates should be renewed. If `useCertManager` is false, this field is ignored. |



## 🛡️  Security



The security process for reporting vulnerabilities is described in [SECURITY.md](SECURITY.md).



## 🖊️  License



This project is licensed under the **Apache License 2.0**. See [LICENSE](LICENSE) for more information.



## 🙏  Acknowledgments



This package is inspired by the original Contour package used in the [Tanzu Community Edition](https://github.com/vmware-tanzu/community-edition) project before its retirement.