Contour is an ingress controller for Kubernetes . Here we are setting up in OKE.
Setup
Choose one of the methods explained here, we are using the 2nd option:
kubectl apply -f https://projectcontour.io/quickstart/operator.yaml
kubectl apply -f https://projectcontour.io/quickstart/contour-custom-resource.yaml
A service are created in a namespace called projectcontour. In our particular use case we have modified the envoy service for creating the load balancer in an private subnet and also change the port from 80 to 8080
k get svc -n projectcontour NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE contour ClusterIP 10.96.36.80 <none> 8001/TCP 1m envoy LoadBalancer 10.96.3.122 <pending> 8080:30857/TCP,443:31922/TCP 1m
If you are curious to know how to do it just edit the service and put a couple of annotations indicating to use an internal subnet.
k edit svc/contour -n projectcontour

Similarly for the port:

So far so good. We have contour installed.
Now let’s create the ingress. We want to route traffic to specific services/pods depending on the path of the methods exposed in our micro services. Let’s see an example:
apiVersion: networking.k8s.io/v1beta kind: Ingress metadata: name: invictuscore spec: rules: - http: paths: # enruta al ofsagent - path: /ofsa backend: serviceName: ofsagent servicePort: 8080 # enruta al sapagent - path: /sapa backend: serviceName: sapagent servicePort: 8080 ...
Ok. So now we need a guy that does some work. Let’s create a deployment and a service:
apiVersion: apps/v1 kind: Deployment metadata: name: ofsagent spec: selector: matchLabels: app: ofsagent replicas: 1 template: metadata: labels: app: ofsagent spec: containers: - name: ofsagent image: fra.ocir.io/invictusavd/invictuscore/ofsagent:1.0 imagePullPolicy: Always ports: - containerPort: 8080 imagePullSecrets: - name: k8sinvictussecret
apiVersion: v1 kind: Service metadata: name: ofsagent spec: selector: app: ofsagent type: ClusterIP ports: - name: http port: 8080 targetPort: 8080
So this is what we have:
A pod listening in 8080 <- a service of type ClusterIP called ofsagent exposing port 8080 and pointing to pod’s port 8080 <- an ingress routing to ofsagent port 8080 all the traffic that has path /ofsagent <- a service type Load Balancer with a listener in port 8080 (contour) keen to serve your requests. Let’s try:
curl 192.168.189.2:8080/ofsa hi from invictuscore - ofsagent()!!
That’s all, hope it helps!!
Hi the post was helpful, I had few questions, The application to which I am working to use contour as ingress for traffic is an ldap application and it uses several ports to accept the traffic , like LDAP port 2389, LDAPS port 636, admin port 8080 etc, basically it is a tcp dependent application, So how can I use contour here? My istio is somewhat like this
apiVersion: v1
kind: Service
metadata:
annotations:
meta.helm.sh/release-name: istio-ingress
meta.helm.sh/release-namespace: istio-system
creationTimestamp: “”
finalizers:
– service.kubernetes.io/load-balancer-cleanup
labels:
app: istio-ingressgateway
app.kubernetes.io/managed-by: Helm
install.operator.istio.io/owning-resource: unknown
istio: ingressgateway
istio.io/rev: default
operator.istio.io/component: IngressGateways
release: istio-ingress
name: istio-ingressgateway
namespace: istio-system
resourceVersion: “5995429″
uid:
spec:
clusterIP:
clusterIPs:
– 1
externalTrafficPolicy: Cluster
ipFamilies:
– IPv4
ipFamilyPolicy: SingleStack
ports:
– name: status-port
nodePort: 30900
port: 15021
protocol: TCP
targetPort: 15021
– name: http2
nodePort: 32548
port: 80
protocol: TCP
targetPort: 8080
– name: https
nodePort: 32501
port: 443
protocol: TCP
targetPort: 8443
– name: http2-fid1
nodePort: 32570
port: 7070
protocol: TCP
targetPort: 7070
– name: https-fid1
nodePort: 32508
port: 7171
protocol: TCP
targetPort: 7171
– name: http2-api1
nodePort: 32550
port: 8089
protocol: TCP
targetPort: 8089
– name: https-api1
nodePort: 32504
port: 8090
protocol: TCP
targetPort: 8090
– name: http2-admin1
nodePort: 32551
port: 9100
protocol: TCP
targetPort: 9100
– name: https-admin1
nodePort: 32505
port: 9101
protocol: TCP
targetPort: 9101
– name: ldap
nodePort: 32552
port: 2389
protocol: TCP
targetPort: 2389
– name: ldaps
nodePort: 32506
port: 2636
protocol: TCP
targetPort: 2636
selector:
app: istio-ingressgateway
istio: ingressgateway
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
– hostname:
LikeLike