Configuring Contour as ingress controller for OKE in 10 minutes


Contour is an ingress controller for Kubernetes . Here we are setting up in OKE.

Setup

Choose one of the methods explained here, we are using the 2nd option:

kubectl apply -f https://projectcontour.io/quickstart/operator.yaml

kubectl apply -f https://projectcontour.io/quickstart/contour-custom-resource.yaml

A service are created in a namespace called projectcontour. In our particular use case we have modified the envoy service for creating the load balancer in an private subnet and also change the port from 80 to 8080

k get svc -n projectcontour
 NAME      TYPE           CLUSTER-IP     EXTERNAL-IP     PORT(S)                        AGE
 contour   ClusterIP      10.96.36.80    <none>          8001/TCP                       1m
 envoy     LoadBalancer   10.96.3.122     <pending>     8080:30857/TCP,443:31922/TCP    1m

If you are curious to know how to do it just edit the service and put a couple of annotations indicating to use an internal subnet.

k edit svc/contour -n projectcontour

Similarly for the port:

So far so good. We have contour installed.

Now let’s create the ingress. We want to route traffic to specific services/pods depending on the path of the methods exposed in our micro services. Let’s see an example:

apiVersion: networking.k8s.io/v1beta
kind: Ingress
metadata:
  name: invictuscore
spec:
  rules:
  - http:
      paths:
# enruta al ofsagent
      - path: /ofsa
        backend:
          serviceName: ofsagent
          servicePort: 8080
# enruta al sapagent
      - path: /sapa
        backend:
          serviceName: sapagent
          servicePort: 8080
...

Ok. So now we need a guy that does some work. Let’s create a deployment and a service:

apiVersion: apps/v1
kind: Deployment
metadata:
  name:    ofsagent
spec:
  selector:
    matchLabels:
      app: ofsagent
  replicas: 1
  template:
    metadata:
      labels:
        app: ofsagent
    spec:
      containers:
      - name: ofsagent
        image: fra.ocir.io/invictusavd/invictuscore/ofsagent:1.0
        imagePullPolicy: Always
        ports:
        - containerPort: 8080
      imagePullSecrets:
      - name: k8sinvictussecret      
apiVersion: v1
kind: Service
metadata:
  name: ofsagent
spec:
  selector:
    app: ofsagent
  type: ClusterIP
  ports:
    - name: http
      port: 8080
      targetPort: 8080

So this is what we have:

A pod listening in 8080 <- a service of type ClusterIP called ofsagent exposing port 8080 and pointing to pod’s port 8080 <- an ingress routing to ofsagent port 8080 all the traffic that has path /ofsagent <- a service type Load Balancer with a listener in port 8080 (contour) keen to serve your requests. Let’s try:

curl 192.168.189.2:8080/ofsa
hi from invictuscore - ofsagent()!!

That’s all, hope it helps!!

One Comment

  1. Rahul

    Hi the post was helpful, I had few questions, The application to which I am working to use contour as ingress for traffic is an ldap application and it uses several ports to accept the traffic , like LDAP port 2389, LDAPS port 636, admin port 8080 etc, basically it is a tcp dependent application, So how can I use contour here? My istio is somewhat like this

    apiVersion: v1
    kind: Service
    metadata:
    annotations:
    meta.helm.sh/release-name: istio-ingress
    meta.helm.sh/release-namespace: istio-system
    creationTimestamp: “”
    finalizers:
    – service.kubernetes.io/load-balancer-cleanup
    labels:
    app: istio-ingressgateway
    app.kubernetes.io/managed-by: Helm
    install.operator.istio.io/owning-resource: unknown
    istio: ingressgateway
    istio.io/rev: default
    operator.istio.io/component: IngressGateways
    release: istio-ingress
    name: istio-ingressgateway
    namespace: istio-system
    resourceVersion: “5995429″
    uid:
    spec:
    clusterIP:
    clusterIPs:
    – 1
    externalTrafficPolicy: Cluster
    ipFamilies:
    – IPv4
    ipFamilyPolicy: SingleStack
    ports:
    – name: status-port
    nodePort: 30900
    port: 15021
    protocol: TCP
    targetPort: 15021
    – name: http2
    nodePort: 32548
    port: 80
    protocol: TCP
    targetPort: 8080
    – name: https
    nodePort: 32501
    port: 443
    protocol: TCP
    targetPort: 8443
    – name: http2-fid1
    nodePort: 32570
    port: 7070
    protocol: TCP
    targetPort: 7070
    – name: https-fid1
    nodePort: 32508
    port: 7171
    protocol: TCP
    targetPort: 7171
    – name: http2-api1
    nodePort: 32550
    port: 8089
    protocol: TCP
    targetPort: 8089
    – name: https-api1
    nodePort: 32504
    port: 8090
    protocol: TCP
    targetPort: 8090
    – name: http2-admin1
    nodePort: 32551
    port: 9100
    protocol: TCP
    targetPort: 9100
    – name: https-admin1
    nodePort: 32505
    port: 9101
    protocol: TCP
    targetPort: 9101
    – name: ldap
    nodePort: 32552
    port: 2389
    protocol: TCP
    targetPort: 2389
    – name: ldaps
    nodePort: 32506
    port: 2636
    protocol: TCP
    targetPort: 2636
    selector:
    app: istio-ingressgateway
    istio: ingressgateway
    sessionAffinity: None
    type: LoadBalancer
    status:
    loadBalancer:
    ingress:
    – hostname:

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.