Contour is an ingress controller for Kubernetes . Here we are setting up in OKE.
Choose one of the methods explained here, we are using the 2nd option:
kubectl apply -f https://projectcontour.io/quickstart/operator.yaml
kubectl apply -f https://projectcontour.io/quickstart/contour-custom-resource.yaml
A couple of services are created in a namespace called projectcontour. In our particular use case we have modified the envoy service for creating the load balancer in an private subnet and also changed the port from 80 to 8080
k get svc -n projectcontour
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
contour ClusterIP 10.96.36.80 <none> 8001/TCP 31h
envoy LoadBalancer 10.96.51.209 192.168.189.2 8080:30349/TCP,443:30485/TCP 31h
If you are curious to know how to do it just edit the service and put a couple of annotations indicating to use an internal subnet.
k edit svc/envoy -n projectcontour
Similarly for the port;
So far so good. We have our ingress installed.
Now let’s create the ingress. We want to route traffic to specific services/pods depending on the path of the methods exposed in our micro services. Let’s see an example:
apiVersion: networking.k8s.io/v1beta kind: Ingress metadata: name: invictuscore spec: rules: - http: paths: # enruta al ofsagent - path: /ofsa backend: serviceName: ofsagent servicePort: 8080 # enruta al sapagent - path: /sapa backend: serviceName: sapagent servicePort: 8080 ...
Ok. So now we need a guy that does some work. Let’s create a deployment and a service:
apiVersion: apps/v1 kind: Deployment metadata: name: ofsagent spec: selector: matchLabels: app: ofsagent replicas: 1 template: metadata: labels: app: ofsagent spec: containers: - name: ofsagent image: fra.ocir.io/invictusavd/invictuscore/ofsagent:1.0 imagePullPolicy: Always ports: - containerPort: 8080 imagePullSecrets: - name: k8sinvictussecret
apiVersion: v1 kind: Service metadata: name: ofsagent spec: selector: app: ofsagent type: ClusterIP ports: - name: http port: 8080 targetPort: 8080
So this is what we have:
A pod listening in 8080 <- a service of type ClusterIP called ofsagent exposing port 8080 and pointing to pod’s port 8080 <- an ingress routing to ofsagent port 8080 all the traffic that has path /ofsagent <- a service type Load Balancer with a listener in port 8080 (envoy) keen to serve your requests. Let’s try:
curl 192.168.189.2:8080/ofsa hi from invictuscore - ofsagent()!!
That’s all, hope it helps!!