Tanzu Kubernetes Grid
Contour Integration
VMware’s flagship Kubernetes offering, Tanzu Kubernetes Grid provides for a number of add-on packages that can be quickly leveraged within your environment. Our TKG environments were configured to leverage the NSX Advanced Load Balancer and provide load balancers for the control and data planes within the Kubernetes clusters running inside the VMware SDDC environment. As part of that configuration, it unlocks the ability to leverage NSX Advanced Load Balancers further by installing the Contour service within the TKG Management and Workload clusters. This article walks you through step-by-step the process of installing Contour on both a TKG Management Cluster and a TKG Workload Cluster. It also demonstrates how to deploy a sample application and configure an httpproxy object to route application traffic through the NSX Advanced Load Balancer virtual service.
bootstrap $ tanzu package available list cert-manager.tanzu.vmware.com -A bootstrap $ tanzu package install cert-manager \ --package-name cert-manager.tanzu.vmware.com \ --version <latest-version>
Prior to installing the Contour service inside the TKG Managment Cluster, the following screenshot shows what the two virtual services that are currently configured inside the NSX Advanced Load Balancer UI. One virtual service is for the front-end Kubernetes API on the TKG Management Cluster, and the other is for the front-end Kubernetes API for the TKG Workload Cluster. By installing and configuring Contour for the applications running inside the Kubernetes clusters, the integration with NSX Advanced Load Balancer is going to create a secondary virtual service for the TKG Management Cluster and Workload Cluster(s) respectively. These virtual services will be configured to leverage traffic over TCP ports 80 and 443.
The updated documentation for installing Contour and integrating with the NSX Advanced Load Balancer omits the needed file. However, the necessary file can still be viewed and copied from the documentation for TKG 1.6.0.
Save the file to leverage it when you execute the command to install Contour inside the Kubernetes cluster.
bootstrap $ tanzu package available list contour.tanzu.vmware.com -A bootstrap $ tanzu package install contour \ --package-name contour.tanzu.vmware.com \ --version <latest-version> \ --values-file <path-to-avi-file> \ --namespace default
The two sets of pods will be respectively running in the cert-manager and tanzu-system-ingress namespaces.
The new NSX Advanced Load Balancer virtual service can be seen by logging into the NSX Advanced Load Balancer UI and selecting Virtual Services. It appears as down until there are ingress or httpproxy objects created inside the Kubernetes cluster.
bootstrap $ tanzu package available list cert-manager.tanzu.vmware.com -A bootstrap $ tanzu package install cert-manager \ --package-name cert-manager.tanzu.vmware.com \ --version <latest-version>
bootstrap $ tanzu package available list contour.tanzu.vmware.com -A bootstrap $ tanzu package install contour \ --package-name contour.tanzu.vmware.com \ --version <latest-version> \ --values-file <path-to-avi-file> \ --namespace default
In order to validate the Contour system is working correctly and fully integrated with the NSX Advanced Load Balancer, you can deploy a sample application like HTTPBIN and create an httpproxy object inside Kubernetes. The following is a YAML file I often use for deploying HTTPBIN:
bootstrap $ kubectl create -f httpbin.yaml bootstrap $ kubectl get pods,svc,httpproxy
By looking at the NSX Advanced Load Balancer UI, you can see the virtual service is now ‘Orange’ because there is now an application leveraging port 80. If the application had been configured to leverage both HTTP and HTTPS, the virtual service would show ‘Green’ on this screen.
Finally validate the URL you specified in the httpproxy section of the YAML file for the HTTPBIN deployment is accessible. If it is working correctly, you should see a screen similar to the following screenshot.
