►
From YouTube: FRIDAY NIGHT HACK! Kubernetes Ingress with Contour
Description
Ground up setup of Kubernetes ingress with heptio contour and IngressRoute.
https://github.com/heptio/contour/
A
G'day
lucky
here
so
about
two
weeks
ago,
I
read
a
really
interesting
blog
by
Dave
Chaney
and
the
folks
over
at
hep
do
about
a
new
release
of
happy
oak
on
tour.
Now,
if
you
are
not
familiar
with
contour
I
did
a
video
on
an
OSS
unboxing
I've
come
to
a
several
months
ago,
but
the
TLDR
is
contour.
Is
a
kubernetes
ingress
controller
built
on
top
of
Envoy
right?
A
So
one
of
the
things
that
really
piqued
my
interest
in
that
particular
blog
that
was
written
up,
was
in
0.6
of
contour
I,
believe
they
introduced
a
new
custom
resource
type
called
ingress
route.
Now
we're
gonna
go
into
ingress
route,
but
I
thought
it
might
be
fun,
given
the
feedback
I've
had
in
the
past.
One
of
my
number
one
watch.
Videos
on
my
channel
is
around
kubernetes
ingress
as
getting
started
with
them
doing
things
with
them.
So
I
figured
I'd,
take
everybody
on
a
journey
through
setting
up
a
kubernetes,
English
controller
and
then
I.
A
Don't
think
that
I
will
have
time
to
go
through
every
intricate
detail
of
ingress
route.
This
new
resource,
but
let's
just
step
through
it,
get
a
feel
for
it
and
I
can
always
make
another.
Video,
diving,
deeper,
I'm
sure
there's
plenty
of
goodies
in
there.
So,
let's
just
get
on
with
it
enough
enough
of
livening
to
me
talk
so
ground
up
right.
This
is
I.
Have
a
kubernetes
cluster
you're,
just
gonna
have
to
trust
me.
I
have
a
an
ACS
engine,
kubernetes
1.11
cluster
and
I
am
now
going
to
just
install
com2
all
right.
A
So,
let's
see
what
that
does.
I've
got
namespace
the
service
account
custom,
resource
deployment,
role,
binding
and
a
service,
so
I
would
hazard
a
guess:
I
could
get
pods
in
the
namespace
called
hefty
oak
on
Tula,
and
it
should
have
okay,
so
contours
up
and
running
nothing,
nothing
cray-cray
there.
This
is
just
straight
up:
okay
and
there's
an
example,
workload
that
this
ship,
so
let's
go
and
deploy
that
as
well.
A
Okay,
so
I've
created
a
deployment.
So
if
it's
an
ingress
cube
cuddle
get
pods,
I
should
have
this
up
and
running.
Okay
I
have
three
replicas
of
the
guard:
I
can't
I,
don't
know
if
it's
card
or
guard
somebody,
let
me
know,
but
as
for
kubernetes
up
and
running,
is
a
book.
You
should
read
it.
It's
great.
The
app
was
built
I.
Think
for
that,
and
it
still
has
some
really
nice
information
around
the
container
runtime.
A
You
know
the
pod
runtimes
environment
variables,
things
that
are
going
on
at
a
glance
through
a
web
UI
UI,
so
I'm
gonna
use
that
it's
really
easy
to
use,
but
that
just
models
as
an
ingress
service
deployment.
Ok,
cube
cattle,
get,
let's
see
what
we're
working
with
in
the
ingress
okay.
So
we
have
an
ingress
and
we're
matching
star
on
port
80.
It's
been
there
for
37
seconds.
Okay,
now
ingress
is
layer.
A
7
we're
looking
at
layer
7
we're
not
looking
at
layer
4
like
we
do
with
load,
balancers
service
type
load,
balancers
we're
looking
into
HTTP
headers.
So
when
you
have
a
host
of
star
everything's
going
to
get
passed
through
to
whatever
the
destination
is,
and
here's
on
that
which
is
probably
this
deployment
services
and
then
subsequently
deployment
so
yeah,
we
need
to
actually
make
sure
we
have
a
DNS
record
if
we
want
to
use
fqd
ends
and
virtual
hosts.
Ok
in
the
way
we
would
do
that
is
this.
A
Should
ship
with
the
service
help
do
contour
and
we
want
to
create
us.
Ok,
so
I
have
this
service
IP
address
I'm,
going
to
pop
over
to
as
you're
here
I've
as
your
DNS
setup
for
a
domain
that
I
have
and
I'm
just
going
to
add
a
record
set
and
I'm
just
gonna
cut
a
call
it
star.
Don't
in
for
ingress.
Is
everybody
okay
with
that?
Actually
I'll?
Call
it
ingress.
Ok!
So
we're
going
in
the
English
controller
star
is
a
wild-card,
a
record
here,
I'm
going
to
give
it
the
load.
A
So
can
we
can
try
and
adjust
acid
test
this
on
the
command
line
here
and
say
test
out
ingress,
AZ,
dot,
kubernetes
demo,
dot,
IO
and
I
would
expect
to
get
an
a
record
with
192
dot,
1,
91
and
I
do
right.
So
now,
I
can
request
things
by
a
name
and
get
an
IP
address
and
then
be
ready
to
the
right
place
and
making
all
the
fqdn
and
virtual
host
match
would
be
great.
Okay,
so
I'm
matching
everything
so
I
could
probably
just
go
to
a
browser
here
and
actually
just
whack
it.
A
This
in
and
I
would
expect
to
hit
the
guard
yep
choir
demo.
Okay,
so
I
do
hit
that
and
let's
see
a
little
bit
more
information
I'm
just
going
to
scroll
back
up
here,
it
looks
like
I.
Have
three
pods
I
hit
the
two
v
7q
m,
I'm
going
to
refresh
I
hit
the
J
a
B
L
I'm,
gonna,
refresh
and
I
hit
this
okay,
so
we're
round-robin
out
of
the
gate:
okay,
round-robin,
hitting
the
service
and
then
hitting
the
subject.
Okay,
nothing
new!
Here,
nothing
new!
This
is
vanilla.
A
Contour
still
honours,
kubernetes
ingress
resources.
So
there's
default
ingress
resources.
Okay,
haven't
done
anything!
This
is
just
straight
out
of
box.
Okay,
fantastic!
Now
we're
going
to
move
the
little
faster
here
and
we're
gonna
pop
back
to
the
docks.
Okay
and
I'm
gonna
go
up
to
Docs
and
I'm
going
to
go
down
to
ingress
route,
okay,
so
the
what
I
want
to
now
take
you
on
to
is
looking
at
this
ingress
right,
because
this
is
where
things
get
real
interesting.
We
everybody's
very
familiar
with
core
ingress.
What
it
can
do
and
what
it
cannot
do.
A
The
ingress
route
aims
to
solve
things
that
the
default
ingress
cannot
do
and
that's
what
I'm
really
excited
about.
So
what
I'm
going
to
do
now
is
actually
model
the
in
the
default
ingress
as
an
ingress
route
and
model
the
same
behavior
here
so
I'm
going
to
pop
over
here
to
trust
EVs
code.
I
have
the
ingress
resource
in
front
of
me
here.
That's
it
vanilla!
That's
the
one
I
just
installed:
I'm
gonna
model
it
as
an
ingress
route.
Okay,
so
the
only
things
I'm
gonna
do
that
are
different.
A
We
don't
actually
have
a
match
statement
up
here.
I'm
gonna
add
an
fqdn
and
scope
it
to
ingress.
Let's
just
call
it
that
quad
ingress
day,
okay
and
we're
going
to
push
it
through
to
that.
So
this
should
be
the
same
thing.
It
should
do
exactly
the
same
thing.
Actually,
why
don't
I
do
just
one
or
two
more
things
before
we
do
that,
because
I
want
to
limit
my
log
surface
area
for
the
purpose
of
just
showing
this
and
contour
so
I'm
gonna
go
and
scale
this
down.
A
So
if
you've
never
done
a
scale
before
you
can
do
a
scale
of
a
deployment.
I'll
just
use
shorthand
here
and
come
to
her
and
I'm
going
to
set
the
replicas
to
one
right
so
should
add,
you
just
have
one
pod
now:
okay,
once
terminating,
we
have
one
here.
So
with
this
one
cube,
cuddle
and
hep
do
contour.
I
would
like
to
take
a
look
at
the
logs,
please
of
this
pod.
Okay.
What
is
this
telling
me?
Okay,
I
have
multiple,
so
you
can
see
that
I
actually
have
two
containers
inside
this
pod.
A
So
it's
saying,
hey
lucky,
which
container
logs
do
you
want
to
look
at
and
I
also
have
an
init
container
too
so
I
could
specify
that
now.
Contour
is
the
piece
that
looks
at
the
kubernetes
api
models
that
models,
those
specs
into
a
dag,
and
then
models
have
abstraction
into
envoy
config
and
push
it
down
on
voice.
So
I
don't
actually
want
really
care
about
contour
and
what
it
sees
I
just
want
to
see
if
I'm
getting
logs
through
the
back
end
here,
okay,
cube
kettle
delete
ingress
and
the
ingress
name
was
odd.
A
Deleted,
nope
and
envoy
says:
I
just
removed
the
listener,
so
that
whole
thread
is
actually
working
and
what
I'm
going
to
do
here
is
create
the
ingress
route,
custom
resource
version
of
the
same
thing
just
to
demonstrate
that
at
least
that
loop
works
and
I
don't
want
to
do
that
in
my
paste
buffer
I
want
to
actually
go
and
grab
this
just
using
standard
in
here
to
create
the
resource.
Okay,
so
I've
created
this
ingress
route
resource
that
is
interesting.
I'm
going
to
grab
that
queue,
cuttle
get
I've
got
a
custom
resource
called
ingress
route.
A
Okay,
I
can
actually
see
it
here.
Fantastic,
fantastic
is
valid.
Wonderful
status,
information
and
I
can
see
that
envoys
actually
seen
it
right.
So,
ideally,
if
I
go
and
hit
our
trusty
demo,
Dada
voila
we're
in
the
same
place
same
place
same
place.
Okay,
so
you
can
see
all
the
hits
here.
We
can
actually
see
the
paths
what
was
asked.
A
Nothing
else,
nothing
else,
pretty
plain
smooth
sailing
so
far,
so
hooray
for
the
docks
hooray
for
me,
thanks
for
watching
Vlad
you
can
we
do
this
okay.
So
what
else
we're
going
to
do
here?
What
else
we're
going
to
do?
There's
virtual
host
configuration
okay.
So
if
you
do
some
really
interesting
things
here,
okay,
so
you
could
have
multiple
hosts
in
one
file.
I
think
this
does
okay,
one
virtual
host
profile.
That's
fine,
TLS
who's
excited
about
TLS,
okay,
let's
go
ahead
and
do
TLS
I
like
to
use
cert
manager.
A
A
A
A
Read
the
docs
documentation,
read
the
docs
okay,
so
go
and
take
a
look
at
desk
manager:
dot,
read
the
docs
dot
IO
and
you
can
look
at
the
getting
started
and
the
tutorials
I'm
going
to
glance
over
issuer
creation
and
I
might
just
do
I'm
going
to
create
I
believe
a
cluster,
a
cluster
issuer,
so
a
cluster
issuer
and
certificate
manually.
So
you
can
go
ahead
and
do
that.
The
details
are
in
that.
A
A
Okay,
so
it's
I'm
watching
the
certificate
manager
logs
now
haven't
done
anything
I've
just
set
up
a
profile,
an
issuer
to
call
out
to
let's
encrypt
now,
I'm
going
to
ask
it
to
give
me
a
certificate
and
the
certificate
request.
Let's
just
replace
contour
here,
because
that
was
when
I
was
messing
around
with
this
earlier
this
week.
We've
replaced
that,
with
the
word
ingress
and
I
probably
want
to
keep
the
first
classes
contour,
it's
the
only
instance.
A
I,
don't
want
to
change
so
I'm,
not
gonna
ask
for
a
certificate
against
this
cluster
issuer
and
it's
gonna
have
this
common
name,
which
is
great,
and
these
DNS
names
I've
had
sans
I
did
not
have
sans
okay.
So,
let's
see
if
that
actually
works
in
the
HTTP
ingress
cloak.
Okay.
So
let's
give
this
a
shot.
So
have
the
certificate
cube,
cuddle,
create
eff,
this
top
certificate
demo,
so
I'm
going
to
go
and
ask
for
the
certificate
called
quieter
ingress,
AZ,
okay!
So
it's
not
happy
yet
one
will
be
created.
A
No
existing
challenge
found
one
will
be
created,
I
think
on
the
next
loop
it
should
go
through
and
what
we
should
have
cube
cuddle
get
secret.
This
loops
gonna
go
out
to
that's
the
existing,
so
your
certificate
that
I
have
who
looks
better
okay,
so
I
should
end
up
with
another
certificate,
and
here
I'm
going
to
delete
this
one
delete
secret
from
that
one
is
gone,
the
other
one
there,
okay
yeah!
So
we
have
this
new
certificate.
It's
going
out
to.
Let's
encrypt
we've
got
done
the
verification
through
HTTP
validation.
A
There
I
should
say
and
I
have
a
certificate
now,
so
I
have
a
certificate
that
I
can
use
with
that
ingress.
Okay.
So
let's
go
back
to
the
docks.
It's
already
glazed
over
that
cert
manager.
I
should
do
a
whole
video
on
that
itself.
Okay,
so
what
do
we
do?
Tls
secret
name,
making
it
too
easy
for
me
under
the
fqdn,
so
I'm
going
to
go
back
to
this
ingress
resource
under
the
fqdn
I'm
gonna
give
it
the
secret
name
that
I
just
created
and
it
should
serve
it
up
with
that
certificate.
A
A
A
Look
the
pretty
green,
lock,
the
pretty
green
lock!
Is
there?
Okay,
whoa
I
have
a
certificate
I'm
serving
up
a
certificate,
but
really
this
rule
me
this
riddle
me
this.
It
looks
like
it
redirected
by
default,
which
is
really
slick
if
it
did
so.
Let
me
go
over
here.
Cuz,
look
redirects
by
default.
This
is
just
a
different
browser
redirects
by
default,
so
I
cannot
hit
it.
I
cannot
hit
it
on
untrusted
on
just
plain
HTTP
right:
okay,
I
think
I
saw
something
the
docks
here.
A
So
there's
health
checking
I,
don't
think
it'll
go
through
permit
insecure,
permit,
insecure
under
the
match.
Okay,
so
let
me
do
that
under
the
match.
Under
the
match,
okay
won
the
match.
Permit
insecure
I
would
like
to
permit
insecure
only
for
the
purposes
of
this
demo
that
is
done
can
I
permit
insecure
I.
A
A
She's
really
gonna
search,
yeah
I
can
hit
it.
It
doesn't
redirect
it's
just
my
browser
saying:
why
would
you
do
that
see
and
I've
hit
it
I'm
secure,
see.
Okay,
so
he's
doing
the
right
thing.
Don't
be
fooled,
don't
be
fooled.
Browsers.
Do
try.
Okay,
so
far
is
a
lot
happier
for
me
to
switch
it's
trying
to
say:
I,
see
you
and
I
would
I
will
let
you
do
what
you
want.
Not
sure
I
feel
how
I
feel
about
being
redirected,
but
you
know
they
have
I'm
sure
I
have
wonderful
intent.
A
What
else
can
we
do?
What
else
can
we
do?
How
about
we
do
one
more
thing
before
I
call
it
on
this.
Video
I
saw
weights
up
here.
One
do
way:
it's
one:
do
it,
okay,
want
to
do
this
upstream
waiting?
This
is
canary.
This
is
blue,
green
I'm
only
going
to
show
it
really
quick.
Okay,
if
no
weights
are
specified,
it's
even
distribution.
If
weights,
they
do
not
need
to
add
up
to
a
hundred
of
always
okay,
so
the
total
at
was
the
weight.
A
The
total
of
the
some
of
those
specified
okay
and
you
calculate
it.
That
makes
good
sense
if
some
way
to
specify,
but
others
are
not
as
assumed
that
they
are
okay.
Alright,
that
was
me
paraphrasing
read
this
itself,
but
what
we're
gonna
do
here
is
add
a
weight.
Well,
actually
we
don't
have
a
second
service.
Do
we
have
a
second
service?
Let's
go
ahead:
I
actually
created
v2,
so
I'm
going
to
create
a
v2
service
here,
just
for
the
okay
cue
pedal,
create
there's
F
desktop
no
and
I'm
gonna.
A
A
A
A
A
Okay,
so
we
are
hitting
them
both
okay.
So
now,
let's
just
go
where
ad
wait
now:
I
want
to
go,
wait
and
I'm,
gonna,
say
90
and
wait
it's
well.
It's
implied
that
this
is
zero,
but
let's
make
it
10
right
apply.
I
did
not
want
to
do
that.
I
want
to
do
that.
Okay,
so
90
percent
of
the
traffic
should
go
too.
Okay,
okay,
I'm,
seeing
a
lot
of
v1
I'm,
seeing
a
lot
of
v1
I.
A
A
A
Okay,
that
is
called
poor
man's,
not
me
being
the
poor
man,
blue,
green,
poor
man's
canary,
so
we've
done
it.
Okay,
I
think
I
should
stop
there.
So
what
to
recap?
Just
what
we've
done?
Okay
deployed
an
ingress
controller
called
contour:
okay,
nothing,
there!
Nothing
special
other
than
contours,
great
and
I
see
a
little
promise
with
this
ingress.
Router
excited
there,
but
nothing
out
of
the
ordinary.
You
can
go
get
any
English
control.
A
Do
the
same
thing:
deploy
the
ingress
control,
waetford,
get
a
service
load,
balancer
IP,
put
that
into
dns
deployed
quad,
which
had
an
ingress
service
and
a
deployment
using
the
traditional
or
the
core
kubernetes
ingress
resource
I
then
modeled
that
as
an
ingress
route,
this
custom
resource
that
contour
0.6
now
on
us
and
then
we
what
else
do
we
do?
We
add
a
TLS
to
that
using
certificate
manager,
and
then
we
did
some
weighted
round
robin
we
added
weighted
to
model
essentially
canary
or
blue,
green
or
whatever.
A
You
call
it
and
that's
great
there's
so
much
more
to
this
there's
so
much
more
to
this
I
might
do
a
follow-up
video
if
everybody's
really
excited
about
it,
but
I'm.
Just
hacking
away
and
I
wanted
to
record
myself
hacking
away.
It
was
a
lot
of
fun
thanks
for
joining.
If
you
like
these
videos,
give
me
a
thumbs
up,
it
does
help,
makes
me
see
which
videos
y'all
like
and
feel
free
to
subscribe.
But
you
know
I
do
this
for
everyone,
but
I
like
to
know
somebody's
watching
if
nobody's
watching
I.