add Contour package (#514)

Signed-off-by: Steve Kriss <krisss@vmware.com>

README.md

@@ -51,7 +51,8 @@ Packages provide the additional functionality necessary to build an application
 | Name | Description | Documentation |
 |------|-------------|---------------|
 | Cert Manager | Provides certificate management provisioning within the cluster | [Cert Manager pacakge docs](./addons/packages/cert-manager) |
-| Contour | Provides ingress support to workloads | [Contour package docs](./addons/packages/contour-operator) |
+| Contour | Provides ingress support to workloads | [Contour package docs](./addons/packages/contour) |
+| Contour-Operator | Provides an operator for Contour, an ingress controller | [Contour Operator package docs](./addons/packages/contour-operator) |
 | ExternalDNS | Provides discoverability of services via public DNS | [ExternalDNS package docs](./addons/packages/external-dns) |
 | Fluent-Bit | Log processor and forwarder | [Fluent Bit package docs](./addons/packages/fluentbit) |
 | Gatekeeper | Provides policy enforcement within clusters | [Gatekeeper package docs](./addons/packages/gatekeeper) |

addons/packages/contour/README.md

@@ -0,0 +1,95 @@
+# Contour Package
+
+This package provides an ingress controller using [Contour](https://projectcontour.io/).
+
+## Components
+
+* Contour controller
+* Envoy reverse proxy and load balancer
+
+## Configuration
+
+You can configure the following:
+
+| Config | Default | Description |
+|--------|---------|-------------|
+| `namespace` | `projectcontour` | The namespace in which to deploy Contour and Envoy. |
+| `contour.configFileContents` | (none) | The YAML contents of the Contour config file. See https://projectcontour.io/docs/v1.15.1/configuration/#configuration-file for more information. |
+| `contour.replicas` | `2` | How many Contour pod replicas to have. |
+| `contour.useProxyProtocol` | `false` | Whether to enable PROXY protocol for all Envoy listeners. |
+| `contour.logLevel` | `info` | The Contour log level. Valid values are `info` and `debug`. |
+| `envoy.service.type` | `LoadBalancer` | The type of Kubernetes service to provision for Envoy. Valid values are `LoadBalancer`, `NodePort`, and `ClusterIP`. |
+| `envoy.service.externalTrafficPolicy` | `Local` | The external traffic policy for the Envoy service. Valid values are `Local` and `Cluster`. |
+| `envoy.service.annotations` | (none) | Annotations to set on the Envoy service. |
+| `envoy.hostPorts.enable` | `false` | Whether to enable host ports for the Envoy pods. If false, `envoy.hostPorts.http` and `envoy.hostPorts.https` are ignored. |
+| `envoy.hostPorts.http` | `80` | If `envoy.hostPorts.enable` == true, the host port number to expose Envoy's HTTP listener on. |
+| `envoy.hostPorts.https` | `443` | If `envoy.hostPorts.enable` == true, the host port number to expose Envoy's HTTPS listener on. |
+| `envoy.hostNetwork` | `false` | Whether to enable host networking for the Envoy pods. |
+| `envoy.terminationGracePeriodSeconds` | `300` | The termination grace period, in seconds, for the Envoy pods. |
+| `envoy.logLevel` | `info` | The Envoy log level. Valid values are `trace`, `debug`, `info`, `warn`, `error`, `critical`, and `off`. |
+
+
+## Usage Example
+
+The follow is a basic guide for getting started with Contour. You must deploy the package before attempting this walkthrough.
+
+This example assumes you have used a `LoadBalancer` service for Envoy. If that's not the case, see the [Contour documentation](https://projectcontour.io/docs/v1.15.1/deploy-options/#running-without-a-kubernetes-loadbalancer) for more information.
+
+⚠️ Note: For more advanced use cases and documentation, see the official Contour [documentation](https://projectcontour.io/docs/).
+
+1. Create a namespace for the example workload:
+
+    ```shell
+    kubectl create namespace contour-example-workload
+    ```
+
+1. Create an example deployment, in this case, nginx, to route traffic to via Contour:
+
+    ```shell
+    kubectl create deployment nginx-example --image nginx --namespace contour-example-workload
+    ```
+
+1. Create a service for nginx. This will map port 80 of the service to port 80 of the nginx app.
+
+    ```shell
+    kubectl create service clusterip nginx-example --tcp 80:80 --namespace contour-example-workload
+   ```
+
+1. Create a Contour `HTTPProxy` that directs traffic to the nginx instance:
+
+    ```shell
+    kubectl apply -f - <<EOF
+    apiVersion: projectcontour.io/v1
+    kind: HTTPProxy
+    metadata:
+      name: nginx-example-proxy
+      namespace: contour-example-workload
+      labels:
+        app: ingress
+    spec:
+      virtualhost:
+        fqdn: nginx-example.projectcontour.io
+      routes:
+      - conditions:
+        - prefix: /
+        services:
+        - name: nginx-example
+          port: 80
+    EOF
+    ```
+
+1. Get the external address of your Envoy service:
+
+    ```shell
+    kubectl --namespace projectcontour get service envoy -o wide
+    NAME    TYPE           CLUSTER-IP    EXTERNAL-IP            PORT(S)                      AGE    SELECTOR
+    envoy   LoadBalancer   10.12.10.93   <ENVOY-EXTERNAL-IP>    80:31232/TCP,443:32459/TCP   1h     app=envoy
+    ```
+
+1. Make a request:
+
+    ```shell
+    curl -s -H "Host: nginx-example.projectcontour.io" <ENVOY-EXTERNAL-IP> | grep title
+    <title>Welcome to nginx!</title>
+    ```
+

addons/packages/contour/bundle/.imgpkg/bundle.yaml

@@ -0,0 +1,10 @@
+apiVersion: imgpkg.carvel.dev/v1alpha1
+kind: Bundle
+metadata:
+  name: contour
+authors:
+  - name: Steve Kriss
+    email: krisss@vmware.com
+websites:
+  - url: projectcontour.io
+  - url: github.com/vmware-tanzu/tce

addons/packages/contour/bundle/.imgpkg/images.yml

@@ -0,0 +1,10 @@
+---
+apiVersion: imgpkg.carvel.dev/v1alpha1
+images:
+- annotations:
+    kbld.carvel.dev/id: docker.io/envoyproxy/envoy:v1.18.3
+  image: index.docker.io/envoyproxy/envoy@sha256:55d35e368436519136dbd978fa0682c49d8ab99e4d768413510f226762b30b07
+- annotations:
+    kbld.carvel.dev/id: docker.io/projectcontour/contour:v1.15.1
+  image: index.docker.io/projectcontour/contour@sha256:1b6849d5bda1f5b2f839dad799922a043b82debaba9fa907723b5eb4c49f2e9e
+kind: ImagesLock

addons/packages/contour/bundle/config/overlays/change-namespace.yaml

@@ -0,0 +1,19 @@
+#@ load("@ytt:overlay", "overlay")
+#@ load("@ytt:data", "data")
+
+#@overlay/match by=overlay.subset({"kind":"Namespace", "metadata": {"name": "projectcontour"}}), expects=1
+---
+metadata:
+  name: #@ data.values.namespace
+
+#@overlay/match by=overlay.subset({"metadata": {"namespace": "projectcontour"}}), expects=11
+---
+metadata:
+  namespace: #@ data.values.namespace
+
+#@overlay/match by=overlay.or_op(overlay.subset({"kind":"ClusterRoleBinding"}), overlay.subset({"kind":"RoleBinding"})), expects=2
+---
+subjects:
+#@overlay/match by=overlay.subset({"namespace": "projectcontour"})
+- kind: ServiceAccount
+  namespace: #@ data.values.namespace

addons/packages/contour/bundle/config/overlays/update-contour-configmap.yaml

@@ -0,0 +1,9 @@
+#@ load("@ytt:overlay", "overlay")
+#@ load("@ytt:data", "data")
+#@ load("@ytt:yaml", "yaml")
+
+
+#@overlay/match by=overlay.subset({"kind": "ConfigMap"})
+---
+data:
+  contour.yaml: #@ yaml.encode(data.values.contour.configFileContents)

addons/packages/contour/bundle/config/overlays/update-contour-deployment.yaml

@@ -0,0 +1,21 @@
+#@ load("@ytt:overlay", "overlay")
+#@ load("@ytt:data", "data")
+
+
+#@overlay/match by=overlay.subset({"kind": "Deployment", "metadata": {"name": "contour"}})
+---
+spec:
+  replicas: #@ data.values.contour.replicas
+  template:
+    spec:
+      containers:
+      #@overlay/match by=overlay.subset({"name": "contour"})
+      - args:
+        #@overlay/append
+        #@ if data.values.contour.useProxyProtocol:
+        - --use-proxy-protocol
+        #@ end
+
+        #@overlay/append
+        #@ if/end data.values.contour.logLevel == "debug":
+        - --debug

addons/packages/contour/bundle/config/overlays/update-crds.yaml

@@ -0,0 +1,6 @@
+#@ load("@ytt:overlay", "overlay")
+
+#@overlay/match by=overlay.subset({"kind":"CustomResourceDefinition"}),expects=3
+---
+#@overlay/remove
+status:

addons/packages/contour/bundle/config/overlays/update-envoy-daemonset.yaml

@@ -0,0 +1,38 @@
+#@ load("@ytt:overlay", "overlay")
+#@ load("@ytt:data", "data")
+
+
+#@overlay/match by=overlay.subset({"kind": "DaemonSet", "metadata": {"name": "envoy"}})
+---
+spec:
+  template:
+    spec:
+      containers:
+      #@overlay/match by=overlay.subset({"name": "envoy"})
+      - args:
+        #@overlay/match by=overlay.subset("--log-level info")
+        - #@ "--log-level " + data.values.envoy.logLevel
+        ports:
+        #@overlay/match by=overlay.subset({"name":"http"})
+        -
+          #@ if data.values.envoy.hostPorts.enable:
+          hostPort: #@ data.values.envoy.hostPorts.http
+          #@ else:
+          #@overlay/remove
+          hostPort: 80
+          #@ end
+        #@overlay/match by=overlay.subset({"name":"https"})
+        -
+          #@ if data.values.envoy.hostPorts.enable:
+          hostPort: #@ data.values.envoy.hostPorts.https
+          #@ else:
+          #@overlay/remove
+          hostPort: 443
+          #@ end
+      #@ if data.values.envoy.hostNetwork:
+      #@overlay/match missing_ok=True
+      hostNetwork: true
+      #@overlay/match missing_ok=True
+      dnsPolicy: ClusterFirstWithHostNet
+      #@ end
+      terminationGracePeriodSeconds: #@ int(data.values.envoy.terminationGracePeriodSeconds)

addons/packages/contour/bundle/config/overlays/update-envoy-service.yaml

@@ -0,0 +1,13 @@
+#@ load("@ytt:overlay", "overlay")
+#@ load("@ytt:data", "data")
+
+#@overlay/match by=overlay.subset({"kind": "Service", "metadata": {"name": "envoy"}})
+---
+metadata:
+  #@overlay/replace
+  annotations: #@ data.values.envoy.service.annotations
+spec:
+  type: #@ data.values.envoy.service.type
+
+  #@ if/end data.values.envoy.service.externalTrafficPolicy:
+  externalTrafficPolicy: #@ data.values.envoy.service.externalTrafficPolicy