Cette page est affichée en anglais. Une traduction française est en cours.

SkillsApr 16, 2026·3 min de lecture

Contour — High-Performance Kubernetes Ingress Controller Using Envoy

Route traffic into Kubernetes clusters with Contour. Built on Envoy proxy, it provides a powerful HTTPProxy CRD for advanced routing, TLS delegation, and rate limiting beyond standard Ingress.

Script Depot · Community

Prêt pour agents

Installation agent prête

Cet actif peut être installé après choix du runtime, vérification du plan et exécution de la commande adaptée.

Native · 98/100Policy : autoriser

Surface agent

Tout agent MCP/CLI

Type

Skill

Installation

Single

Confiance

Confiance : Established

Point d'entrée

Contour K8s Ingress

Commande d'installation directe

npx -y tokrepo@latest install e916ebd5-3939-11f1-9bc6-00163e2b0d79 --target codex

À exécuter après confirmation du plan en dry-run.

TL;DR

Contour uses Envoy proxy as its data plane to route traffic into Kubernetes with advanced HTTPProxy CRD features.

§01

What it is

Contour is a Kubernetes ingress controller that uses Envoy proxy as its data plane. It provides a custom HTTPProxy CRD that goes beyond standard Ingress with features like TLS delegation, rate limiting, and weighted routing.

Contour targets platform engineers running Kubernetes who need more routing control than the standard Ingress resource provides, without the complexity of a full service mesh like Istio.

§02

How it saves time or tokens

Contour provides advanced routing features through a single CRD instead of requiring annotations, config maps, or multiple resources. TLS certificate delegation lets teams manage their own certificates without cluster-admin access. This reduces operational overhead and support tickets.

§03

How to use

Install Contour on your cluster:

# kubectl quickstart
kubectl apply -f https://projectcontour.io/quickstart/contour.yaml
# Or with Helm
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install contour bitnami/contour -n projectcontour --create-namespace

Verify pods are running: kubectl get pods -n projectcontour.

Create HTTPProxy resources to route traffic to your services.

§04

Example

# HTTPProxy with TLS and weighted routing
apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
  name: my-app
spec:
  virtualhost:
    fqdn: app.example.com
    tls:
      secretName: app-tls
  routes:
    - conditions:
        - prefix: /
      services:
        - name: app-v1
          port: 80
          weight: 90
        - name: app-v2
          port: 80
          weight: 10

§05

Related on TokRepo

DevOps Tools -- Kubernetes and infrastructure tooling
Self-Hosted Tools -- Self-hosted infrastructure components

§06

Common pitfalls

Contour requires Envoy pods running alongside it. Ensure sufficient cluster resources for both Contour control plane and Envoy data plane pods.
HTTPProxy and standard Ingress resources can conflict if both are applied to the same host. Use one or the other per domain.
TLS certificate delegation requires the TLSCertificateDelegation resource to be created in the certificate namespace first.

Questions fréquentes

How does Contour differ from NGINX Ingress Controller?+

Contour uses Envoy as its proxy (high performance, xDS configuration) while NGINX Ingress uses NGINX. Contour provides HTTPProxy CRD for multi-team delegation and advanced routing. NGINX Ingress uses annotations for configuration.

What is the HTTPProxy CRD?+

HTTPProxy is a Contour-specific custom resource that extends beyond standard Kubernetes Ingress. It supports route delegation across namespaces, weighted backends, TLS passthrough, rate limiting, and header-based routing in a single resource.

Can Contour and standard Ingress resources coexist?+

Yes. Contour processes both standard Ingress resources and HTTPProxy CRDs. However, avoid applying both to the same hostname to prevent routing conflicts.

Does Contour support rate limiting?+

Yes. Contour supports both local and global rate limiting through the HTTPProxy spec. Local rate limiting is configured per-route. Global rate limiting requires an external rate limit service.

Is Contour a CNCF project?+

Yes. Contour is a CNCF incubating project maintained by VMware and the broader community. It follows the CNCF governance model.

Sources citées (3)

Contour GitHub— Contour is a Kubernetes ingress controller using Envoy proxy
Project Contour Docs— Contour documentation and HTTPProxy reference
Envoy Documentation— Envoy proxy architecture and xDS API

En lien sur TokRepo

DevOps tools Self-hosted tools Security tools

Fil de discussion

Connectez-vous pour rejoindre la discussion.

Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires

Envoy Proxy — Cloud-Native High-Performance Service Proxy

Envoy is a cloud-native high-performance edge, middle, and service proxy. Originally built at Lyft, now a CNCF graduated project. The data plane behind Istio, AWS App Mesh, and many service mesh implementations. Written in C++ for maximum performance.

Skills

AI Open Source

ZeroMQ — High-Performance Asynchronous Messaging Library

ZeroMQ (0MQ) is a high-performance asynchronous messaging library for distributed applications. It provides socket-like abstractions for message passing patterns — pub/sub, request/reply, push/pull — without the complexity of a full message broker.

Skills

Script Depot

Apache Dubbo — High-Performance Java RPC Framework

A guide to Apache Dubbo, the high-performance RPC framework for building scalable microservices with service discovery, load balancing, and traffic management.

Skills

Script Depot

Echo — High Performance Minimalist Go Web Framework

Echo is a high performance, minimalist Go web framework. Clean API, automatic TLS, HTTP/2, data binding, middleware, and group routing. A strong alternative to Gin with excellent documentation and built-in features.

Skills

AI Open Source