Introducing Contour: Routing Traffic to Applications in Kubernetes

We’re excited to share the news that Contour is now an incubation-level hosted project with the Cloud Native Computing Foundation (CNCF). This is a very proud moment and on behalf of the other project maintainers we want to thank the community for all of the work they put in to get us to this point.

If you don’t already know it, Contour is a simple and scalable open source ingress controller for routing traffic to applications running in Kubernetes. We’ll be offering an in-depth look at how Contour works and outlining our development roadmap at a session at the upcoming KubeCon + CloudNativeCon Europe. We’d like to offer a preview here of what Contour does, what acceptance into the CNCF means for the project, and how we see it evolving in the future.

A Laser Focus on Ingress

Nick Young
Nick is a Staff Engineer at VMware, and a Contour maintainer and Contour’s Technical Lead. He is responsible for the project’s overall technical consistency and direction.
First, some context. The Kubernetes community has by now pretty much settled on how to approach tasks like running workloads and offering those workloads access to storage. But its options for networking and connectivity remain wide open to innovation. One basic but necessary networking task is getting traffic from outside to inside the cluster. In Kubernetes, that’s known as Ingress — and that’s exactly what Contour delivers. It’s a tool you can easily drop into your cluster to ingress your traffic as needed, but has the functionality to grow as your Kubernetes needs evolve.

To put it more technically, Contour works by deploying Envoy as a reverse proxy and load balancer. It supports dynamic configuration updates out of the box, can expand to multiteam Kubernetes clusters, and it provides advanced load balancing strategies.

There are plenty of ways to run an Ingress controller in Kubernetes, but Contour is unique in focusing on that one task only, and doing so at a high level of performance with security and multitenancy in mind.

Sponsor Note
sponsor logo
KubeCon + CloudNativeCon conferences gather adopters and technologists to further the education and advancement of cloud native computing. The vendor-neutral events feature domain experts and key maintainers behind popular projects like Kubernetes, Prometheus, gRPC, Envoy, OpenTracing and more.
While you can deploy a service mesh to do the job, that would mean introducing extra complexity into your cluster. In contrast, Contour offers Ingress features without having to conform your solution around the larger service mesh structure that comes with it (but it can also work with a service mesh if you need it to). As such, it offers a kind of gradual onramp to Ingress that has quickly proven attractive to a broad range of users.

The Power of CNCF Support
Originated in late 2017 by developers at Heptio, Contour reached the 1.0 stage last November and now boasts a community of 600+ Slack members, with 300+ contributors, 90+ committers, and five maintainers. Perhaps most significantly, it’s being used in production by enterprises and organizations including Adobe, Kinvolk, Kintone, PhishLabs, and Replicated. Seeing that users were already running production-level instances of Contour, and knowing the robust community we’d established, the CNCF felt able to let us skip their sandbox level and bring Contour in as an incubating project.

That’s huge for us. We see the CNCF’s invitation as an affirmation that we’re already a sustainable, open, and welcoming community, that is aligned with CNCF technical goals and plays well with other projects — like Kubernetes and Envoy — in the ecosystem. Most importantly, it assures everyone thinking of using Contour that we have vendor-neutral governance — they can come in as contributors and help influence the project’s strategy, direction and vision.

Sponsor Note

VMware software powers today’s complex digital infrastructures. Our cloud, networking and security and digital workspace offerings provide dynamic and efficient solutions to over 500,000 global customers. VMware is committed to being a force for good, from its breakthrough innovations to its global impact.
With more people involved, we hope to significantly increase the variety and velocity of our new feature additions. But we’ll continue running on a monthly release cadence; that way we won’t keep users waiting for new features, bug fixes, or security fixes.

Contributing to the Kubernetes Ecosystem
In the near term, our plan is to build out feature requests from the community. Some of those requests are for major items — like external authentication support — that people have been wanting for a long time, but we’ve only recently had the resources to tackle. External authentication support is also something you can only do successfully with a lot of feedback from your community; and we’re finally large enough to have that conversation.

Other additions we’re looking to make in the near future include:

Including configurability for Envoy
Support for rate limiting
Creating an official Contour Helm Chart
We’re also beginning to think about UDP (User Datagram Protocol) support. Contour is an HTTP Layer 7 Ingress controller, but some of our users want to put cloud native applications on Kubernetes that don’t fit the HTTP model (VOIP and telco-style applications, for example). These typically use UDP, so we’re looking at expanding our scenarios to meet their needs.

Within the broader landscape, we’re looking to contribute what we’ve learned from implementing our Ingress controller back to the open source community, helping improve the routing of data from the outside world into the cluster in the next generation of Kubernetes service APIs — especially for the use cases that we’ve become expert in addressing.

Find Out More — and Join Us!
If you want to learn more about Contour, including a deeper dive into how the project works and what the team is hoping to achieve now that we’ve joined the CNCF, we’d love to see you at our virtual KubeCon session on Aug. 20 at 1 p.m. Central European Summer Time.

Those who can’t make it are invited to join any of the project’s Tuesday community meetings, which are recorded. You can also sign up for the Contour mailing list, and we offer regular office hours where you can ask questions or work through a PR in real-time with someone who knows the project well. If you or your team would like a demo, just connect with us on Slack or post a message in our mailing list.

Lastly, if you are interested in contributing, we’d love to have you join us. Check out our documentation, chat with us on Slack, or start with one of our Good First Issues. And we’re always interested in whatever feedback you want to share: user stories, deployment stories, anything you’d like to see added to the project.

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x