Top Related Projects
Cloud-native high-performance edge/middle/service proxy
The Cloud Native Application Proxy
Connect, secure, control, and observe services.
Ingress-NGINX Controller for Kubernetes
Quick Overview
Contour is an open-source Kubernetes ingress controller that provides a way to configure and manage external access to HTTP and HTTPS services in a Kubernetes cluster. It uses Envoy as the edge proxy and is designed to be simple, scalable, and secure.
Pros
- High performance and low latency due to its use of Envoy proxy
- Supports advanced traffic routing and load balancing features
- Integrates well with Kubernetes ecosystem and supports custom resource definitions (CRDs)
- Offers robust security features, including TLS termination and certificate management
Cons
- Steeper learning curve compared to some other ingress controllers
- Limited support for non-HTTP protocols
- May require additional resources for complex configurations
- Documentation can be overwhelming for beginners
Getting Started
To get started with Contour, follow these steps:
- Install Contour in your Kubernetes cluster:
kubectl apply -f https://projectcontour.io/quickstart/contour.yaml
- Create an example application and service:
apiVersion: apps/v1
kind: Deployment
metadata:
name: example-app
spec:
replicas: 1
selector:
matchLabels:
app: example-app
template:
metadata:
labels:
app: example-app
spec:
containers:
- name: example-app
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: example-service
spec:
ports:
- port: 80
targetPort: 80
selector:
app: example-app
- Create an HTTPProxy resource to expose the service:
apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
name: example-proxy
spec:
virtualhost:
fqdn: example.com
routes:
- conditions:
- prefix: /
services:
- name: example-service
port: 80
- Apply the configurations:
kubectl apply -f example-app.yaml
kubectl apply -f example-proxy.yaml
- Access your application through the Contour ingress.
Competitor Comparisons
Cloud-native high-performance edge/middle/service proxy
Pros of Envoy
- More versatile and can be used in various environments beyond Kubernetes
- Extensive feature set for advanced traffic management and observability
- Larger community and ecosystem with broader adoption
Cons of Envoy
- Steeper learning curve due to its complexity and extensive configuration options
- Requires more resources to run compared to Contour's lightweight design
- Less tightly integrated with Kubernetes-specific features and workflows
Code Comparison
Contour configuration example:
apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
name: example
spec:
virtualhost:
fqdn: example.com
routes:
- services:
- name: example-service
port: 80
Envoy configuration example:
static_resources:
listeners:
- address:
socket_address:
address: 0.0.0.0
port_value: 80
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "*"
routes:
- match:
prefix: "/"
route:
cluster: example-service
The Cloud Native Application Proxy
Pros of Traefik
- More versatile, supporting multiple backends beyond Kubernetes
- Easier configuration with automatic service discovery
- Built-in web UI for monitoring and management
Cons of Traefik
- Can be more complex to set up initially
- May have higher resource usage in some scenarios
- Less focused on Kubernetes-specific optimizations
Code Comparison
Traefik configuration (YAML):
http:
routers:
my-router:
rule: "Host(`example.com`) && PathPrefix(`/api`)"
service: my-service
Contour configuration (YAML):
apiVersion: projectcontour.io/v1
kind: HTTPProxy
spec:
routes:
- conditions:
- prefix: /api
services:
- name: my-service
Both Traefik and Contour are popular ingress controllers, but they have different strengths. Traefik offers more flexibility and ease of use across various environments, while Contour is more focused on Kubernetes and may provide better performance in that context. The code examples show that Traefik's configuration is slightly more concise, but Contour's is more Kubernetes-native.
Connect, secure, control, and observe services.
Pros of Istio
- More comprehensive service mesh solution with advanced features like traffic management, security, and observability
- Supports multi-cluster deployments and complex microservices architectures
- Provides a unified control plane for managing various aspects of the service mesh
Cons of Istio
- Higher complexity and steeper learning curve compared to Contour
- Requires more resources and can introduce additional latency
- May be overkill for simpler Kubernetes deployments
Code Comparison
Contour configuration example:
apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
name: example
spec:
virtualhost:
fqdn: example.com
routes:
- services:
- name: example-service
port: 80
Istio configuration example:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: example
spec:
hosts:
- example.com
http:
- route:
- destination:
host: example-service
port:
number: 80
Both examples demonstrate basic routing configuration, but Istio's approach allows for more complex traffic management scenarios.
Ingress-NGINX Controller for Kubernetes
Pros of ingress-nginx
- Widely adopted and well-established in the Kubernetes ecosystem
- Extensive documentation and community support
- Supports a broad range of annotations for fine-grained configuration
Cons of ingress-nginx
- Can be resource-intensive, especially in high-traffic environments
- Configuration complexity can increase with advanced use cases
- Limited support for non-HTTP protocols
Code Comparison
ingress-nginx configuration:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
rules:
- host: example.com
http:
paths:
- path: /prefix(/|$)(.*)
pathType: Prefix
backend:
service:
name: example-service
port:
number: 80
Contour configuration:
apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
name: example-proxy
spec:
virtualhost:
fqdn: example.com
routes:
- conditions:
- prefix: /prefix
services:
- name: example-service
port: 80
Contour offers a more streamlined configuration syntax with its custom HTTPProxy resource, while ingress-nginx relies on annotations for advanced features. Both solutions are capable of handling complex routing scenarios, but Contour's approach may be more intuitive for some users.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Contour
Overview
Contour is an ingress controller for Kubernetes that works by deploying the Envoy proxy as a reverse proxy and load balancer. Contour supports dynamic configuration updates out of the box while maintaining a lightweight profile.
Contour supports multiple configuration APIs in order to meet the needs of as many users as possible:
- Ingress - A stable upstream API that enables basic ingress use cases.
- HTTPProxy - Contour's Custom Resource Definition (CRD) which expands upon the functionality of the Ingress API to allow for a richer user experience as well as solve shortcomings in the original design.
- Gateway API - A new CRD-based API managed by the Kubernetes SIG-Network community that aims to evolve Kubernetes service networking APIs in a vendor-neutral way.
Prerequisites
See the compatibility matrix for the Kubernetes versions Contour is supported with.
RBAC must be enabled on your cluster.
Get started
Getting started with Contour is as simple as one command. See the Getting Started document.
Troubleshooting
If you encounter issues, review the Troubleshooting section of the docs, file an issue, or talk to us on the #contour channel on the Kubernetes Slack server.
Contributing
Thanks for taking the time to join our community and start contributing!
- Please familiarize yourself with the Code of Conduct before contributing.
- See CONTRIBUTING.md for information about setting up your environment, the workflow that we expect, and instructions on the developer certificate of origin that we require.
- Check out the open issues.
- Join our Kubernetes Slack channel: #contour
- Join the Contour Community Meetings - schedule, notes, and recordings can be found here
- Find GOVERNANCE in our Community repo
Roadmap
See Contour's roadmap to learn more about where we are headed.
Security
Security Audit
A third party security audit was performed by Cure53 in December of 2020. You can see the full report here.
Reporting security vulnerabilities
If you've found a security related issue, a vulnerability, or a potential vulnerability in Contour please let the Contour Security Team know with the details of the vulnerability. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
For further details please see our security policy.
Changelog
See the list of releases to find out about feature changes.
Top Related Projects
Cloud-native high-performance edge/middle/service proxy
The Cloud Native Application Proxy
Connect, secure, control, and observe services.
Ingress-NGINX Controller for Kubernetes
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot