Http Proxy has no status

[ahmed-adly-khalil]

What steps did you take and what happened:

• I installed contour helm chart
• I created an http proxy object

kind: HTTPProxy
metadata:
  name: contour
spec:
  virtualhost:
    fqdn: api2.blazi.co
    tls:
      secretName: prod-tls2
  routes:
    - conditions:
        - prefix: /
      services:
        - name: blazi-api-offer-service-service
          port: 80

• the http proxy object has no status as below
  
• the logs for contour pods says the following:
• pod1

time="2021-10-24T23:06:00Z" level=info msg="Waited for 1.040601651s due to client-side throttling, not priority and fairness, request: GET:https://10.128.0.1:443/apis/cert-manager.io/v1alpha3?timeout=32s\n" context=kubernetes location="request.go:665"
time="2021-10-24T23:06:00Z" level=info msg="Watching Service for Ingress status" envoy-service-name=blazi-prod-contour-envoy envoy-service-namespace=default
time="2021-10-24T23:06:00Z" level=info msg="started event handler" context=contourEventHandler
time="2021-10-24T23:06:00Z" level=info msg="started leader election" configmapname=leader-elect configmapnamespace=default
time="2021-10-24T23:06:00Z" level=info msg="awaiting leadership election" context=loadBalancerStatusWriter
time="2021-10-24T23:06:00Z" level=info msg="started HTTP server" address="0.0.0.0:8000" context=metricsvc
time="2021-10-24T23:06:00Z" level=info msg="attempting to acquire leader lease default/leader-elect...\n" context=kubernetes location="leaderelection.go:248"
time="2021-10-24T23:06:00Z" level=info msg="waiting for informer caches to sync" context=xds
time="2021-10-24T23:06:00Z" level=info msg="started HTTP server" address="127.0.0.1:6060" context=debugsvc
time="2021-10-24T23:06:00Z" level=info msg="performing delayed update" context=contourEventHandler last_update=111.804667ms outstanding=2
time="2021-10-24T23:06:00Z" level=error msg="unresolved secret reference" context=IngressProcessor error="Secret not found" name=api2-ingress namespace=default secret=default/prod-tls2
time="2021-10-24T23:06:00Z" level=info msg="performing delayed update" context=contourEventHandler last_update=607.351261ms outstanding=1
time="2021-10-24T23:06:00Z" level=error msg="unresolved secret reference" context=IngressProcessor error="Secret not found" name=api2-ingress namespace=default secret=default/prod-tls2
time="2021-10-24T23:06:01Z" level=info msg="informer caches synced" context=xds
time="2021-10-24T23:06:01Z" level=info msg="started xDS server type: \"contour\"" address="0.0.0.0:8001" context=xds
time="2021-10-24T23:06:01Z" level=info msg="performing delayed update" context=contourEventHandler last_update=101.299387ms outstanding=1
time="2021-10-24T23:06:01Z" level=error msg="unresolved secret reference" context=IngressProcessor error="Secret not found" name=api2-ingress namespace=default secret=default/prod-tls2
time="2021-10-24T23:47:20Z" level=info msg="performing delayed update" context=contourEventHandler last_update=41m18.956832733s outstanding=2
time="2021-10-24T23:47:20Z" level=error msg="unresolved secret reference" context=IngressProcessor error="Secret not found" name=api2-ingress namespace=default secret=default/prod-tls2
time="2021-10-24T23:47:28Z" level=info msg="performing delayed update" context=contourEventHandler last_update=8.645938364s outstanding=1
time="2021-10-24T23:47:29Z" level=info msg="performing delayed update" context=contourEventHandler last_update=983.256639ms outstanding=1

• pod 2:

time="2021-10-24T21:48:25Z" level=info msg="Waited for 1.042141478s due to client-side throttling, not priority and fairness, request: GET:https://10.128.0.1:443/apis/acme.cert-manager.io/v1alpha3?timeout=32s\n" context=kubernetes location="request.go:665"
time="2021-10-24T21:48:25Z" level=info msg="Watching Service for Ingress status" envoy-service-name=blazi-prod-contour-envoy envoy-service-namespace=default
time="2021-10-24T21:48:25Z" level=info msg="started event handler" context=contourEventHandler
time="2021-10-24T21:48:25Z" level=info msg="started HTTP server" address="0.0.0.0:8000" context=metricsvc
time="2021-10-24T21:48:25Z" level=info msg="waiting for informer caches to sync" context=xds
time="2021-10-24T21:48:25Z" level=info msg="started HTTP server" address="127.0.0.1:6060" context=debugsvc
time="2021-10-24T21:48:25Z" level=info msg="awaiting leadership election" context=loadBalancerStatusWriter
time="2021-10-24T21:48:25Z" level=info msg="started leader election" configmapname=leader-elect configmapnamespace=default
time="2021-10-24T21:48:25Z" level=info msg="attempting to acquire leader lease default/leader-elect...\n" context=kubernetes location="leaderelection.go:248"
time="2021-10-24T21:48:25Z" level=info msg="performing delayed update" context=contourEventHandler last_update=108.545941ms outstanding=1
time="2021-10-24T21:48:26Z" level=info msg="informer caches synced" context=xds
time="2021-10-24T21:48:26Z" level=info msg="started xDS server type: \"contour\"" address="0.0.0.0:8001" context=xds
time="2021-10-24T21:48:26Z" level=info msg="performing delayed update" context=contourEventHandler last_update=358.908965ms outstanding=2
time="2021-10-24T21:52:00Z" level=info msg="performing delayed update" context=contourEventHandler last_update=3m34.619858952s outstanding=2
time="2021-10-24T22:41:58Z" level=info msg="performing delayed update" context=contourEventHandler last_update=49m57.47974202s outstanding=2
time="2021-10-24T22:53:40Z" level=info msg="performing delayed update" context=contourEventHandler last_update=11m41.932914181s outstanding=2
time="2021-10-24T22:53:57Z" level=info msg="performing delayed update" context=contourEventHandler last_update=16.686710286s outstanding=1
time="2021-10-24T22:53:57Z" level=info msg="performing delayed update" context=contourEventHandler last_update=108.812663ms outstanding=1
time="2021-10-24T23:03:43Z" level=info msg="performing delayed update" context=contourEventHandler last_update=9m45.908069267s outstanding=2
time="2021-10-24T23:03:55Z" level=info msg="performing delayed update" context=contourEventHandler last_update=12.634534474s outstanding=1
time="2021-10-24T23:03:55Z" level=error msg="unresolved secret reference" context=IngressProcessor error="Secret not found" name=api2-ingress namespace=default secret=default/prod-tls2
time="2021-10-24T23:04:31Z" level=info msg="successfully acquired lease default/leader-elect\n" context=kubernetes location="leaderelection.go:258"
time="2021-10-24T23:04:31Z" level=info msg="elected leader" context=leaderelection identity=blazi-prod-contour-contour-678d874df7-z7ng6 lock=default/leader-elect
time="2021-10-24T23:04:31Z" level=info msg="elected as leader, triggering rebuild" context=leaderelection
time="2021-10-24T23:04:31Z" level=info msg="performing delayed update" context=contourEventHandler last_update=36.159084414s outstanding=1
time="2021-10-24T23:04:31Z" level=error msg="unresolved secret reference" context=IngressProcessor error="Secret not found" name=api2-ingress namespace=default secret=default/prod-tls2
time="2021-10-24T23:04:31Z" level=info msg="elected leader" context=loadBalancerStatusWriter
time="2021-10-24T23:04:31Z" level=info msg="elected leader" context=StatusUpdateHandler
time="2021-10-24T23:04:31Z" level=info msg="received a new address for status.loadBalancer" context=loadBalancerStatusWriter loadbalancer-address=45.79.247.245
time="2021-10-24T23:13:55Z" level=error msg="stream terminated" connection=5 context=xds error="context canceled" node_id=blazi-prod-contour-envoy-6w4nk node_version=v1.19.1 resource_names="[default/prod-tls/94bdb5395b]" response_nonce=10 type_url=type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret version_info=10
time="2021-10-24T23:13:55Z" level=error msg="stream terminated" connection=4 context=xds error="context canceled" node_id=blazi-prod-contour-envoy-6w4nk node_version=v1.19.1 resource_names="[https/api2.blazi.co]" response_nonce=10 type_url=type.googleapis.com/envoy.config.route.v3.RouteConfiguration version_info=10
time="2021-10-24T23:47:18Z" level=info msg="performing delayed update" context=contourEventHandler last_update=42m46.866255752s outstanding=2
time="2021-10-24T23:47:18Z" level=error msg="unresolved secret reference" context=IngressProcessor error="Secret not found" name=api2-ingress namespace=default secret=default/prod-tls2
time="2021-10-24T23:47:28Z" level=info msg="performing delayed update" context=contourEventHandler last_update=10.000718428s outstanding=1
time="2021-10-24T23:47:28Z" level=error msg="stream terminated" connection=6 context=xds error="rpc error: code = Canceled desc = context canceled"
time="2021-10-24T23:47:29Z" level=info msg="performing delayed update" context=contourEventHandler last_update=978.598714ms outstanding=1

What did you expect to happen:
the contour object to have a status and to route the external traffic which is not happening

Anything else you would like to add:
I'm using Linode and there is already a load balaner created after I added contour which is a good sign, however traffic is not being routed because contour is not connected to envoy i guess.

When I created an ingress object with class contour and http rules, the routing worked, however i guess i don't have to create an ingress object as it's duplicate in this case

Environment:

• Contour version:
  I used the following help chat

    version: 6.0.0
    repository: https://charts.bitnami.com/bitnami

• Kubernetes version: (use kubectl version): 1.21
• Kubernetes installer & version:
• Cloud provider or hardware configuration: Linode kubernetes engine
• OS (e.g. from /etc/os-release): not sure, i think debian

[sunjayBhatia]

If you’re using the bitnami helm chart you will need to use the ingress class annotation/spec field which also exists on the HTTPProxy resource and set it to the value the helm chart configures contour to watch for (I believe “contour”)

[ahmed-adly-khalil]

Sounds good, will try it out. Is there another helm chat for contour besides bitnami?

[sunjayBhatia]

No there is not, the bitnami team maintains that chart and Contour maintainers contribute

[ahmed-adly-khalil]

I have added the below to the values of my chat and still no status for the http proxy

contour:
  contour.ingressClass.name: contour

[stevesloka]

@ahmed-adly-khalil can you try setting the Spec.IngressClassName on your HTTPProxy resource to contour?

[ahmed-adly-khalil]

@stevesloka I have added the below and still same

metadata:
  name: contour
  annotations:
    spec.IngressClassName: contour

[sunjayBhatia]

If you are using annotations the key to use is “kubernetes.io/ingress.class” or “projectcontour.io/ingress.class”

metadata:
  name: contour
  annotations:
    kubernetes.io/ingress.class: contour

or

metadata:
  name: contour
  annotations:
    projectcontour.io/ingress.class: contour

[sunjayBhatia]

Otherwise you have to the “ingressClassName” field on the spec of the resource, see https://projectcontour.io/docs/v1.19.0/config/api/#projectcontour.io/v1.HTTPProxySpec

kind: HTTPProxy
metadata:
  name: contour
spec:
  ingressClassName: contour

[ahmed-adly-khalil]

Look at this :D

Now i have the following ingress object with duplicate routing as you can see, do i need to keep this object? trim it and remove the rules section? how it goes from here?

apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
  name: contour
  annotations:
    kubernetes.io/ingress.class: contour
    projectcontour.io/ingress.class: contour
spec:
  ingressClassName: contour
  virtualhost:
    fqdn: api2.blazi.co
    tls:
      secretName: prod-tls
  routes:
    - conditions:
        - prefix: /
      services:
        - name: my-service
          port: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: api2-ingress
  annotations:
    kubernetes.io/ingress.class: contour
    cert-manager.io/issuer: "letsencrypt-prod"
spec:
  tls:
    - hosts:
        - api2.blazi.co
      secretName: prod-tls2
  rules:
    - host: api2.blazi.co
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: my-service
                port:
                  number: 80

---

[stevesloka]

You really don't need both, but I see you have an annotation on the Ingress object to generate certs. Cert-manager won't do the same for HTTPProxy resources via an annotation. I've created a Certificate object in the past to replicate the behavior.

[ahmed-adly-khalil]

Awesome, I will do this.
BTW I want to do the following, is it ok to ask on slack or github discussion?

• JWT authentication through envoy
• external authentication
• URL rewrite -> very useful for react apps

The project looks very promising compared to NGINX where all good features are hidden in the NGINX plus ($5K), I might contribute

[youngnick]

Contour supports configuring external authentication to an Envoy external auth provider, there is a worked example at https://projectcontour.io/guides/external-authorization/, although the contour-authserver is not ready for production use at the moment. This should also be able to support validating JWTs, although we haven't done much work here to make this easier, sorry.

URL rewriting is supported as well, docs are at https://projectcontour.io/docs/v1.19.0/config/request-rewriting/.

Thanks for the kind words about the project, we always welcome new contributors. Please see https://projectcontour.io/community/ for some of the ways you can get started.

With all of that said, it seems like you've been able to solve the initial issue, is there anything you need on this one?

[ahmed-adly-khalil]

@youngnick That was super helpful, Yes the issue now is solved and I will dig deeper during the coming days for the other functionality like JWT and rewrite and will look into how can I contribute.
Thank you so much

[Legion2]

I also run into this problem. Before I updated contour all my HttpProxys worked with contour. However everthing stoped working after the update to the helm chart version 5.7.0. This is because the helm chart set the --ingress-class-name option which forced contour to only use HttpProxy object which has the correct ingressClassName set. However, I have ingressClassName not set and also does not plan to set it. I opened bitnami/charts#8041 to revert the change in the helm chart.