Skip to content

Per-listener ingress controller override#241

Open
azun wants to merge 5 commits intomasterfrom
feature/per-listener-ingress-controller
Open

Per-listener ingress controller override#241
azun wants to merge 5 commits intomasterfrom
feature/per-listener-ingress-controller

Conversation

@azun
Copy link
Copy Markdown

@azun azun commented Apr 8, 2026
edited
Loading

Description

Add ingressController override for external listeners. This allows configuring and using different controllers than the cluster default.

Type of Change

  • Bug Fix
  • New Feature
  • Breaking Change
  • Refactor
  • Documentation
  • Other (please describe)

Checklist

  • I have read the contributing guidelines
  • Existing issues have been referenced (where applicable)
  • I have verified this change is not present in other open pull requests
  • Functionality is documented
  • All code style checks pass
  • New code contribution is covered by automated tests
  • All new and existing tests pass

@azun azun force-pushed the feature/per-listener-ingress-controller branch 2 times, most recently from 0c8c819 to 1ea750c Compare April 8, 2026 15:54
@azun azun force-pushed the feature/per-listener-ingress-controller branch from 1ea750c to f7b56ae Compare April 9, 2026 13:57
@dobrerazvan
Copy link
Copy Markdown

dobrerazvan commented Apr 16, 2026
edited
Loading

@azun I tested this PR and i found a bug what manifests when you change the fqdns it duplicates the resources:

 kubectl get httpproxies.projectcontour.io
NAME                  FQDN                  TLS SECRET                 STATUS   STATUS DESCRIPTION
b-0-kafka.dev.local   b-0-kafka.dev.local   projectcontour/envoycert   valid    Valid HTTPProxy
b-0-kafka.local.dev   b-0-kafka.local.dev   projectcontour/envoycert   valid    Valid HTTPProxy
b-1-kafka.dev.local   b-1-kafka.dev.local   projectcontour/envoycert   valid    Valid HTTPProxy
b-1-kafka.local.dev   b-1-kafka.local.dev   projectcontour/envoycert   valid    Valid HTTPProxy
b-2-kafka.dev.local   b-2-kafka.dev.local   projectcontour/envoycert   valid    Valid HTTPProxy
b-2-kafka.local.dev   b-2-kafka.local.dev   projectcontour/envoycert   valid    Valid HTTPProxy
kafka.local.dev       kafka.local.dev       projectcontour/envoycert   valid    Valid HTTPProxy

Same for the shared httpproxy (kafka.local.dev), i just deleted the other one.

I was using the ingress manifest:

externalListeners:
      - accessMethod: ClusterIP
        ingressController: "contour"
        anyCastPort: 443
        config:
          defaultIngressConfig: ""
          ingressConfig:
            external:
              contourIngressConfig:
                brokerFQDNTemplate: b-%id-kafka.local.dev
                tlsSecretName: projectcontour/envoycert
              hostnameOverride: kafka.local.dev
        containerPort: 29095
        externalStartingPort: -1
        name: external
        type: plaintext
        usedForInnerBrokerCommunication: false

@dobrerazvan
Copy link
Copy Markdown

dobrerazvan commented Apr 16, 2026

@azun I tested this PR and i found a bug what manifests when you change the fqdns it duplicates the resources:

 kubectl get httpproxies.projectcontour.io
NAME                  FQDN                  TLS SECRET                 STATUS   STATUS DESCRIPTION
b-0-kafka.dev.local   b-0-kafka.dev.local   projectcontour/envoycert   valid    Valid HTTPProxy
b-0-kafka.local.dev   b-0-kafka.local.dev   projectcontour/envoycert   valid    Valid HTTPProxy
b-1-kafka.dev.local   b-1-kafka.dev.local   projectcontour/envoycert   valid    Valid HTTPProxy
b-1-kafka.local.dev   b-1-kafka.local.dev   projectcontour/envoycert   valid    Valid HTTPProxy
b-2-kafka.dev.local   b-2-kafka.dev.local   projectcontour/envoycert   valid    Valid HTTPProxy
b-2-kafka.local.dev   b-2-kafka.local.dev   projectcontour/envoycert   valid    Valid HTTPProxy
kafka.local.dev       kafka.local.dev       projectcontour/envoycert   valid    Valid HTTPProxy

Same for the shared httpproxy (kafka.local.dev), i just deleted the other one.

I was using the ingress manifest:

externalListeners:
      - accessMethod: ClusterIP
        ingressController: "contour"
        anyCastPort: 443
        config:
          defaultIngressConfig: ""
          ingressConfig:
            external:
              contourIngressConfig:
                brokerFQDNTemplate: b-%id-kafka.local.dev
                tlsSecretName: projectcontour/envoycert
              hostnameOverride: kafka.local.dev
        containerPort: 29095
        externalStartingPort: -1
        name: external
        type: plaintext
        usedForInnerBrokerCommunication: false

Indeed setting removeUnusedIngressResources removes the prev httpproxy resources:

kubectl get httpproxies.projectcontour.io
NAME                  FQDN                  TLS SECRET                 STATUS   STATUS DESCRIPTION
c-0-kafka.local.dev   c-0-kafka.local.dev   projectcontour/envoycert   valid    Valid HTTPProxy
c-1-kafka.local.dev   c-1-kafka.local.dev   projectcontour/envoycert   valid    Valid HTTPProxy
c-2-kafka.local.dev   c-2-kafka.local.dev   projectcontour/envoycert   valid    Valid HTTPProxy
kafka.local.dev       kafka.local.dev       projectcontour/envoycert   valid    Valid HTTPProxy

Not a bug

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@azun @dobrerazvan