github.com/projectcontour/contour@v1.28.2/site/content/docs/v1.5.0/configuration.md (about) 1 # Contour Configuration Reference 2 3 ## Configuration File 4 5 A configuration file can be passed to the `--config-path` argument of the `contour serve` command to specify additional configuration to Contour. 6 In most deployments, this file is passed to Contour via a ConfigMap which is mounted as a volume to the Contour pod. 7 8 The Contour configuration file is optional. 9 In its absence, Contour will operate with reasonable defaults. 10 Where Contour settings can also be specified with command-line flags, the command-line value takes precedence over the configuration file. 11 12 | Field Name | Type | Default | Description | 13 |------------|------|---------|-------------| 14 | accesslog-format | string | `envoy` | This key sets the global [access log format][2] for Envoy. Valid options are `envoy` or `json`. | 15 | debug | boolean | `false` | Enables debug logging. | 16 | disablePermitInsecure | boolean | `false` | If this field is true, Contour will ignore `PermitInsecure` field in HTTPProxy documents. | 17 | envoy-service-name | string | `envoy` | This sets the service name that will be inspected for address details to be applied to Ingress objects. | 18 | envoy-service-namespace | string | `projectcontour` | This sets the namespace of the service that will be inspected for address details to be applied to Ingress objects. | 19 | ingress-status-address | string | None | If present, this specifies the address that will be copied into the Ingress status for each Ingress that Contour manages. It is exclusive with `envoy-service-name` and `envoy-service-namespace`.| 20 | incluster | boolean | `false` | This field specifies that Contour is running in a Kubernetes cluster and should use the in-cluster client access configuration. | 21 | json-fields | string array | [fields][5]| This is the list the field names to include in the JSON [access log format][2]. | 22 | kubeconfig | string | `$HOME/.kube/config` | Path to a Kubernetes [kubeconfig file][3] for when Contour is executed outside a cluster. | 23 | leaderelection | leaderelection | | The [leader election configuration](#leader-election-configuration). | 24 | request-timeout | [duration][4] | `0s` | This field specifies the default request timeout as a Go duration string. Zero means there is no timeout. | 25 | tls | TLS | | The default [TLS configuration](#tls-configuration). | 26 27 28 ### TLS Configuration 29 30 The TLS configuration block can be used to configure default values for how 31 Contour should provision TLS hosts. 32 33 | Field Name | Type| Default | Description | 34 |------------|-----|----------|-------------| 35 | minimum-protocol-version| string | `""` | This field specifies the minimum TLS protocol version that is allowed. Valid options are `1.2` and `1.3`. Any other value defaults to TLS 1.1. | 36 | fallback-certificate | | | [Fallback certificate configuration](#fallback-certificate). | 37 38 39 ### Fallback Certificate 40 41 | Field Name | Type| Default | Description | 42 |------------|-----|----------|-------------| 43 | name | string | `""` | This field specifies the name of the Kubernetes secret to use as the fallback certificate. | 44 | namespace | string | `""` | This field specifies the namespace of the Kubernetes secret to use as the fallback certificate. | 45 46 47 ### Leader Election Configuration 48 49 The leader election configuration block configures how a deployment with more than one Contour pod elects a leader. 50 The Contour leader is responsible for updating the status field on Ingress and HTTPProxy documents. 51 In the vast majority of deployments, only the `configmap-name` and `configmap-namespace` fields should require any configuration. 52 53 | Field Name | Type | Default | Description | 54 |------------|------|---------|-------------| 55 | configmap-name | string | `leader-elect` | The name of the ConfigMap that Contour leader election will lease. | 56 | configmap-namespace | string | `projectcontour` | The namespace of the ConfigMap that Contour leader election will lease. If the `CONTOUR_NAMESPACE` environment variable is present, Contour will populate this field with its value. | 57 | lease-duration | [duration][4] | `15s` | The duration of the leadership lease. | 58 | renew-deadline | [duration][4] | `10s` | The length of time that the leader will retry refreshing leadership before giving up. | 59 | retry-period | [duration][4] | `2s` | The interval at which Contour will attempt to the acquire leadership lease. | 60 61 62 ### Configuration Example 63 64 The following is an example ConfigMap with configuration file included: 65 66 ```yaml 67 apiVersion: v1 68 kind: ConfigMap 69 metadata: 70 name: contour 71 namespace: projectcontour 72 data: 73 contour.yaml: | 74 # should contour expect to be running inside a k8s cluster 75 # incluster: true 76 # 77 # path to kubeconfig (if not running inside a k8s cluster) 78 # kubeconfig: /path/to/.kube/config 79 # 80 # disable ingressroute permitInsecure field 81 # disablePermitInsecure: false 82 tls: 83 # minimum TLS version that Contour will negotiate 84 # minimumProtocolVersion: "1.1" 85 fallback-certificate: 86 # name: fallback-secret-name 87 # namespace: projectcontour 88 # The following config shows the defaults for the leader election. 89 # leaderelection: 90 # configmap-name: leader-elect 91 # configmap-namespace: projectcontour 92 ``` 93 94 _Note:_ The default example `contour` includes this [file][1] for easy deployment of Contour. 95 96 [1]: {{< param github_url >}}/tree/{{page.version}}/examples/contour/01-contour-config.yaml 97 [2]: /guides/structured-logs 98 [3]: https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/ 99 [4]: https://golang.org/pkg/time/#ParseDuration 100 [5]: https://godoc.org/github.com/projectcontour/contour/internal/envoy#DefaultFields