github.com/projectcontour/contour@v1.28.2/site/content/docs/v1.8.1/troubleshooting.md

github.com/projectcontour/contour@v1.28.2/site/content/docs/v1.8.1/troubleshooting.md (about)

     1  This document contains suggestions for debugging issues with your Contour installation.
     2  
     3  ## Envoy container not listening on port 8080 or 8443
     4  
     5  Contour does not configure Envoy to listen on a port unless there is traffic to be served.
     6  For example, if you have not configured any TLS ingress objects then Contour does not command Envoy to open port 8443 (443 in the service object).
     7  Because the HTTP and HTTPS listeners both use the same code, if you have no ingress objects deployed in your cluster, or if no ingress objects are permitted to talk on HTTP, then Envoy does not listen on port 8080 (80 in the service object).
     8  
     9  To test whether Contour is correctly deployed you can deploy the kuard example service:
    10  
    11  ```sh
    12  $ kubectl apply -f https://projectcontour.io/examples/kuard.yaml
    13  ```
    14  
    15  ## Access the Envoy admin interface remotely
    16  
    17  Getting access to the Envoy admin interface can be useful for diagnosing issues with routing or cluster health.
    18  
    19  The Envoy admin interface is bound by default to `http://127.0.0.1:9001`.
    20  To access it from your workstation use `kubectl port-forward` like so,
    21  
    22  ```sh
    23  # Get one of the pods that matches the Envoy daemonset
    24  ENVOY_POD=$(kubectl -n projectcontour get pod -l app=envoy -o name | head -1)
    25  # Do the port forward to that pod
    26  kubectl -n projectcontour port-forward $ENVOY_POD 9001
    27  ```
    28  
    29  Then navigate to `http://127.0.0.1:9001/` to access the admin interface for the Envoy container running on that pod.
    30  
    31  ## Accessing Contour's /debug/pprof service
    32  
    33  Contour exposes the [net/http/pprof][1] handlers for `go tool pprof` and `go tool trace` by default on `127.0.0.1:6060`.
    34  This service is useful for profiling Contour.
    35  To access it from your workstation use `kubectl port-forward` like so,
    36  
    37  ```sh
    38  # Get one of the pods that matches the Contour deployment
    39  CONTOUR_POD=$(kubectl -n projectcontour get pod -l app=contour -o name | head -1)
    40  # Do the port forward to that pod
    41  kubectl -n projectcontour port-forward $CONTOUR_POD 6060
    42  ```
    43  
    44  ## Visualizing Contour's internal directed acyclic graph (DAG)
    45  
    46  Contour models its configuration using a DAG, which can be visualized through a debug endpoint that outputs the DAG in [DOT][2] format.
    47  To visualize the graph, you must have [`graphviz`][3] installed on your system.
    48  
    49  To download the graph and save it as a PNG:
    50  
    51  ```sh
    52  # Port forward into the contour pod
    53  CONTOUR_POD=$(kubectl -n projectcontour get pod -l app=contour -o name | head -1)
    54  # Do the port forward to that pod
    55  kubectl -n projectcontour port-forward $CONTOUR_POD 6060
    56  # Download and store the DAG in png format
    57  curl localhost:6060/debug/dag | dot -T png > contour-dag.png
    58  ```
    59  
    60  The following is an example of a DAG that maps `http://kuard.local:80/` to the
    61  `kuard` service in the `default` namespace:
    62  
    63  ![Sample DAG][4]
    64  
    65  ## Interrogate Contour's gRPC API
    66  
    67  Sometimes it's helpful to be able to interrogate Contour to find out exactly the data it is sending to Envoy.
    68  Contour ships with a `contour cli` subcommand which can be used for this purpose.
    69  
    70  Because Contour secures its communications with Envoy using Secrets in the cluster, the easiest way is to run `contour cli` commands _inside_ the pod.
    71  Do this is via `kubectl exec`:
    72  
    73  ```sh
    74  # Get one of the pods that matches the examples/daemonset
    75  CONTOUR_POD=$(kubectl -n projectcontour get pod -l app=contour -o jsonpath='{.items[0].metadata.name}')
    76  # Do the port forward to that pod
    77  kubectl -n projectcontour exec $CONTOUR_POD -c contour -- contour cli lds --cafile=/ca/cacert.pem --cert-file=/certs/tls.crt --key-file=/certs/tls.key
    78  ```
    79  
    80  Which will stream changes to the LDS api endpoint to your terminal.
    81  Replace `contour cli lds` with `contour cli rds` for RDS, `contour cli cds` for CDS, and `contour cli eds` for EDS.
    82  
    83  ## I've deployed on Minikube or kind and nothing seems to work
    84  
    85  See [the deployment documentation][5] for some tips on using these two deployment options successfully.
    86  
    87  [1]: https://golang.org/pkg/net/http/pprof
    88  [2]: https://en.wikipedia.org/wiki/DOT
    89  [3]: https://graphviz.gitlab.io/
    90  [4]: /img/kuard-dag.png
    91  [5]: {% link docs/main/deploy-options.md %}