IngressClass not working even when matching --ingress-class-name

[Simon-Boyer]

What steps did you take and what happened:

I have 2 contour deployments of contour in 2 namespace, both deployed using the bitnami helm chart. One is using the default ingressclass (contour), the other is contour-internal. When deploying an HTTPProxy or ingress with the ingressClass contour-internal, it doesnt work and it doesnt populate the status with the load balancer infos.

What did you expect to happen:

Page is accessible through the internal contour and the status.loadbalancer field is populated.

Anything else you would like to add:

values.yaml:

envoy:
        service:
          type: LoadBalancer
contour:
  ingressClass:
    name: contour-internal
    default: false
ingress:
  ingressClassName: contour-internal
namespaceOverride: contour-internal

kubectl get httpproxies.projectcontour.io -n authentik authentik-internal -oyaml :

apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/ingress-class: contour-internal
  creationTimestamp: "2025-04-24T01:17:22Z"
  generation: 7
  name: authentik-internal
  namespace: authentik
  resourceVersion: "43918016"
  uid: ed001511-fc6c-4307-ade2-0435f7cbfb44
spec:
  ingressClassName: contour-internal
  routes:
  - conditions:
    - prefix: /
    enableWebsockets: true
    requestHeadersPolicy:
      set:
      - name: X-Forwarded-For
        value: '%REQ(X-Forwarded-For)%'
      - name: X-Forwarded-Proto
        value: '%REQ(:scheme)%'
    services:
    - name: authentik-server
      port: 80
  virtualhost:
    fqdn: authentik.internal.cedille.club
    tls:
      minimumProtocolVersion: "1.3"
      secretName: authentik-internal-tls
status:
  conditions:
  - lastTransitionTime: "2025-04-30T22:14:28Z"
    message: Valid HTTPProxy
    observedGeneration: 7
    reason: Valid
    status: "True"
    type: Valid
  currentStatus: valid
  description: Valid HTTPProxy
  loadBalancer: {}

contour logs:

time="2025-04-29T14:52:52Z" level=info msg="maxprocs: Updating GOMAXPROCS=1: using minimum allowed GOMAXPROCS"
time="2025-04-29T14:52:52Z" level=info msg="args: [serve --incluster --xds-address=0.0.0.0 --xds-port=8001 --http-port=8000 --envoy-service-http-port=8080 --envoy-service-https-port=8443 --contour-cafile=/certs/ca.crt --contour-cert-file=/certs/tls.crt --contour-key-file=/certs/tls.key --config-path=/config/contour.yaml --envoy-service-namespace=argocd --envoy-service-name=contour-internal-envoy --leader-election-resource-name=contour-internal-contour-internal-contour --log-format=text --kubernetes-debug=0 --ingress-class-name=contour-internal]"
time="2025-04-29T14:52:52Z" level=info msg="Watching Service for Ingress status" envoy-service-name=contour-internal-envoy envoy-service-namespace=argocd
time="2025-04-29T14:52:53Z" level=info msg="started event handler" context=contourEventHandler
time="2025-04-29T14:52:53Z" level=info msg="started HTTP server" address="127.0.0.1:6060" context=debugsvc
time="2025-04-29T14:52:53Z" level=info msg="started HTTP server" address="0.0.0.0:8000" context=metricsvc
time="2025-04-29T14:52:53Z" level=info msg="waiting for the initial dag to be built" context=xds
time="2025-04-29T14:52:53Z" level=info msg="attempting to acquire leader lease contour-internal/contour-internal-contour-internal-contour..." caller="leaderelection.go:250" context=kubernetes
time="2025-04-29T14:52:53Z" level=info msg="performing delayed update" context=contourEventHandler last_update=104.24844ms outstanding=11
time="2025-04-29T14:52:54Z" level=info msg="the initial dag is built" context=xds
time="2025-04-29T14:52:54Z" level=info msg="started xDS server type: \"envoy\"" address="0.0.0.0:8001" context=xds
time="2025-04-29T14:53:09Z" level=info msg="successfully acquired lease contour-internal/contour-internal-contour-internal-contour" caller="leaderelection.go:260" context=kubernetes
time="2025-04-29T14:53:09Z" level=info msg="started status update handler" context=StatusUpdateHandler
time="2025-04-29T14:53:09Z" level=info msg="performing delayed update" context=contourEventHandler last_update=15.684283772s outstanding=1
time="2025-04-30T21:51:16Z" level=info msg="performing delayed update" context=contourEventHandler last_update=30h58m6.462685939s outstanding=1
time="2025-04-30T21:51:16Z" level=info msg="performing delayed update" context=contourEventHandler last_update=131.403131ms outstanding=1
time="2025-04-30T22:14:20Z" level=info msg="performing delayed update" context=contourEventHandler last_update=23m4.376024311s outstanding=1
time="2025-04-30T22:14:28Z" level=info msg="performing delayed update" context=contourEventHandler last_update=8.176112879s outstanding=1

Envoy logs:

Defaulted container "shutdown-manager" out of: shutdown-manager, envoy, envoy-initconfig (init)
time="2025-04-23T22:59:49Z" level=info msg="maxprocs: Updating GOMAXPROCS=1: using minimum allowed GOMAXPROCS"
time="2025-04-23T22:59:49Z" level=info msg="started envoy shutdown manager" context=shutdown-manager

Environment:

• Contour version: 1.30.3
• Kubernetes version: (use kubectl version): v1.30.0
• Kubernetes installer & version: N/A
• Cloud provider or hardware configuration: Proxmox
• OS (e.g. from /etc/os-release): Talos OS

[github-actions]

Hey @Simon-Boyer! Thanks for opening your first issue. We appreciate your contribution and welcome you to our community! We are glad to have you here and to have your input on Contour. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace

[sunjayBhatia]

just to double check looks like you have --envoy-service-namespace=argocd --envoy-service-name=contour-internal-envoy, is that intended/correct? (particularly the namespace flag there)

[sunjayBhatia]

given there is no log of received a new address for status.loadBalancer from here:

contour/cmd/contour/ingressstatus.go

Lines 117 to 118 in 74c0c31

	isw.log.WithField("loadbalancer-address", lbAddress(lbs)).
	Info("received a new address for status.loadBalancer")

i think the load balancer watcher informer was probably never fired bc that service in that ns might not exist

[Simon-Boyer]

I didn't noticed that, the namespace is definetly not intended! No idea where it's coming from tho, any idea what could set that from the helm chart? I'll investigate a bit on my side too, it's really weird.

[github-actions]

The Contour project currently lacks enough contributors to adequately respond to all Issues.

This bot triages Issues according to the following rules:

• After 60d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, the Issue is closed

You can:

• Mark this Issue as fresh by commenting
• Close this Issue
• Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack