Contour supports HTTPS (TLS/SSL) ingress by integrating Envoy’s SNI support. Certificates must be provisioned which are saved as Kubernetes secrets and get passed to Envoy. A common way to implement this is to use JetStack’s Cert Manager.
Enabling TLS support requires Contour version 0.3 or later. You must also add an entry for port 443 to your
contour service object.
If you deploy behind an AWS Elastic Load Balancer, see EC2 ELB PROXY protocol support for special instructions.