Contour in conjunction with TKG/TKGI will work with NodePort and LoadBalancer service type.

However, testing the HTTP/HTTPS connection to Contour's envoy might not work as the ports will remain closed. Even though the deployment may show the following:

$ kubectl get service -n contourdeployment
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
contour ClusterIP 10.###.###.159 <none> 8001/TCP 3m9s
envoy LoadBalancer 10.###.###.242 <pending> 80:31765/TCP,443:30536/TCP 3m9s

Assuming that 10.10.1.10 is an IP of one of the nodes in the cluster, when running nmap, it may appear that ports 80 and 443 are closed.

$ sudo nmap -sT -p- 10.10.1.10
Starting Nmap 6.40 ( http://nmap.org )
Nmap scan report for 10.10.1.10
Host is up (0.0093s latency).
Not shown: 65527 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind

Until there is a service defined to use the Contour, it will not start any envoy load balancer service. Once the workload applications have been deployed on the cluster, Contour will detect them and open the ports:

$ sudo nmap -sT -p- 10.10.1.10
Starting Nmap 6.40 ( http://nmap.org )
Nmap scan report for 10.10.1.10
Host is up (0.0093s latency).
Not shown: 65527 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https

When you configure the workload, you then configure Ingress for this workload. This essentially creates the rules on the Ingress controller to route the traffic to the pods.

Please have a look at the following example on how to test the Contour deployment.