Bump github.com/projectcontour/contour from 1.18.2 to 1.20.0

[dependabot]

Bumps github.com/projectcontour/contour from 1.18.2 to 1.20.0.

Release notes

Sourced from github.com/projectcontour/contour's releases.

Contour v1.20.0

We are delighted to present version v1.20.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.

A big thank you to everyone who contributed to the release.

Major Changes

Gateway API v1alpha2 support

Contour now exclusively supports Gateway API v1alpha2, the latest available version. This version of Gateway API has a number of breaking changes, which are detailed in the Gateway API changelog. Contour currently supports a single GatewayClass and associated Gateway, and HTTPRoutes and TLSRoutes that attach to the Gateway. TCPRoute and UDPRoute are not supported. For a list of other functionality that remains to be implemented, see Contour's area/gateway-api label.

As part of this change, support for Gateway API v1alpha1 has been dropped, and any v1alpha1 resources will not be automatically converted to v1alpha2 resources because the API has moved to a different API group (from networking.x-k8s.io to gateway.networking.k8s.io).

(#4047, @​skriss)

xDS management connection between Contour and Envoy set to TLSv1.3

The minimum accepted TLS version for Contour xDS server is changed from TLSv1.2 to TLSv1.3. Previously in Contour 1.19, the maximum accepted TLS version for Envoy xDS client was increased to TLSv1.3 which allows it to connect to Contour xDS server using TLSv1.3.

If upgrading from a version prior to Contour 1.19, the old Envoys will be unable to connect to new Contour until also Envoys are upgraded. Until that, old Envoys are unable to receive new configuration data.

For further information, see Contour architecture and xDS API in Envoy documentation.

(#4065, @​tsaarni)

Minor Changes

Metrics over HTTPS

Both Envoy and Contour metrics can now be served over HTTPS. Server can alternatively also require client to present certificate which is validated against configured CA certificate. This feature makes it possible to limit the visibility of metrics to authorized clients.

(#3707, @​tsaarni)

Performance improvement for processing configuration

The performance of Contour's configuration processing has been made more efficient, particularly for clusters with large numbers (i.e. >1k) of HTTPProxies and/or Ingresses. This means that there should be less of a delay between creating/updating an HTTPProxy/Ingress in Kubernetes, and having it reflected in Envoy's configuration.

(#4099, @​skriss)

Allow retry policy, num retries to be zero

... (truncated)

Commits

• 4856853 hack/actions: fix release image tag fetching (#4311)
• 367d747 Update Contour Docker image to v1.20.0.
• 417410a [release-1.20 branch] fix envoy deployment release (#4308)
• d33705a v1.20.0 site updates (#4302)
• 099c100 Add Flyte as adopter (#4299)
• 303f316 Bump Envoy to v1.21.0 (#4273)
• 0541ccc site: update the Getting Started guide (#4288)
• cc47826 cmd/contour: pass ApplyToIngress flag to DAG processor (#4287)
• b59d09c test/e2e: enable retrying flaky tests (#4286)
• dbaa2a6 hack/release: allow GitHub usernames with '-' (#4284)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[k8s-ci-robot]

@dependabot[bot]: rebase

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
To complete the pull request process, please assign raffo after the PR has been reviewed.
You can assign the PR to them by writing /assign @raffo in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

@dependabot[bot]: rebase

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.