VMware is proud to present version 1.0.0-beta.1 of Contour, our layer 7 HTTP reverse proxy for Kuberentes clusters. As always, without the help of the many community contributors this release would not have been possible. Thank you!
Contour 1.0.0-beta.1 is the first beta release along the path to Contour 1.0.
The current stable release at this time remains Contour 0.15.0.
New and improved
Contour 1.0.0-beta.1 contains many bug fixes and improvements.
Over a year ago Contour 0.6 introduced a new CRD, IngressRoute. IngressRoute was our attempt to address the issues preventing Kubernetes developers from utilising modern web development patterns in multi tenant Kubernetes clusters.
As part of preparations for bring Contour to 1.0 IngressRoute has been renamed to HTTPProxy. This name reflects both the procedural changes necessitated by the Heptio acquisition and the desire to clarify Contour's role in the crowded Kubernetes networking space.
HTTPProxy brings with it two new concepts--inclusion and conditions--both of which, like the transition from IngressRoute to HTTPProxy, represent evolutions of the delegation model and our limited support for prefix based matching.
For more information, please consult the HTTPProxy documentation.
None of this work would have been possible without the dedication of @stevesloka. Thank you does not sufficiently capture the amount of effort Steve has dedicated to this feature.
With the introduction of HTTPProxy, IngressRoute CRD is now marked as deprecated.
The IngressRoute CRD will be supported in its current state until the Contour 1.0.0 release and will be removed shortly after.
For more information please read the IngressRoute to HTTPProxy upgrade guide
By default Envoy emits request logs in its own format. See the Envoy docs for details.
Contour 1.0.0-beta1 adds support for JSON formatted logs. To enable JSON formatted logs, either add
--accesslog-format=json to your
contour serve line, or add
accesslog-format: json to your config file.
Leader election no longer blocks the opening of the xDS serving port. All Contours serve xDS, the leadership will control which Contour writes status updates. This work is ongoing and is documented in #1385.
Leader election now uses a ConfigMap named
leader-elect in the
projectcontour namespace by default.
This can be changed using the config file.
Because of this, rolling updates will now complete, and the example Contour Deployment has been reverted to the RollingUpdate strategy.
Contour image registry changes
Contour's image registry has moved from
v1.0.0-beta.1 tag is only available in
For convenience the
:latest tags are available in both repositories. Once Contour 1.0.0 final is release the
:latest tag will move to
docker.io/projectcontour/contour. Even if you are remaiing on
:v0.15.0 until the final release of Contour 1.0.0 please update your image locations to
GitHub organization changes
Contour's source code has moved from
GitHub is pretty good about redirecting people for a time, but eventually the
github.com/heptio organization will go away and redirects will cease. Please update your bookmarks.
Contour namespace changes
Contour's default namespace has changed from
Several of the
examples/ sample manifests have been removed as part of the preparations for the 1.0.0 release.
TLS Passthrough and HTTP redirect
Under certain circumstances it is now possible to combine TLS passthrough on port 443 with port 80 served from the same service. The use case for this feature is the application on port 80 can provide a helpful message when the service on port 443 does not speak HTTPS.
Per route traffic mirroring
Per route a service can be nominated as a mirror. The mirror service will receive a copy of the read traffic sent to any non mirror service. The mirror traffic is considered read only, any response by the mirror will be discarded.
Per route idle timeout
Per route idle timeouts can be configured via the HTTPProxy CRD.
Contour ignores unrelated Secrets
Contour now ignores Secrets which are not related to Ingress, IngressRoute, HTTPProxy, or TLSCertificateDelegation operations.
This substantially reduces the number of updates processed by Contour.
Contour filters Endpoint updates
Contour now supports filtering update notifications in some circumstances. Specifically Envoy's EDS watches will no longer fire unless the specific EDS entry requested is updated. This should significantly reduce the number of spurious EDS updates send to Envoy.
contourbinary now executes a graceful shutdown when sent SIGTERM. Thanks @alexbrand. Fixes #1364.
- Contour now preserves the
X-Request-Idheader if present. Fixes #1509.
- Contour's quickstart documentation now references the current stable version of Contour. Fixes #952.
- Contour will no longer present a secret via SDS if that secret is not referenced by a valid virtualhost. #1165
envoyproxy/go-control-planepackage has nbeen upgraded to version 0.9.0.
go-control-plane0.9.0 switches to the
google/protobuflibrary which results in a 4mb smaller binary. Neat.
CONTRIBUTINGdocumentation has been updated to encourage contributors to squash their commits. Thanks @stevesloka.
- The markup of several of our pages has been corrected to render properly on GitHub. Thanks @sudeeptoroy.
/healthzendpoint has been replaced with
/readyfor Pod readiness. Fixes #1277. Thanks @rochacon.
- IngressRoute objects now forbid
*anywhere in the
spec.virtualhost.fqdnfield. Fixes #1234.
- Contour is built with Go 1.13.1.
Contour will no longer serve an a broken TLS virtualhost over HTTP
In the case where an IngressRoute had a missing or invalid TLS secret Contour would serve the IngressRoute over HTTP. Contour now detects the case where a TLS enabled IngressRoute is missing its certificate and will not present the virtualhost over HTTP or HTTPS.
Minor bug fixes
- Contour now rejects IngressRoute and HTTPProxy objects that delegate to another root IngressRoute or HTTPProxy object. Fixes #865.
- An error where IngressRoute's status is not set when it references an un-delegated TLS cert has been fixed. Fixes #1347.
Please consult the Upgrading document for further information on upgrading from Contour 0.15 to Contour 1.0.0-beta.1