VMware is enraptured to present version 1.0.0-rc.2 of Contour, our layer 7 HTTP reverse proxy for Kuberentes clusters. As always, without the help of the many community contributors this release would not have been possible. Thank you!
Contour 1.0.0-rc.2 is the second, and hopefully last, release candidate on the path to Contour 1.0.
The current stable release at this time remains Contour 0.15.3.
New and improved
Contour 1.0.0-rc.2 contains many bug fixes and improvements over rc.1.
As part of the continued preparations for the 1.0 release Contour's documentation has been relocated to the https://projectcontour.io website. Specifically;
- The Getting Started documentation has moved to projectcontour.io/getting-started
- Guides and How-to's have moved to projectcontour.io/guides
- Versioned release documentation has moved to projectcontour.io/docs
- Project related and non-versioned documentation has moved to projectcontour.io/resources
Huge thanks to @jpeach for his work re-organising and copy editing the website content.
IngressRoute and HTTPProxy status update improvements
IngressRoute and HTTPProxy status updates are now performed by the lead Contour in the deployment. The lead Contour is determined via Kubernetes' standard leader election mechanisms.
If leader election is disabled, all Contours will write status back to the Kubernetes API.
HTTPProxy and IngressRoute OpenAPIv3 schema validation
Contour 1.0.0-rc.2 includes updated OpenAPIv3 schema validations. These schemas are automatically generated from the CRD documents themselves and should be more complete and consistent than the previous hand rolled versions.
Contour 1.0.0-rc.2 now supports TCPProxy delegation. See the relevant section in the HTTPProxy documentation.
Envoy keepalive tuning
Contour 1.0.0-rc.2 addresses an issue where connections between Contour and Envoy could become stuck half-open (one side thinks the connection is open, the other side doesn't) or half-closed (one side closes the connection, the other side never gets the message).
The common theme was the cluster was using an overlay network which suggested the overlay was timing out long running TCP connections. Contour 1.0.0-rc.2 configures various keep alive mechanisms to detect networking issues between Envoy and Contour.
This fix is also included in Contour 0.15.3 and later.
Contour now waits for a full cache.
Contour now delays serving traffic to Envoy until each of the API informers caught up to the API server. This changes reduces the likelyhood that Envoy can connect to a Contour instance in the process of startup and thus observe an incomplete view of the cluster.
- The ability to write the bootstrap configuration to standard out via
contour bootstrap -- -has been added. Thanks @jpeach.
- Contour now validates that TLS certificates either bare the type
kubernetes.io/tlsor, in the case of upstream validation certificates, contain a non empty
ca.crtkey. Fixes #1697. Thanks @jpeach.
x_trace_idhas been added to the set of JSON loggable fields. Fixes #1734. Thanks @cw-sakamoto!
- Obsolute Heptio branding has been removed from
contour cli. Thanks @jpeach.
- Contour is built with Go 1.13.3.
TLS certificate validation improvements
Contour 1.0.0-rc.2 improves the TLS certificate validation added in rc.1. Contour is now less likely to reject valid certificates that contain unexpected elliptic curve parameters.
This fix is also included in Contour 0.15.2 and later.
Minor bug fixes
- Many documentation updates and improvements. Thanks @stevesloka, @youngnick, @jpeach.
- Ingress, IngressRoute, and HTTPProxy route conditions are now properly ordered. Fixes #1579. Thanks @jpeach.
- Incorrect, and as it turns out superflous, settings removed from
.travis.yml. Thanks @SDBrett.
- The First Route custom field has been removed from the HTTPProxy CRD. Updates #1567. Thanks @youngnick.
Please consult the Upgrading document for further information on upgrading from Contour 1.0.0-rc.1 to Contour 1.0.0-rc.2.