Contour 1.7.0
We are delighted to present version 1.7.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
Special thanks to Chad Moon (@moondev) who helped find and debug some issues with fallback certificate support.
New and improved
Upgraded to Envoy 1.15.0
This Contour release upgrades the default Envoy version from 1.14.3 to 1.15.0. All Contour users should upgrade to this release.
Configurable Timeouts
The Contour config file now has a timeouts block that allows various Envoy timeouts to be configured. In particular, the following timeouts are now configurable: request-timeout, connection-idle-timeout, stream-idle-timeout, max-connection-duration, and connection-shutdown-grace-period. See the documentation for more information.
Deprecation Notice: the request-timeout field in the config file is now deprecated and has been replaced by timeouts.request-timeout. The deprecated field will be removed in a future release. If you use this field, you should switch to using timeouts.request-timeout.
(Associated PRs #2726 #2675 #2632 #2661 #2670)
Thanks to @skriss for adding these configuration settings.
Add Conditions to HTTPProxy and TLSCertificateDelegation CRDs
HTTPProxy and TLSCertificateDelegation now each have a Status.Conditions field. These fields are currently left unpopulated. Over time, Contour will use these fields to report significantly more information about the current state of resources.
(Associated PR #2706)
Thanks to @youngnick for designing and implementing this feature.
Fallback Certificate Fixes
Two bugs (#2720, #2733) were found related to the fallback certificate feature which was introduced in v1.5.0. The Envoy secret for the certificate was not being configured, and the http.Router filter was not being configured on the HTTP connection manager. Both issues have been fixed in this release.
Thanks to @moondev for reporting these issues, and to @jpeach for turning around quick fixes!
TCP Keepalives on Listener Sockets
@erwbgy noticed that Contour was not configuring TCP keepalives for the Envoy listener sockets, and contributed a patch to add support for this in #2638. Thanks @erwbgy for the contribution!
Add Conditions to HTTPProxy RetryPolicy
@KevinSnyderCodes added two new fields to RetryPolicy, to better control when Envoy retries requests for a given route. The first, retryOn, allows the user to specify a subset of conditions under which requests should be retried. The second, retriableStatusCodes, enables only a specific set of HTTP response codes to be retried.
Thanks @KevinSnyderCodes for requesting, designing, and implementing this feature!
(Associated PR #2646)
Shutdown Manager Changes
The shutdown manager has been modified to use an Exec preStop hook to trigger the Envoy shutdown sequence.
Thanks @stevesloka for implementing this change.
(Associated PR #2751)
Upgrading
Please consult the upgrade documentation.
Are you a Contour user? We would love to know!
If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.