Skip to content

Releases: projectcontour/contour

Contour 1.8.1

03 Sep 01:01
@youngnick youngnick
v1.8.1
3e34f4b
Compare
Choose a tag to compare
Contour 1.8.1

We are releasing a patch release for Contour to address a significant performance improvement recently identified by @mattmoor (Thanks Matt!) All previous versions of Contour are affected, and users should upgrade as soon as they can.

When Contour ingests Kubernetes objects it builds a data model (called "the DAG" internally), and once the data model is built, it is used to update status of HTTPProxy objects and to configure the Envoys.

Previous to this release, when the HTTPProxy status updates were sent, they would block the completion of the DAG run, and thus the programming of Envoy. In addition, the way Contour was sending the updates generated more apiserver traffic that it needed to, and could very easily hit apiserver rate-limiting, causing large groups of status updates to add minutes to the DAG reconcilation time (and thus the Envoy programming time).

This release should produce performance improvements in all Contour installations, but they will probably be most noticeable in big clusters with lots of churn.

Extra Changes included

@mattmoor: Replace uncached Get to fix knative-extensions/net-contour#226 (#2865)

@youngnick: internal/k8s: Change StatusUpdaterHandler channel to buffered (#2867)

Contour 1.8.0 Release Notes

We are delighted to present version 1.8.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.

There's been a bunch of great contributions from our community for this release, thanks to everyone!

We've also been busy with some big refactors to testing and other internals. The testing changes have come in, but the others should start being landed in the 1.9 timeframe. So this release is a stablisation release. Yay for paying down some tech debt!

Deprecations

Currently Contour supports annotating various objects with either projectcontour.io/<something> or contour.heptio.com/<something>. As of this release, contour.heptio.com annotations are deprecated, will have a warning log, and will be removed in a future release. Please move to using projectcontour.io annotations.

Inclusive Language changes

To ensure our community is as welcoming as possible, we've migrated our main development branch from its old name of master to main. As part of this effort, the auto-built Docker Hub image tag has also been moved from master to main.

Moving forward, we'll be using the guidelines of the Kubernetes Naming working group as a base for our own efforts to stay as inclusive as we can manage.

As part of this work, we've also run some automated checks against our code base using the vale tool, with minimal changes.

New and Improved

  • Contour's fix for 421 redirects and SNI now handles misdirected requests case insensitively (#2764)
  • There have a been a few improvements to Contour's shutdown behavior: @laurovenancio has fixed some bugs with the contour shutdown command for managing Envoy's shutdown process (#2817 and #2820), and there was a fix to ensure that Ctrl-C will actually shut down Contour when running locally (#2797).
  • @ffahri added some helpers for retrieving the version of Kubernetes objects, and fixed an erroneous log (#2808).
  • @tsaarni added upstream certificate validation for HTTP/2 (#2832).
  • Contour now parses its YAML configuration strictly. Thanks @tthebst for PR #2765.
  • Some great docs fixes from @derkoe (#2790), @rajat404 (#2804), and @tong101 (#2839).
  • @aberasarte had a design proposal for CORS accepted (#1012), after a long and detailed discussion. We're all looking forward to seeing this design implemented.

Thanks to all of our external contributors, this is the most ever in one release! 🥇 🎉

Upgrading

Please consult the upgrade documentation.

Are you a Contour user? We would love to know!

If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.

Loading

Contour 1.8.0

28 Aug 03:34
@youngnick youngnick
v1.8.0
cff401c
Compare
Choose a tag to compare
Contour 1.8.0

We are delighted to present version 1.8.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.

There's been a bunch of great contributions from our community for this release, thanks to everyone!

We've also been busy with some big refactors to testing and other internals. The testing changes have come in, but the others should start being landed in the 1.9 timeframe. So this release is a stablisation release. Yay for paying down some tech debt!

Deprecations

Currently Contour supports annotating various objects with either projectcontour.io/<something> or contour.heptio.com/<something>. As of this release, contour.heptio.com annotations are deprecated, will have a warning log, and will be removed in a future release. Please move to using projectcontour.io annotations.

Inclusive Language changes

To ensure our community is as welcoming as possible, we've migrated our main development branch from its old name of master to main. As part of this effort, the auto-built Docker Hub image tag has also been moved from master to main.

Moving forward, we'll be using the guidelines of the Kubernetes Naming working group as a base for our own efforts to stay as inclusive as we can manage.

As part of this work, we've also run some automated checks against our code base using the vale tool, with minimal changes.

New and Improved

  • Contour's fix for 421 redirects and SNI now handles misdirected requests case insensitively (#2764)
  • There have a been a few improvements to Contour's shutdown behavior: @laurovenancio has fixed some bugs with the contour shutdown command for managing Envoy's shutdown process (#2817 and #2820), and there was a fix to ensure that Ctrl-C will actually shut down Contour when running locally (#2797).
  • @ffahri added some helpers for retrieving the version of Kubernetes objects, and fixed an erroneous log (#2808).
  • @tsaarni added upstream certificate validation for HTTP/2 (#2832).
  • Contour now parses its YAML configuration strictly. Thanks @tthebst for PR #2765.
  • Some great docs fixes from @derkoe (#2790), @rajat404 (#2804), and @tong101 (#2839).
  • @aberasarte had a design proposal for CORS accepted (#1012), after a long and detailed discussion. We're all looking forward to seeing this design implemented.

Thanks to all of our external contributors, this is the most ever in one release! 🥇 🎉

Upgrading

Please consult the upgrade documentation.

Are you a Contour user? We would love to know!

If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.

Loading

Contour 1.7.0

03 Aug 19:16
@jpeach jpeach
v1.7.0
c57014c
Compare
Choose a tag to compare
Contour 1.7.0

We are delighted to present version 1.7.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.

Special thanks to Chad Moon (@moondev) who helped find and debug some issues with fallback certificate support.

New and improved

Upgraded to Envoy 1.15.0

This Contour release upgrades the default Envoy version from 1.14.3 to 1.15.0. All Contour users should upgrade to this release.

Configurable Timeouts

The Contour config file now has a timeouts block that allows various Envoy timeouts to be configured. In particular, the following timeouts are now configurable: request-timeout, connection-idle-timeout, stream-idle-timeout, max-connection-duration, and connection-shutdown-grace-period. See the documentation for more information.

Deprecation Notice: the request-timeout field in the config file is now deprecated and has been replaced by timeouts.request-timeout. The deprecated field will be removed in a future release. If you use this field, you should switch to using timeouts.request-timeout.

(Associated PRs #2726 #2675 #2632 #2661 #2670)

Thanks to @skriss for adding these configuration settings.

Add Conditions to HTTPProxy and TLSCertificateDelegation CRDs

HTTPProxy and TLSCertificateDelegation now each have a Status.Conditions field. These fields are currently left unpopulated. Over time, Contour will use these fields to report significantly more information about the current state of resources.

(Associated PR #2706)

Thanks to @youngnick for designing and implementing this feature.

Fallback Certificate Fixes

Two bugs (#2720, #2733) were found related to the fallback certificate feature which was introduced in v1.5.0. The Envoy secret for the certificate was not being configured, and the http.Router filter was not being configured on the HTTP connection manager. Both issues have been fixed in this release.

(Associated PRs #2723 #2734)

Thanks to @moondev for reporting these issues, and to @jpeach for turning around quick fixes!

TCP Keepalives on Listener Sockets

@erwbgy noticed that Contour was not configuring TCP keepalives for the Envoy listener sockets, and contributed a patch to add support for this in #2638. Thanks @erwbgy for the contribution!

Add Conditions to HTTPProxy RetryPolicy

@KevinSnyderCodes added two new fields to RetryPolicy, to better control when Envoy retries requests for a given route. The first, retryOn, allows the user to specify a subset of conditions under which requests should be retried. The second, retriableStatusCodes, enables only a specific set of HTTP response codes to be retried.

Thanks @KevinSnyderCodes for requesting, designing, and implementing this feature!

(Associated PR #2646)

Shutdown Manager Changes

The shutdown manager has been modified to use an Exec preStop hook to trigger the Envoy shutdown sequence.

Thanks @stevesloka for implementing this change.

(Associated PR #2751)

Upgrading

Please consult the upgrade documentation.

Are you a Contour user? We would love to know!

If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.

Loading

Contour 1.6.1

03 Jul 05:38
@jpeach jpeach
v1.6.1
b6629b0
Compare
Choose a tag to compare
Contour 1.6.1

We are delighted to present version 1.6.1 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.

New and improved

Upgraded to Envoy 1.14.3

This Contour release upgrades the default Envoy version from 1.14.2 to 1.14.3. All Contour users should upgrade to this release, which addresses the following security issues:

  • CVE-2020-8663 Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
  • CVE-2020-12603 Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
  • CVE-2020-12604 Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.
  • CVE-2020-12605 Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.

(Associated PRs: #2595)

Upgrading

Please consult the upgrade documentation.

Are you a Contour user? We would love to know!

If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread

Loading

Contour 1.6.0

26 Jun 04:06
@jpeach jpeach
v1.6.0
4a6c225
Compare
Choose a tag to compare
Contour 1.6.0

We are delighted to present version 1.6.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.

IngressRoute removal

IngressRoute has been deprecated for some time and is, as of Contour 1.6, removed.

IngressRoute objects are no longer watched by Contour, and the IngressRoute and contour.heptio.com TLSDelegation CRD are no longer installed by our example YAMLs. IngressRoute resources should be converted to HTTPProxy ones before upgrading to Contour 1.6. The IngressRoute and TLSDelegationCRDs should be removed from your clusters.

Please see ir2proxy for your IngressRoute to HTTPProxy conversion needs.

Vale IngressRoute!

New and improved

Controlling served HTTP versions

Contour now has the ability to choose the versions of HTTP that Envoy will respond to.
This has been implemented as a workaround for a browser-specific problem about 421 result codes and blank requests (#2619).

In short, Safari can misroute certain connection-coalesced connections when they are being served from a wildcard certificate with the SNI routing changes introduced under #1493.

Thanks to @primeroz for helping to dig on this one.

Fix ordering problems with HTTPProxy status updates

We moved all status updates to HTTPProxy to the new pattern introduced in Contour 1.5 for address updates, this fixes #2522, #2580, and #2522.

Thanks to @primeroz for logging #2580, and for the help with confirming the fix.

Bootstrap checks for empty TLS files

@shyaamsn noticed that the TLS files used for Envoy bootstrapping could sometimes be empty when using cert-manager to create them. (#2602)
They then contributed a fix in #2607.

Thanks @shyaamsn!

Fix Envoy service status watching

PR #2583 introduced a regression that broke watching the Envoy service for status address updating. Fixed by #2605.

Upgrading

Please consult the upgrade documentation.

Are you a Contour user? We would love to know!

If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread

Loading

Contour 1.5.1

18 Jun 07:11
@jpeach jpeach
v1.5.1
9ecdd1d
Compare
Choose a tag to compare
Contour 1.5.1

We are delighted to present version 1.5.1 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.

Special thanks to Tim Bart (@pims), who was the release manager for this release.

New and improved

Upgraded to Envoy 1.14.2

This Contour release upgrades the default Envoy version from 1.14.1 to 1.14.2. All Contour users should upgrade to this release, which addresses CVE-2020-11080.

(Associated PRs: #2579)

Upgrading

Please consult the upgrade documentation.

Are you a Contour user? We would love to know!

If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread

Loading

Contour 1.5.0

29 May 02:22
@jpeach jpeach
v1.5.0
eb5275a
Compare
Choose a tag to compare
Contour 1.5.0

We are delighted to present version 1.5.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.

New and improved

TLS Fallback Certificate Support

The Contour HTTPProxy API now includes better support for TLS clients that don't support SNI by allowing cluster operators to specify a fallback certificate that terminates TLS sessions where no SNI server name is provided. This feature is opt-in since it is incompatible with TLS client certificate validation and allows SNI name bypass, which may be undesirable in some deployments. Access to the fallback certificate is managed with the usual Contour TLS certificate delegation mechanism.

(Associated PRs: #2528, #2477, #2504, #2477. #2535, #2543)

Thanks @stevesloka for designing and implementing this feature.

gRPC Certificate Rotation

The TLS keys and certificates that secure the gRPC session between Envoy and Contour can now be rotated without needing to restart any Pods.

(Associated PRs: #2333, #2555)

Thanks @tsaarni for driving this feature over the last couple of releases, both in the Contour and Envoy projects.

The example Contour deployment now uses certificates that include the CA certificate bundle. This change makes the example deployment compatible with certificates generated by cert-manager.

(Associated PRs: #2547)

HTTPProxy Load Balancer Address Support

Contour now updates the status of HTTPProxy documents with the status.loadBalancer.addresses field. This brings HTTPProxy to parity with Ingress, and makes it easier to program automatic DNS record creating for HTTPProxy objects.

(Associated PRs: #2551)

Thanks @youngnick.

TLS Request Misdirection

Contour now programs Envoy to serve a 421 response when HTTP/2 clients use aggressive wildcard certificate matching to re-use the wrong TLS session. This resolves errors where client requests to multiple HTTPProxy objects that are all served with a wildcard TLS certificate can respond with a 404 error when the Host header in the HTTP request doesn't match the SNI server name that was used to establish the TLS session.

(Associated PRs: #2483)

Multiple Load Balancer Address Support

Contour now supports multiple addresses in the --ingress-status-address flag of the contour serve subcommand. This allows sites that deploy Envoy without an external load balancer to more easily publish all the addresses of the Envoy proxies into DNS.

(Associated PRs: #2542)

Thanks @al45tair for this improvement.

Versioned Deployment YAML

The Contour project now publishes the example deployment YAML for each release version. https://projectcontour.io/quickstart/contour.yaml still serves the YAML for the latest release, but you can pin to a specific version with a URL like https://projectcontour.io/quickstart/v1.5.0/contour.yaml.

(Associated PRs: #2552)

Documentation Improvements

  • Improved HTTPProxy API documentation (#2467, #2460)
  • Improved TimeoutPolicy API documentation (#2460)
  • Improved documentation for proxy protocol support on AWS ELBs (#2480) (thanks @savithruml)
  • Miscellaneous documentation improvements (#2500, #2508)

Upgrading

Please consult the upgrade documentation.

Are you a Contour user? We would love to know!

If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread

Loading

Contour 1.4.0

24 Apr 02:28
@jpeach jpeach
v1.4.0
0ef045b
Compare
Choose a tag to compare
Contour 1.4.0

We are delighted to present version 1.4.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.

New and improved

TLS Client authentication

This release adds support for configuring HTTPProxy objects to request validation of client certificates, allowing the use of client certificates for client authentication. This closes #1090.

See the documentation for how to use the feature.

(Associated PRs: #2250, #2390, #2410)

Thanks @tsaarni for getting this implemented.

Ingress changes

Ingress class

As described in #2199, previously, when configured to accept a certain ingress.class annotation, Contour would watch objects with that annotation, and also with no annotation. This caused problems in clusters with more than one ingress controller.

As of #2394, having an ingress.class annotation configured now means that only objects that have that have a matching annotation will cause changes in Contour.

Note that this logic change applies to both Ingress and HTTPProxy documents.

#2340 also updated the annotations documentation to make the various behaviour options more clear.

Ingress Status

Contour now has the ability to write a status.loadBalancer.addresses block to Ingress objects. This block is used by services which need to know how to reach an Ingress' backing service from outside the cluster, like external-dns.

There are two ways for Contour to find this information:

  • by watching a Service object for the Envoy service, and putting the associated status.loadBalancer block from that Service into all associated Ingress objects. This is what is used in the example deployment.
  • Operators can also specify an address on Contour's command line, using the --ingress-status-address flag.

This closes #403, another old outstanding request.

(Associated PRs: #2373, #2386, #2416, #2420)

Separate Health and Metrics listeners

The Contour health and metrics services can now be configured to listen on separate addresses or ports using the new --health-address and --health-port flags. This gives operators the ability to restrict access to Contour's Prometheus metrics.

(Associated PRs: #2407)

Thanks @pickledrick for completing this change.

SNI Improvements

Virtual hosts that are exposed over TLS are now strongly bound to their TLS server name. This is a security improvement that means that clients cannot connect to hostname "A" at the TLS layer and them make HTTP requests for hostname "B".

(Associated PRs: #2381)

When Contour configures an ExternalName service, it now automatically sets the SNI server name used for the proxies HTTP request to match the request's Host header. This improves the compatibility of ExternalName services that proxy to HTTPS resources..

(Associated PRs: #2442)

Configuration documentation

The Contour configuration file is now documented.

Contour Namespace environment variable

In this release, Contour now inspects the CONTOUR_NAMESPACE environment variable. If CONTOUR_NAMESPACE is set, Contour will use this value as the namespace for performing leader election and the namespace for inspecting the Envoy service for load balancer addresses. In either case, explicit configuration values in the configuration file and command-line flags override the environment variable.

Other Improvements

  • Contour now has a metric which indicates the currently running version. (#2383) Thanks @pickledrick.
  • Contour now also has a command line flag to print the current version (#2399) Thanks @pickledrick
  • Add ServiceAccount for Envoy (#2449)
  • Add docs search to the site (#2458)
  • Add explanation of certgen Job image tag usage (#2424)
  • Add github label automation. (#2436)
  • Add ingress class filtering to ingress status updating (#2416)
  • Add redirect for /docs to latest version (#2419)
  • Add the demos and deep dives YouTube link to resources (#2375)
  • Changed targetPort for httpbin pods (#2384)
  • Fix the PR template with new links and frontmatter (#2382)
  • Migrate Service and Ingress to client-go dynamic client (#2373)
  • Move CRD informer list generation to k8s (#2352)
  • Update hostNetworking docs in site deploy-options (#2405)
  • Upgrade Envoy go-control-plane and fix related changes to the spec (#2432)
  • Use the downward api to give the default namespace for configuration variables (#2389)
  • build: apply standard Docker image labels (#2400)
  • build: omit the DWARF symbol table (#2398)
  • build: run misspell across the whole repository (#2439)
  • build: support older git versions to detect current branch (#2415)
  • cmd/contour: remove hard-coded default log fields (#2446)
  • doc: document the Contour configuration file (#2445)
  • docs: update DCO guidelines in CONTRIBUTING (#2425)
  • enable merge_slashes on the httpconnection manager for all listeners so that requests with multiple slashes are merged and processed properly (#2406)
  • hack: improve git tag pushing (#2393)
  • internal/annotation: Refactor annotations code from internal/dag (#2412)
  • internal/assert: Add docs to assert.Equal (#2417)
  • internal/contour: add contour version to metrics (#2383)
  • internal/contour: inprove routeVisitor readability (#2370)
  • internal/dag: improve diagnostics for Secrets errors (#2422)
  • internal/health: separate health and metrics services (#2407)
  • internal: extract Envoy sort polices (#2379)
  • site: add code highlighting (#2440)
  • site: remove misleading comment in example deployment (#2377)
  • site: update contributing guidelines (#2408)
  • site: update slack links (#2444)
  • updating the website with Contour maintainers (#2404)
  • upgrade Envoy version to v1.14.1 (#2434)
  • use sni for clusters when requestHeaderPolicy is set (#2442)

Upgrading

Please consult the upgrade documentation.

Are you a Contour user? We would love to know!

If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread

Loading

Contour 1.3.0

20 Mar 05:14
@jpeach jpeach
v1.3.0
02c862e
Compare
Choose a tag to compare
Contour 1.3.0

We are delighted to present version 1.3.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.

All Contour users should upgrade to Contour 1.3.0 and Envoy 1.13.1.

New and improved

Contour 1.3.0 includes several new features as well as the usual smattering of fixes and minor improvements.

Removed the --use-extensions-v1beta1-ingress flag

The --use-extensions-v1beta1-ingress flag was removed from the contour serve command. If you have a previous deployment that specifies this command, you must remove it or Contour will fail to start.

PR: #2303
Thanks @davechaney

Renamed the tcpproxy.include field to be singular

The TCPProxy field has only ever supported including a single child document. In order to make this clearer, the includes field is now named include. The includes field is deprecated.

PR: #2201
Thanks @stevesloka

Reject HTTPProxies that lack at least one Service per route

The rule that Route field must reference at least one Service is now enforced.

PR: #2332
Thanks @davecheney

Improved graceful shutdown

Contour now does a better job of gracefully shutting down when it receives SIGINT or SIGTERM.

PR: #2350
Thanks @davecheney

Minor Improvements

  • Add "mitre" to the skip list for lint-misspell #2356
  • Add Contour Philosophy document #2335
  • Add release tooling scripts. #2353
  • Add simple debug logging flag #2286
  • Fix community meeting times #2343
  • Fix the build for units tests. #2361
  • Fixes Contour architecture overview docs #2307
  • Prepare documentation site for v1.3.0 release. #2362
  • Update Envoy dashboard with extra metrics #2324
  • api: enforce at least one service entry per route & tcpproxy #2274
  • build(deps): bump nokogiri from 1.10.5 to 1.10.8 in /site dependencies #2293
  • cmd/contour: change registerEventHandler to new InformerSyncList type #2276
  • cmd/contour: connect all informers to the dynamicHandler #2346
  • cmd/contour: simplify leadership election setup #2348
  • cmd/contour: unify client creation #2339
  • cmd/contour: update leadership election logger context #2305
  • design: add draft for ingress status loadbalancer support stale #2121
  • doc: improve HeaderCondition API documentation #2334
  • docs: document the allowed LoadBalancer strategies #2336
  • examples/contour: update to Envoy 1.13.1 #2314
  • golangci.yml: remove exclude for deleted path #2277
  • hack: pin golangci-lint version to v1.23.8 #2341
  • internal/contour: further clean up holdoff timer logic #2289
  • internal/contour: remove holdoffmaxdelay forced update #2285
  • internal/dag,envoy: use constant for ca.crt #2327
  • internal/dag: clean up TLS validation errors #2300
  • internal/dag: move extension ingress translation to a helper #2301
  • internal/k8s: simplify DynamicConverter #2342
  • makefile: Add a 'make checkall' target #2292
  • site/resources/envoy: add Contour 1.2.1 and Envoy 1.13.1 #2317
  • site: Add docs on how to rotate gRPC certs #2282
  • site: Remove heptio annotations from documentation #2308
  • site: Update the kubernetes tested version to match the kubernetes matrix #2318
  • site: correct Tero's GitHub profile link #2322
  • site: fix API docs rendering #2329
  • site: s/Recommended/Required Envoy #2321
  • site: update architecture overview to include a diagram #2328

Upgrading

Please consult the upgrade documentation.

Are you a Contour user? We would love to know!

If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread

Loading

Contour 1.2.1

03 Mar 19:27
@davecheney davecheney
v1.2.1
aaef3a1
Compare
Choose a tag to compare
Contour 1.2.1

Contour 1.2.1 is patch release for the Contour 1.2 series to address several high severity security issues in Envoy.

Contour 1.2.1 contains no code changes from 1.2.0. This release only tags newer versions of our example and quickstart manifests to reflect the change in Envoy version.

All Contour users should upgrade to Contour 1.2.1 and Envoy 1.13.1.

Envoy 1.13.1

See the Envoy 1.13.1 announcement for details on the vulnerabilities

Upgrading

Please consult the upgrade documentation.

Are you a Contour user? We would love to know!

If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread

Loading