Skip to content
This repository has been archived by the owner on Jun 29, 2022. It is now read-only.

Commit

Permalink
contour: Update to v1.5.0
Browse files Browse the repository at this point in the history 
- Release Notes:
https://github.com/projectcontour/contour/releases/tag/v1.5.0

- Upgrade envoy to v1.14.1.
Release: https://github.com/envoyproxy/envoy/releases/tag/v1.14.1

- Move the ServiceAccount `envoy` from `03-envoy.yaml` (which was
Lokomotive only addition) to `00-common.yaml` as per upstream.

- `automountServiceAccountToken: false` in envoy was removed by
upstream, keeping it in Lokomotive and marking it as a
**Lokomotive specific change**.

Signed-off-by: Suraj Deshmukh <suraj@kinvolk.io>
  • Loading branch information
@surajssd
surajssd committed Jun 1, 2020
1 parent 3581410 commit 8b38fa8
Show file tree
Hide file tree
Showing 12 changed files with 847 additions and 260 deletions.
4 changes: 2 additions & 2 deletions assets/components/contour/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@ type: application

# This is the chart version. This version number is incremented each time changes are made
# to the chart and its templates, including the app version.
version: 0.1.0
version: 0.2.0

# This is the version number of the upstream Contour
# https://github.com/projectcontour/contour/releases
appVersion: v1.3.0
appVersion: v1.5.0

description: Contour is a Kubernetes ingress controller using Lyft's Envoy proxy.
home: https://projectcontour.io/
Expand Down
123 changes: 102 additions & 21 deletions assets/components/contour/crds/01-crds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.4
controller-gen.kubebuilder.io/version: v0.2.9
creationTimestamp: null
name: ingressroutes.contour.heptio.com
spec:
Expand Down Expand Up @@ -334,6 +334,29 @@ spec:
type: string
description:
type: string
loadBalancer:
description: LoadBalancer contains the current status of the load balancer.
properties:
ingress:
description: Ingress is a list containing ingress points for the
load-balancer. Traffic intended for the service should be sent
to these ingress points.
items:
description: 'LoadBalancerIngress represents the status of a load-balancer
ingress point: traffic intended for the service should be sent
to an ingress point.'
properties:
hostname:
description: Hostname is set for load-balancer ingress points
that are DNS based (typically AWS load-balancers)
type: string
ip:
description: IP is set for load-balancer ingress points that
are IP based (typically GCE or OpenStack load-balancers)
type: string
type: object
type: array
type: object
type: object
required:
- metadata
Expand All @@ -355,7 +378,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.4
controller-gen.kubebuilder.io/version: v0.2.9
creationTimestamp: null
name: tlscertificatedelegations.contour.heptio.com
spec:
Expand Down Expand Up @@ -431,7 +454,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.4
controller-gen.kubebuilder.io/version: v0.2.9
creationTimestamp: null
name: httpproxies.projectcontour.io
spec:
Expand Down Expand Up @@ -462,7 +485,8 @@ spec:
- proxies
singular: httpproxy
scope: Namespaced
subresources: {}
subresources:
status: {}
validation:
openAPIV3Schema:
description: HTTPProxy is an Ingress CRD specification
Expand Down Expand Up @@ -690,13 +714,15 @@ spec:
properties:
remove:
description: Remove specifies a list of HTTP header names
to remove
to remove.
items:
type: string
type: array
set:
description: Set specifies a list of HTTP header values that
will be set in the HTTP header
will be set in the HTTP header. If the header does not exist
it will be added, otherwise it will be overwritten with
the new value.
items:
description: HeaderValue represents a header name/value
pair
Expand All @@ -721,13 +747,15 @@ spec:
properties:
remove:
description: Remove specifies a list of HTTP header names
to remove
to remove.
items:
type: string
type: array
set:
description: Set specifies a list of HTTP header values that
will be set in the HTTP header
will be set in the HTTP header. If the header does not exist
it will be added, otherwise it will be overwritten with
the new value.
items:
description: HeaderValue represents a header name/value
pair
Expand Down Expand Up @@ -796,13 +824,15 @@ spec:
properties:
remove:
description: Remove specifies a list of HTTP header
names to remove
names to remove.
items:
type: string
type: array
set:
description: Set specifies a list of HTTP header values
that will be set in the HTTP header
that will be set in the HTTP header. If the header
does not exist it will be added, otherwise it will
be overwritten with the new value.
items:
description: HeaderValue represents a header name/value
pair
Expand All @@ -828,13 +858,15 @@ spec:
properties:
remove:
description: Remove specifies a list of HTTP header
names to remove
names to remove.
items:
type: string
type: array
set:
description: Set specifies a list of HTTP header values
that will be set in the HTTP header
that will be set in the HTTP header. If the header
does not exist it will be added, otherwise it will
be overwritten with the new value.
items:
description: HeaderValue represents a header name/value
pair
Expand Down Expand Up @@ -886,14 +918,14 @@ spec:
description: The timeout policy for this route.
properties:
idle:
description: Timeout after which if there are no active requests
description: Timeout after which, if there are no active requests
for this route, the connection between Envoy and the backend
will be closed. If not specified, there is no per-route
idle timeout.
or Envoy and the external client will be closed. If not
specified, there is no per-route idle timeout.
type: string
response:
description: Timeout for receiving a response from the server
after processing a request from client. If not supplied
after processing a request from client. If not supplied,
the timeout duration is undefined.
type: string
type: object
Expand Down Expand Up @@ -1002,13 +1034,15 @@ spec:
properties:
remove:
description: Remove specifies a list of HTTP header names
to remove
to remove.
items:
type: string
type: array
set:
description: Set specifies a list of HTTP header values
that will be set in the HTTP header
that will be set in the HTTP header. If the header does
not exist it will be added, otherwise it will be overwritten
with the new value.
items:
description: HeaderValue represents a header name/value
pair
Expand All @@ -1034,13 +1068,15 @@ spec:
properties:
remove:
description: Remove specifies a list of HTTP header names
to remove
to remove.
items:
type: string
type: array
set:
description: Set specifies a list of HTTP header values
that will be set in the HTTP header
that will be set in the HTTP header. If the header does
not exist it will be added, otherwise it will be overwritten
with the new value.
items:
description: HeaderValue represents a header name/value
pair
Expand Down Expand Up @@ -1105,6 +1141,28 @@ spec:
that will be matched on are described in fqdn, the tls.secretName
secret must contain a matching certificate
properties:
clientValidation:
description: "ClientValidation defines how to verify the client
certificate when an external client establishes a TLS connection
to Envoy. \n This setting: \n 1. Enables TLS client certificate
validation. 2. Requires clients to present a TLS certificate
(i.e. not optional validation). 3. Specifies how the client
certificate will be validated."
properties:
caSecret:
description: Name of a Kubernetes secret that contains a
CA certificate bundle. The client certificate must validate
against the certificates in the bundle.
minLength: 1
type: string
required:
- caSecret
type: object
enableFallbackCertificate:
description: EnableFallbackCertificate defines if the vhost
should allow a default certificate to be applied which handles
all requests which don't match the SNI defined in this vhost.
type: boolean
minimumProtocolVersion:
description: Minimum TLS version this vhost should negotiate
type: string
Expand All @@ -1128,6 +1186,29 @@ spec:
type: string
description:
type: string
loadBalancer:
description: LoadBalancer contains the current status of the load balancer.
properties:
ingress:
description: Ingress is a list containing ingress points for the
load-balancer. Traffic intended for the service should be sent
to these ingress points.
items:
description: 'LoadBalancerIngress represents the status of a load-balancer
ingress point: traffic intended for the service should be sent
to an ingress point.'
properties:
hostname:
description: Hostname is set for load-balancer ingress points
that are DNS based (typically AWS load-balancers)
type: string
ip:
description: IP is set for load-balancer ingress points that
are IP based (typically GCE or OpenStack load-balancers)
type: string
type: object
type: array
type: object
type: object
required:
- metadata
Expand All @@ -1149,7 +1230,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.4
controller-gen.kubebuilder.io/version: v0.2.9
creationTimestamp: null
name: tlscertificatedelegations.projectcontour.io
spec:
Expand Down
1 change: 0 additions & 1 deletion assets/components/contour/dashboards/apiserver.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@
"editable": true,
"gnetId": null,
"graphTooltip": 1,
"id": 5,
"iteration": 1582175835654,
"links": [],
"panels": [
Expand Down
Loading

0 comments on commit 8b38fa8

Please sign in to comment.