Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make Listener MaxConcurrentStreams for HTTP/2 configurable #5846

Closed
sunjayBhatia opened this issue Oct 12, 2023 · 0 comments · Fixed by #5850
Closed

Make Listener MaxConcurrentStreams for HTTP/2 configurable #5846

sunjayBhatia opened this issue Oct 12, 2023 · 0 comments · Fixed by #5850
Assignees
@sunjayBhatia
Labels
area/operational Issues or PRs about making Contour easier to operate as a production service. kind/feature Categorizes issue or PR as related to a new feature.

Comments

@sunjayBhatia
Copy link
Member

We should make the max concurrent streams the Envoy Listeners expose for HTTP/2 configurable so that users can tune this value. This can help with performance, memory usage, etc.

We shouldn't change the default from what is there (the Envoy basically unlimited default) so we do not impact existing deployments/traffic.

          we may want to make this configurable on the Listener since the limit we have now is the Envoy one, which is the max allowed, users may be relying on this and we don't want to disturb working/valid traffic in an upgrade

Originally posted by @sunjayBhatia in #5826 (comment)
@sunjayBhatia sunjayBhatia added help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. area/operational Issues or PRs about making Contour easier to operate as a production service. kind/feature Categorizes issue or PR as related to a new feature. labels Oct 12, 2023
@sunjayBhatia sunjayBhatia mentioned this issue Oct 12, 2023
Closed
sunjayBhatia added a commit to sunjayBhatia/contour that referenced this issue Oct 13, 2023
@sunjayBhatia
HTTP/2 max concurrent streams can be configured
07d7092 
Adds a global Listener configuration field for admins to be able to
protect their installations of Contour/Envoy with a limit. Default is no
limit to ensure existing behavior is not impacted for valid traffic.
This field can be used for tuning resource usage or mitigated DOS
attacks like in CVE-2023-44487.

Fixes: projectcontour#5846

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
sunjayBhatia added a commit to sunjayBhatia/contour that referenced this issue Oct 13, 2023
@sunjayBhatia
HTTP/2 max concurrent streams can be configured
1d4433b 
Adds a global Listener configuration field for admins to be able to
protect their installations of Contour/Envoy with a limit. Default is no
limit to ensure existing behavior is not impacted for valid traffic.
This field can be used for tuning resource usage or mitigated DOS
attacks like in CVE-2023-44487.

Also fixes omitempty tags on MaxRequestsPerIOCycle field.

Fixes: projectcontour#5846

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
@sunjayBhatia sunjayBhatia mentioned this issue Oct 13, 2023
Merged
@sunjayBhatia sunjayBhatia self-assigned this Oct 13, 2023
@sunjayBhatia sunjayBhatia removed help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. labels Oct 13, 2023
sunjayBhatia added a commit that referenced this issue Oct 13, 2023
@sunjayBhatia
HTTP/2 max concurrent streams can be configured (#5850)
62db87e 
Adds a global Listener configuration field for admins to be able to
protect their installations of Contour/Envoy with a limit. Default is no
limit to ensure existing behavior is not impacted for valid traffic.
This field can be used for tuning resource usage or mitigated DOS
attacks like in CVE-2023-44487.

Also fixes omitempty tags on MaxRequestsPerIOCycle field.

Fixes: #5846

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
sunjayBhatia added a commit to sunjayBhatia/contour that referenced this issue Oct 13, 2023
@sunjayBhatia
HTTP/2 max concurrent streams can be configured (projectcontour#5850)
c78c69b 
Adds a global Listener configuration field for admins to be able to
protect their installations of Contour/Envoy with a limit. Default is no
limit to ensure existing behavior is not impacted for valid traffic.
This field can be used for tuning resource usage or mitigated DOS
attacks like in CVE-2023-44487.

Also fixes omitempty tags on MaxRequestsPerIOCycle field.

Fixes: projectcontour#5846

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
sunjayBhatia added a commit to sunjayBhatia/contour that referenced this issue Oct 13, 2023
@sunjayBhatia
HTTP/2 max concurrent streams can be configured (projectcontour#5850)
847694d 
Adds a global Listener configuration field for admins to be able to
protect their installations of Contour/Envoy with a limit. Default is no
limit to ensure existing behavior is not impacted for valid traffic.
This field can be used for tuning resource usage or mitigated DOS
attacks like in CVE-2023-44487.

Also fixes omitempty tags on MaxRequestsPerIOCycle field.

Fixes: projectcontour#5846

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
sunjayBhatia added a commit to sunjayBhatia/contour that referenced this issue Oct 13, 2023
@sunjayBhatia
HTTP/2 max concurrent streams can be configured (projectcontour#5850)
304d5be 
Adds a global Listener configuration field for admins to be able to
protect their installations of Contour/Envoy with a limit. Default is no
limit to ensure existing behavior is not impacted for valid traffic.
This field can be used for tuning resource usage or mitigated DOS
attacks like in CVE-2023-44487.

Also fixes omitempty tags on MaxRequestsPerIOCycle field.

Fixes: projectcontour#5846

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
yangyy93 added a commit to projectsesame/contour that referenced this issue Oct 19, 2023
@yangyy93 @dependabot
@skriss @shadialtarsha @davinci26 @clayton-gonsalves @izturn @sunjayBhatia @therealak12
Sesame main rebase (#4)
e8f6228 
* provisioner: add field overloadMaxHeapSize for envoy (projectcontour#5699)

* add field overloadMaxHeapSize

Signed-off-by: yy <yang.yang@daocloud.io>

* add changelog

Signed-off-by: yy <yang.yang@daocloud.io>

* update changelog and configuration.md

Signed-off-by: yangyang <yang.yang@daocloud.io>

---------

Signed-off-by: yy <yang.yang@daocloud.io>
Signed-off-by: yangyang <yang.yang@daocloud.io>

* build(deps): bump sigs.k8s.io/gateway-api from 0.8.0 to 0.8.1 (projectcontour#5757)

* build(deps): bump sigs.k8s.io/gateway-api from 0.8.0 to 0.8.1

Bumps [sigs.k8s.io/gateway-api](https://github.com/kubernetes-sigs/gateway-api) from 0.8.0 to 0.8.1.
- [Release notes](https://github.com/kubernetes-sigs/gateway-api/releases)
- [Changelog](https://github.com/kubernetes-sigs/gateway-api/blob/main/CHANGELOG.md)
- [Commits](kubernetes-sigs/gateway-api@v0.8.0...v0.8.1)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/gateway-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* make generate

Signed-off-by: Steve Kriss <krisss@vmware.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Steve Kriss <krisss@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Steve Kriss <krisss@vmware.com>

* build(deps): bump github.com/onsi/ginkgo/v2 from 2.12.0 to 2.12.1 (projectcontour#5781)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.12.0 to 2.12.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.12.0...v2.12.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/grpc from 1.58.1 to 1.58.2 (projectcontour#5780)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.1 to 1.58.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.58.1...v1.58.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/vektra/mockery/v2 from 2.33.2 to 2.34.0 (projectcontour#5779)

Bumps [github.com/vektra/mockery/v2](https://github.com/vektra/mockery) from 2.33.2 to 2.34.0.
- [Release notes](https://github.com/vektra/mockery/releases)
- [Changelog](https://github.com/vektra/mockery/blob/master/docs/changelog.md)
- [Commits](vektra/mockery@v2.33.2...v2.34.0)

---
updated-dependencies:
- dependency-name: github.com/vektra/mockery/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Setting `disabled = true` on a route should disable the virtual host global rate limit policy (projectcontour#5657)

Support disabling global rate limiting on individual
routes by setting disabled=true.

Fixes projectcontour#5685.

Signed-off-by: shadi-altarsha <shadi.altarsha@reddit.com>

* update Go to 1.21.1 (projectcontour#5783)


Signed-off-by: Steve Kriss <krisss@vmware.com>

* Fixup: Sort path matches based on length rather than lexi (projectcontour#5752)

Since Envoy is greedy matching path routes, order is important. Contour
decides to sort the routes in a way that is not really intuitive and can
lead to suprises.

In particular even tho the comment in the code state that routes are
ordered based on legnth the reality is that they are sorted based on string
comparison. This PR fixes this.

* I think the current behaviour doesnt make much sense and it is a bit brittle.
* Updating the behaviour has significant update risk since there might be folks
that rely on this routing behaviour without really knowing it.
* Should we even merge this PR? I am of two minds and I would like some input:

1. Option (1): Merge it as and make a clear changelog/announcement about the fix
2. Option (2): Create a config flag with a feature-flag e.g. `route_sorting_strategy` and switch the implementation
to not do sorting when the flag is present. That way it allows folks to opt-out from the sorting as they need to.

Longest path based matching kinda makes sense to me now that I know about it, but it is rough edge than needs users to
be familiar with contour and it is harder to socialize in larger teams.

Signed-off-by: Sotiris Nanopoulos <sotiris.nanopoulos@reddit.com>

* build(deps): bump github.com/onsi/gomega from 1.27.10 to 1.28.0 (projectcontour#5792)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.10 to 1.28.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.27.10...v1.28.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/cert-manager/cert-manager (projectcontour#5791)

Bumps [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) from 1.13.0 to 1.13.1.
- [Release notes](https://github.com/cert-manager/cert-manager/releases)
- [Commits](cert-manager/cert-manager@v1.13.0...v1.13.1)

---
updated-dependencies:
- dependency-name: github.com/cert-manager/cert-manager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/vektra/mockery/v2 from 2.34.0 to 2.34.2 (projectcontour#5793)

Bumps [github.com/vektra/mockery/v2](https://github.com/vektra/mockery) from 2.34.0 to 2.34.2.
- [Release notes](https://github.com/vektra/mockery/releases)
- [Changelog](https://github.com/vektra/mockery/blob/master/docs/changelog.md)
- [Commits](vektra/mockery@v2.34.0...v2.34.2)

---
updated-dependencies:
- dependency-name: github.com/vektra/mockery/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/prometheus/client_golang (projectcontour#5790)

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.16.0...v1.17.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* HTTPProxy: allow dynamic Host header rewrite (projectcontour#5678)

Allows the Host header to be rewritten to the value
of another header while forwarding the request to
the upstream. This is possible at the route level only.

Fixes projectcontour#5673.

Signed-off-by: Clayton Gonsalves <clayton.gonsalves@reddit.com>

* fix spelling errors (projectcontour#5798)

Signed-off-by: Steve Kriss <krisss@vmware.com>

* hack: bump codespell version to match GH action (projectcontour#5799)

Signed-off-by: Steve Kriss <krisss@vmware.com>

* gateway provisioner: add flags to enable running provisioner out of cluster (projectcontour#5686)

Adds --incluster and --kubeconfig flags to
the gateway provisioner to enable running
outside of the cluster.

Signed-off-by: gang.liu <gang.liu@daocloud.io>

* site: Bump Hugo to 0.119.0 (projectcontour#5795)

- Also implement more consistent toml file indenting for readability
- Asset optimization is deprecated by netlify, see: https://answers.netlify.com/t/please-read-deprecation-of-post-processing-asset-optimization/96657

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

* internal/dag: default Listener ResolvedRefs to true (projectcontour#5804)

Sets Gateway Listeners' ResolvedRefs condition
to true by default, to pass updated conformance.

Closes projectcontour#5648.

Signed-off-by: Steve Kriss <krisss@vmware.com>

* build(deps): bump golang.org/x/oauth2 from 0.12.0 to 0.13.0 (projectcontour#5810)

Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.12.0 to 0.13.0.
- [Commits](golang/oauth2@v0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/vektra/mockery/v2 from 2.34.2 to 2.35.2 (projectcontour#5809)

Bumps [github.com/vektra/mockery/v2](https://github.com/vektra/mockery) from 2.34.2 to 2.35.2.
- [Release notes](https://github.com/vektra/mockery/releases)
- [Changelog](https://github.com/vektra/mockery/blob/master/docs/changelog.md)
- [Commits](vektra/mockery@v2.34.2...v2.35.2)

---
updated-dependencies:
- dependency-name: github.com/vektra/mockery/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/prometheus/client_model (projectcontour#5811)

Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.4.1-0.20230718164431-9a2bf3000d16 to 0.5.0.
- [Release notes](https://github.com/prometheus/client_model/releases)
- [Commits](https://github.com/prometheus/client_model/commits/v0.5.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_model
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* switch to github.com/distribution/parse (projectcontour#5818)

Signed-off-by: Steve Kriss <krisss@vmware.com>

* deps: Bump logrusr to v4.0.0 (projectcontour#5806)

Fixes data races found in projectcontour#5805

Also remove testing around V().Info()

logrusr has changed behavior since v3.0.0, it now tries to mimic logrus
log levels with the V() level, see:
bombsimon/logrusr@9f3fd50

In practice client-go checks if a certain verbosity level is enabled and
initializes a different logger based on that and then uses Info(f) logs,
rather than the V().Info() construction.

This commit removes the testing of log lines written with V() guarding
them and rather just tests the expected verbosity is enabled or not.

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

* wait for cache sync and DAG build before starting xDS server (projectcontour#5672)

Prevents starting the XDS server and building the DAG until the cache is synced with the initial list of k8s objects and these events are processed by the event handler

Signed-off-by: Ahmad Karimi <ak12hastam@gmail.com>

* internal/xdscache: Generate uuid for snapshot version (projectcontour#5819)

Snapshotter had a data race reading/writing the snapshot version between
threads. This version is not in practice used for the contour xDS server
DiscoveryResponse versions but is in the go-control-plane version.

Fixes: projectcontour#5482

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

* Bump Envoy to 1.27.1 (projectcontour#5821)

See release notes:
https://www.envoyproxy.io/docs/envoy/v1.27.1/version_history/v1.27/v1.27.1

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

* build(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 (projectcontour#5829)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0.
- [Commits](golang/net@v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 (projectcontour#5833)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.2 to 1.58.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.58.2...v1.58.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/onsi/ginkgo/v2 from 2.12.1 to 2.13.0 (projectcontour#5831)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.12.1 to 2.13.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.12.1...v2.13.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/vektra/mockery/v2 from 2.35.2 to 2.35.4 (projectcontour#5834)

Bumps [github.com/vektra/mockery/v2](https://github.com/vektra/mockery) from 2.35.2 to 2.35.4.
- [Release notes](https://github.com/vektra/mockery/releases)
- [Changelog](https://github.com/vektra/mockery/blob/master/docs/changelog.md)
- [Commits](vektra/mockery@v2.35.2...v2.35.4)

---
updated-dependencies:
- dependency-name: github.com/vektra/mockery/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (projectcontour#5832)

Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.9 to 0.6.0.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](google/go-cmp@v0.5.9...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump go to 1.21.3 (projectcontour#5841)


Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

* Add configurability for HTTP requests per IO cycle (projectcontour#5827)

An additional mitigation to CVE-2023-44487 available in Envoy 1.27.1.
This change allows configuring the http.max_requests_per_io_cycle Envoy
runtime setting via Contour configuration to allow administrators of
Contour to prevent abusive connections from starving resources from
others. The default is left as the existing behavior, that is no limit,
so as not to impact existing valid traffic.

See the Envoy release notes for more information:
https://www.envoyproxy.io/docs/envoy/v1.27.1/version_history/v1.27/v1.27.1

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

* provisioner: fix envoy-max-heapsize not set (projectcontour#5814)

* fix envoy-max-heapsize not set

Signed-off-by: yangyang <yang.yang@daocloud.io>

* add ut

Signed-off-by: yangyang <yang.yang@daocloud.io>

* update ut

Signed-off-by: yangyang <yang.yang@daocloud.io>

---------

Signed-off-by: yangyang <yang.yang@daocloud.io>

* HTTP/2 max concurrent streams can be configured (projectcontour#5850)

Adds a global Listener configuration field for admins to be able to
protect their installations of Contour/Envoy with a limit. Default is no
limit to ensure existing behavior is not impacted for valid traffic.
This field can be used for tuning resource usage or mitigated DOS
attacks like in CVE-2023-44487.

Also fixes omitempty tags on MaxRequestsPerIOCycle field.

Fixes: projectcontour#5846

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

* Bump Envoy to v1.27.2 (projectcontour#5863)

See release notes:
https://www.envoyproxy.io/docs/envoy/v1.27.2/version_history/v1.27/v1.27.2

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

* site: 1.26.1, 1.25.3, 1.24.6 patch releases (projectcontour#5859)


Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

* test/e2e: Add race detection in e2e tests (projectcontour#5805)

Compile contour binary with -race flag and look for "DATA RACE" in
stderr. Fails test if found.

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

* golangci-lint: Fix revive rules (projectcontour#5857)

When we enabled the use-any rule we disabled all the default rules that
are run by revive (see: https://revive.run/docs#golangci-lint)

This change grabs all the default rules from
https://github.com/mgechev/revive/blob/master/defaults.toml and adds the
use-any rule

Also fixes outstanding lint issues

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

* crd/ContourDeployment: Add field 'podLabels' for contour (#2)

* add pod labels field to contourDeployment

---------

Signed-off-by: yy <yang.yang@daocloud.io>
Signed-off-by: yangyang <yang.yang@daocloud.io>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Steve Kriss <krisss@vmware.com>
Signed-off-by: shadi-altarsha <shadi.altarsha@reddit.com>
Signed-off-by: Sotiris Nanopoulos <sotiris.nanopoulos@reddit.com>
Signed-off-by: Clayton Gonsalves <clayton.gonsalves@reddit.com>
Signed-off-by: gang.liu <gang.liu@daocloud.io>
Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
Signed-off-by: Ahmad Karimi <ak12hastam@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Steve Kriss <krisss@vmware.com>
Co-authored-by: Shadi Altarsha <61504589+shadialtarsha@users.noreply.github.com>
Co-authored-by: Sotiris Nanopoulos <sotiris.nanopoulos@reddit.com>
Co-authored-by: Clayton Gonsalves <101868649+clayton-gonsalves@users.noreply.github.com>
Co-authored-by: izturn <44051386+izturn@users.noreply.github.com>
Co-authored-by: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com>
Co-authored-by: Ahmad Karimi <39967326+therealak12@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sunjayBhatia sunjayBhatia

Labels
area/operational Issues or PRs about making Contour easier to operate as a production service. kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

HTTP/2 max concurrent streams can be configured sunjayBhatia/contour
1 participant
@sunjayBhatia