Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DO NOT MERGE: Contour v1.2 Release Notes #2266

Closed
wants to merge 1 commit into from
Closed

DO NOT MERGE: Contour v1.2 Release Notes #2266

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
112 changes: 112 additions & 0 deletions docs/releasev1_2.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
We are delighted to present version 1.2.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.

All Contour users should upgrade to Contour 1.2.0 and Envoy 1.13.0.

## New and improved

Contour 1.2.0 includes several new features as well as the usual smattering of fixes and minor improvements.

### Hot-Reload Certificates

Contour now has support for certificate rotation for XDS gRPC interface between Contour and Envoy.
It is achieved by lazily loading certificates and key every time new TLS connection is established by Envoy.

This change addresses only the certificate rotation in Contour (server) and similar support is needed for Envoy (client) to cover the whole use case.

PR: https://github.com/projectcontour/contour/pull/2198

Thanks @tsaarni

### Envoy Shutdown Manager

The Envoy process, the data path component of Contour, at times needs to be re-deployed.
This could be due to an upgrade, a change in configuration, or a node-failure forcing a redeployment.

Contour now offers a new sub-command to named `envoy shutdown-manager` which will assist in an Envoy rollout to minimize connection errors from clients.
The shutdown manager first sends the healthcheck fail request to Envoy and then begins polling the http/https listeners for active connections from the /stats endpoint available on localhost:9001.
When the connections reach zero or a configured parameter, the pod is allowed to be terminated.
If the pods configurable termination grace period seconds is met before the open connections are fully drained, the pod will be terminated.

This new component runs as another container in the Envoy pod.

Design: https://github.com/projectcontour/contour/blob/master/design/envoy-shutdown.md
PR: https://github.com/projectcontour/contour/pull/2227

Thanks @stevesloka

### Record EventHandler Operation Metrics

Contour adds some new Prometheus metrics for the various API operations and kinds observed from the Kubernetes informers.
This information is helpful to understand the amount of changes that Contour is processing from a Kubernetes cluster.
This change also includes a sample Grafana dashboard.

```yaml
% curl -s 127.0.0.1:8000/metrics | grep eventhandler
# HELP contour_eventhandler_operation_total Total number of eventHandler operations received by operation and object kind
# TYPE contour_eventhandler_operation_total gauge
contour_eventhandler_operation_total{kind="contour.heptio.com/IngressRoutev1beta1",op="onAdd"} 2
contour_eventhandler_operation_total{kind="contour.heptio.com/TLSCertificateDelegationv1beta1",op="onAdd"} 1
contour_eventhandler_operation_total{kind="projectcontour.io/HTTPProxyv1",op="onAdd"} 1
contour_eventhandler_operation_total{kind="unknown",op="onAdd"} 76
```

PR: https://github.com/projectcontour/contour/pull/2244
PR: https://github.com/projectcontour/contour/pull/2261

Thanks @davecheney, @youngnick

### SafeRegex limit raised

Raise the SafeRegex size limit from 1,000 to 1048576.
There is no evidence that this number is sufficient for all possible regex patterns, thus the limit represents the "no limit" limit because it is currently not
possible for envoy to reject a regex entry in a way that Contour can trace back to the original input.

PR: https://github.com/projectcontour/contour/pull/2241

Thanks @davecheney

### Minor improvements

- Contour is built with Go 1.13.8
- Update Envoy to 1.13.0
- Envoy go-control-plane updated to v0.9.2
- Upgrade google/go-cmp to version 0.4.0
- Upgrade client-go to v0.17.0
- Contour now utilizes the Dynamic client for CRD resources

## Bug fixes

### Add HTTPProxy Service.Protocol Validation

Adds an enum validation to limit the values for the service.protocol field.

_Note: Users will need to reapply the crd spec to get the validation_

PR: https://github.com/projectcontour/contour/pull/2158

Thanks @stevesloka

### HTTPProxy requestHeadersPolicy Validation

For an HTTPProxy, a requestHeaderPolicy can only be able to set host header at the HTTProxy.Routes.Service level.

PR: https://github.com/projectcontour/contour/pull/2157

Thanks @stevesloka

### Ensure certgen handles already-existing secrets correctly

The cert-gen example job now ensures that the the Job will succeed if the secrets already exist.

PR: https://github.com/projectcontour/contour/pull/2178

Thanks @youngnick

### Other changes

- Add Kubernetes Support Matrix
- Update Envoy list of required extensions

## Upgrading

Please consult the [Upgrading](https://projectcontour.io/resources/upgrading/) document for further information on upgrading from Contour 1.1.0 to Contour 1.2.0.