Contour 1.6.0 has been released

[Nick Young]

We are delighted to present version 1.6.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.

IngressRoute removal

IngressRoute has been deprecated for some time and is, as of Contour 1.6, removed.

IngressRoute objects are no longer watched by Contour, and the IngressRoute and contour.heptio.com TLSDelegation CRD are no longer installed by our example YAMLs. IngressRoute resources should be converted to HTTPProxy ones before upgrading to Contour 1.6. The IngressRoute and TLSDelegationCRDs should be removed from your clusters.

Please see ir2proxy for your IngressRoute to HTTPProxy conversion needs.

Vale IngressRoute!

New and improved

Controlling served HTTP versions

Contour now has the ability to choose the versions of HTTP that Envoy will respond to.
This has been implemented as a workaround for a browser-specific problem about 421 result codes and blank requests (#2619).

In short, Safari can misroute certain connection-coalesced connections when they are being served from a wildcard certificate with the SNI routing changes introduced under #1493.

Thanks to @primeroz for helping to dig on this one.

Fix ordering problems with HTTPProxy status updates

We moved all status updates to HTTPProxy to the new pattern introduced in Contour 1.5 for address updates, this fixes #2522, #2580, and #2522.

Thanks to @primeroz for logging #2580, and for the help with confirming the fix.

Bootstrap checks for empty TLS files

@shyaamsn noticed that the TLS files used for Envoy bootstrapping could sometimes be empty when using cert-manager to create them. (#2602)
They then contributed a fix in #2607.

Thanks @shyaamsn!

Fix Envoy service status watching

PR #2583 introduced a regression that broke watching the Envoy service for status address updating. Fixed by #2605.

Upgrading

Please consult the upgrade documentation.​