We are delighted to present version 1.6.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
IngressRoute has been deprecated for some time and is, as of Contour 1.6, removed.
IngressRoute objects are no longer watched by Contour, and the IngressRoute and contour.heptio.com
TLSDelegation CRD are no longer installed by our example YAMLs. IngressRoute resources should be converted to HTTPProxy ones before upgrading to Contour 1.6. The IngressRoute and TLSDelegationCRDs should be removed from your clusters.
Please see ir2proxy for your IngressRoute to HTTPProxy conversion needs.
Vale IngressRoute!
Contour now has the ability to choose the versions of HTTP that Envoy will respond to.
This has been implemented as a workaround for a browser-specific problem about 421 result codes and blank requests (#2619).
In short, Safari can misroute certain connection-coalesced connections when they are being served from a wildcard certificate with the SNI routing changes introduced under #1493.
Thanks to @primeroz for helping to dig on this one.
We moved all status updates to HTTPProxy to the new pattern introduced in Contour 1.5 for address updates, this fixes #2522, #2580, and #2522.
Thanks to @primeroz for logging #2580, and for the help with confirming the fix.
@shyaamsn noticed that the TLS files used for Envoy bootstrapping could sometimes be empty when using cert-manager to create them. (#2602)
They then contributed a fix in #2607.
Thanks @shyaamsn!
PR #2583 introduced a regression that broke watching the Envoy service for status address updating. Fixed by #2605.
Please consult the upgrade documentation.