changelogs/CHANGELOG-v1.30.0.md
We are delighted to present version v1.30.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
A big thank you to everyone who contributed to the release.
Gateway API spec update in this GEP. Updates logic on finding intersecting route and Listener hostnames to factor in the other Listeners on a Gateway that the route in question may not actually be attached to. Requests should be "isolated" to the most specific Listener and it's attached routes.
(#6162, @sunjayBhatia)
Updates the documentation and examples for deploying a monitoring stack (Prometheus and Grafana) to scrape metrics from Contour and Envoy.
Adds a metrics port to the Envoy DaemonSet/Deployment in the example YAMLs to expose port 8002 so that PodMonitor resources can be used to find metrics endpoints.
(#6269, @sunjayBhatia)
Gateway API CRD compatibility has been updated to release v1.1.0.
Notable changes for Contour include:
BackendTLSPolicy resource has undergone some breaking changes and has been updated to the v1alpha3 API version. This will require any existing users of this policy to uninstall the v1alpha2 version before installing this newer version.GRPCRoute has graduated to GA and is now in the v1 API version.Full release notes for this Gateway API release can be found here.
(#6398, @sunjayBhatia)
This change enables the user to configure the Circuit breakers for extension services either via the global Contour config or on an individual Extension Service.
NOTE: The PerHostMaxConnections is now also configurable via the global settings.
(#6539, @clayton-gonsalves)
Applies Global Auth filters to Fallback certificate
(#6558, @erikflores7)
It's possible that multiple GRPCRoutes will define the same Match conditions. In this case the following logic is applied to resolve the conflict:
With above ordering, any GRPCRoute that ranks lower, will be marked with below conditions accordingly:
Accepted: True and PartiallyInvalid: true Conditions and Reason: RuleMatchPartiallyConflict.Accepted: False Condition and Reason RuleMatchConflict.(#6566, @lubronzhan)
deny-by-default approach on the admin listener by matching on exact paths and on GET requests (#6447, @davinci26)ECDHE-ECDSA-CHACHA20-POLY1305 and ECDHE-RSA-CHACHA20-POLY1305 to be used separately. (#6461, @tsaarni)/stats/prometheus route on the admin listener. (#6503, @clayton-gonsalves)prometheus.io/ annotationsThe annotations for notifying a Prometheus instance on how to scrape metrics from Contour and Envoy pods have been removed from the deployment YAMLs and the Gateway provisioner.
The suggested mechanism for doing so now is to use kube-prometheus and the PodMonitor resource.
(#6269, @sunjayBhatia)
These fields are officially deprecated now that the contour xDS server implementation is deprecated.
They are planned to be removed in the 1.31 release, along with the contour xDS server implementation.
(#6561, @skriss)
For a fresh install of Contour, consult the getting started documentation.
To upgrade an existing Contour installation, please consult the upgrade documentation.
Contour v1.30.0 is tested against Kubernetes 1.28 through 1.30.
We’re immensely grateful for all the community contributions that help make Contour even better! For this release, special thanks go out to the following contributors:
If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.