Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automated Contour version update 1.26.0 #4791

Merged
merged 2 commits into from
Sep 27, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions addons/contour/1.26.0/Manifest
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
image envoy docker.io/envoyproxy/envoy:v1.27.0
image contour ghcr.io/projectcontour/contour:v1.26.0
8,559 changes: 8,559 additions & 0 deletions addons/contour/1.26.0/contour.yaml

Large diffs are not rendered by default.

41 changes: 41 additions & 0 deletions addons/contour/1.26.0/install.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@

function contour_pre_init() {
if [ -z "$CONTOUR_NAMESPACE" ]; then
CONTOUR_NAMESPACE=projectcontour
fi

if [ -z "$CONTOUR_TLS_MINIMUM_PROTOCOL_VERSION" ]; then
CONTOUR_TLS_MINIMUM_PROTOCOL_VERSION="1.2"
fi

if [ -z "$CONTOUR_HTTP_PORT" ]; then
CONTOUR_HTTP_PORT="80"
fi

if [ -z "$CONTOUR_HTTPS_PORT" ]; then
CONTOUR_HTTPS_PORT="443"
fi
}

function contour() {
local src="$DIR/addons/contour/1.26.0"
local dst="$DIR/kustomize/contour"

cp "$src/contour.yaml" "$dst/"
cp "$src/patches/job-image.yaml" "$dst/"
cp "$src/patches/resource-limits.yaml" "$dst/"

render_yaml_file "$src/tmpl-configmap.yaml" > "$dst/configmap.yaml"
render_yaml_file "$src/tmpl-kustomization.yaml" > "$dst/kustomization.yaml"
render_yaml_file "$src/tmpl-namespace.yaml" > "$dst/namespace.yaml"
render_yaml_file "$src/tmpl-service-patch.yaml" > "$dst/service-patch.yaml"

# NodePort services in old namespace conflict
if kubectl get namespace heptio-contour &>/dev/null && [ "$CONTOUR_NAMESPACE" != heptio-contour ]; then
kubectl delete namespace heptio-contour
fi

kubectl create --save-config namespace "$CONTOUR_NAMESPACE" 2>/dev/null || true

kubectl apply -k "$dst/"
}
12 changes: 12 additions & 0 deletions addons/contour/1.26.0/patches/job-image.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
apiVersion: batch/v1
kind: Job
metadata:
name: contour-certgen-v1-26-0
namespace: projectcontour
spec:
template:
spec:
containers:
- name: contour
imagePullPolicy: IfNotPresent
16 changes: 16 additions & 0 deletions addons/contour/1.26.0/patches/resource-limits.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: envoy
namespace: projectcontour
spec:
template:
spec:
containers:
- name: envoy
resources:
limits:
cpu: "0.4"
requests:
cpu: "0.03"
186 changes: 186 additions & 0 deletions addons/contour/1.26.0/tmpl-configmap.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,186 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: contour
namespace: projectcontour
data:
contour.yaml: |
#
# server:
# determine which XDS Server implementation to utilize in Contour.
# xds-server-type: contour
#
# Specify the Gateway API configuration.
# gateway:
# controllerName: projectcontour.io/gateway-controller
#
# should contour expect to be running inside a k8s cluster
# incluster: true
#
# path to kubeconfig (if not running inside a k8s cluster)
# kubeconfig: /path/to/.kube/config
#
# Disable RFC-compliant behavior to strip "Content-Length" header if
# "Tranfer-Encoding: chunked" is also set.
# disableAllowChunkedLength: false
#
# Disable Envoy's non-standard merge_slashes path transformation option
# that strips duplicate slashes from request URLs.
# disableMergeSlashes: false
#
# Disable HTTPProxy permitInsecure field
disablePermitInsecure: false
tls:
# minimum TLS version that Contour will negotiate
minimum-protocol-version: "$CONTOUR_TLS_MINIMUM_PROTOCOL_VERSION"
# TLS ciphers to be supported by Envoy TLS listeners when negotiating
# TLS 1.2.
# cipher-suites:
# - '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]'
# - '[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]'
# - 'ECDHE-ECDSA-AES256-GCM-SHA384'
# - 'ECDHE-RSA-AES256-GCM-SHA384'
# Defines the Kubernetes name/namespace matching a secret to use
# as the fallback certificate when requests which don't match the
# SNI defined for a vhost.
fallback-certificate:
# name: fallback-secret-name
# namespace: projectcontour
envoy-client-certificate:
# name: envoy-client-cert-secret-name
# namespace: projectcontour
####
# ExternalName Services are disabled by default due to CVE-2021-XXXXX
# You can re-enable them by setting this setting to `true`.
# This is not recommended without understanding the security implications.
# Please see the advisory at https://github.com/projectcontour/contour/security/advisories/GHSA-5ph6-qq5x-7jwc for the details.
# enableExternalNameService: false
##
# Address to be placed in status.loadbalancer field of Ingress objects.
# May be either a literal IP address or a host name.
# The value will be placed directly into the relevant field inside the status.loadBalancer struct.
# ingress-status-address: local.projectcontour.io
### Logging options
# Default setting
accesslog-format: envoy
# The default access log format is defined by Envoy but it can be customized by setting following variable.
# accesslog-format-string: "...\n"
# To enable JSON logging in Envoy
# accesslog-format: json
# accesslog-level: info
# The default fields that will be logged are specified below.
# To customise this list, just add or remove entries.
# The canonical list is available at
# https://godoc.org/github.com/projectcontour/contour/internal/envoy#JSONFields
# json-fields:
# - "@timestamp"
# - "authority"
# - "bytes_received"
# - "bytes_sent"
# - "downstream_local_address"
# - "downstream_remote_address"
# - "duration"
# - "method"
# - "path"
# - "protocol"
# - "request_id"
# - "requested_server_name"
# - "response_code"
# - "response_flags"
# - "uber_trace_id"
# - "upstream_cluster"
# - "upstream_host"
# - "upstream_local_address"
# - "upstream_service_time"
# - "user_agent"
# - "x_forwarded_for"
# - "grpc_status"
# - "grpc_status_number"
#
# default-http-versions:
# - "HTTP/2"
# - "HTTP/1.1"
#
# The following shows the default proxy timeout settings.
# timeouts:
# request-timeout: infinity
# connection-idle-timeout: 60s
# stream-idle-timeout: 5m
# max-connection-duration: infinity
# delayed-close-timeout: 1s
# connection-shutdown-grace-period: 5s
# connect-timeout: 2s
#
# Envoy cluster settings.
# cluster:
# configure the cluster dns lookup family
# valid options are: auto (default), v4, v6
# dns-lookup-family: auto
#
# Envoy network settings.
# network:
# Configure the number of additional ingress proxy hops from the
# right side of the x-forwarded-for HTTP header to trust.
# num-trusted-hops: 0
# Configure the port used to access the Envoy Admin interface.
# admin-port: 9001
#
# Configure an optional global rate limit service.
# rateLimitService:
# Identifies the extension service defining the rate limit service,
# formatted as <namespace>/<name>.
# extensionService: projectcontour/ratelimit
# Defines the rate limit domain to pass to the rate limit service.
# Acts as a container for a set of rate limit definitions within
# the RLS.
# domain: contour
# Defines whether to allow requests to proceed when the rate limit
# service fails to respond with a valid rate limit decision within
# the timeout defined on the extension service.
# failOpen: false
# Defines whether to include the X-RateLimit headers X-RateLimit-Limit,
# X-RateLimit-Remaining, and X-RateLimit-Reset (as defined by the IETF
# Internet-Draft linked below), on responses to clients when the Rate
# Limit Service is consulted for a request.
# ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html
# enableXRateLimitHeaders: false
# Defines whether to translate status code 429 to grpc code RESOURCE_EXHAUSTED
# instead of the default UNAVAILABLE
# enableResourceExhaustedCode: false
#
# Global Policy settings.
# policy:
# # Default headers to set on all requests (unless set/removed on the HTTPProxy object itself)
# request-headers:
# set:
# # example: the hostname of the Envoy instance that proxied the request
# X-Envoy-Hostname: %HOSTNAME%
# # example: add a l5d-dst-override header to instruct Linkerd what service the request is destined for
# l5d-dst-override: %CONTOUR_SERVICE_NAME%.%CONTOUR_NAMESPACE%.svc.cluster.local:%CONTOUR_SERVICE_PORT%
# # default headers to set on all responses (unless set/removed on the HTTPProxy object itself)
# response-headers:
# set:
# # example: Envoy flags that provide additional details about the response or connection
# X-Envoy-Response-Flags: %RESPONSE_FLAGS%
#
# metrics:
# contour:
# address: 0.0.0.0
# port: 8000
# server-certificate-path: /path/to/server-cert.pem
# server-key-path: /path/to/server-private-key.pem
# ca-certificate-path: /path/to/root-ca-for-client-validation.pem
# envoy:
# address: 0.0.0.0
# port: 8002
# server-certificate-path: /path/to/server-cert.pem
# server-key-path: /path/to/server-private-key.pem
# ca-certificate-path: /path/to/root-ca-for-client-validation.pem
#
# listener:
# connection-balancer: exact
# socket-options:
# tos: 64
# traffic-class: 64

11 changes: 11 additions & 0 deletions addons/contour/1.26.0/tmpl-kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
namespace: $CONTOUR_NAMESPACE

resources:
- namespace.yaml
- contour.yaml
- configmap.yaml

patchesStrategicMerge:
- service-patch.yaml
- job-image.yaml
- resource-limits.yaml
4 changes: 4 additions & 0 deletions addons/contour/1.26.0/tmpl-namespace.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: $CONTOUR_NAMESPACE
19 changes: 19 additions & 0 deletions addons/contour/1.26.0/tmpl-service-patch.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
apiVersion: v1
kind: Service
metadata:
name: envoy
namespace: projectcontour
spec:
type: NodePort
ports:
- port: 80
nodePort: $CONTOUR_HTTP_PORT
name: http
protocol: TCP
targetPort: 8080
- port: 443
nodePort: $CONTOUR_HTTPS_PORT
name: https
protocol: TCP
targetPort: 8443
2 changes: 1 addition & 1 deletion addons/contour/template/base/patches/job-image.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: contour-certgen-v__releasever__
name: contour-certgen-v__releasever_dash__
namespace: projectcontour
spec:
template:
Expand Down
3 changes: 2 additions & 1 deletion addons/contour/template/script.sh
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ fileContents=$(cat "$tmpdir"/contour.yaml)
upstreamContourVersionPattern='/projectcontour/contour:v([0-9]+\.[0-9]+\.[0-9]+)' # hosted on docker.io and ghcr depending on version
[[ "$fileContents" =~ $upstreamContourVersionPattern ]]
CONTOUR_VERSION="${BASH_REMATCH[1]}" # 1.11.0
CONTOUR_VERSION_DASH="${CONTOUR_VERSION//./-}" # 1-11-0

echo "contour version: $CONTOUR_VERSION"
echo "contour_version=$CONTOUR_VERSION" >> "$GITHUB_OUTPUT"
Expand All @@ -50,7 +51,7 @@ grep 'image: ' "$tmpdir/contour.yaml" | sort -u | sed 's/ *image: "*\(.*\)\/\(.

# template 'install.sh' and 'job-image.yaml' with versions
sed -i "s/__releasever__/$CONTOUR_VERSION/g" "../$CONTOUR_VERSION/install.sh"
sed -i "s/__releasever__/$CONTOUR_VERSION/g" "../$CONTOUR_VERSION/patches/job-image.yaml"
sed -i "s/__releasever_dash__/$CONTOUR_VERSION_DASH/g" "../$CONTOUR_VERSION/patches/job-image.yaml"

# insert upstream URL into contour.yaml header
sed -i "s|__upstreamurl__|$UPSTREAM_URL|g" "../$CONTOUR_VERSION/contour.yaml"
Expand Down
2 changes: 1 addition & 1 deletion web/src/installers/versions.js
Original file line number Diff line number Diff line change
Expand Up @@ -224,7 +224,7 @@ module.exports.InstallerVersions = {
"1.4.3",
"1.0.4-14.2.21",
],
contour: ["1.25.2", "1.25.0", "1.24.4", "1.24.3", "1.24.2", "1.24.1", "1.24.0", "1.23.2", "1.23.1", "1.23.0", "1.22.1", "1.22.0", "1.21.1", "1.21.0", "1.20.1", "1.20.0", "1.19.1", "1.18.0", "1.16.0", "1.15.1", "1.14.1", "1.14.0", "1.13.1", "1.13.0", "1.12.0", "1.11.0", "1.10.1", "1.7.0", "1.0.1", "0.14.0"], // cron-contour-update
contour: ["1.26.0", "1.25.2", "1.25.0", "1.24.4", "1.24.3", "1.24.2", "1.24.1", "1.24.0", "1.23.2", "1.23.1", "1.23.0", "1.22.1", "1.22.0", "1.21.1", "1.21.0", "1.20.1", "1.20.0", "1.19.1", "1.18.0", "1.16.0", "1.15.1", "1.14.1", "1.14.0", "1.13.1", "1.13.0", "1.12.0", "1.11.0", "1.10.1", "1.7.0", "1.0.1", "0.14.0"], // cron-contour-update
registry: [
// cron-registry-update
"2.8.2",
Expand Down
Loading