Contour is a Kubernetes ingress controller using Envoy proxy.
We are delighted to present version v1.25.2 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
For a fresh install of Contour, consult the getting started documentation.
To upgrade an existing Contour installation, please consult the upgrade documentation.
Contour v1.25.2 is tested against Kubernetes 1.25 through 1.27.
If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.
We are delighted to present version v1.25.1 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
For a fresh install of Contour, consult the getting started documentation.
To upgrade an existing Contour installation, please consult the upgrade documentation.
Contour v1.25.1 is tested against Kubernetes 1.25 through 1.27.
If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.
We are delighted to present version v1.24.5 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
For a fresh install of Contour, consult the getting started documentation.
To upgrade an existing Contour installation, please consult the upgrade documentation.
Contour v1.24.5 is tested against Kubernetes 1.24 through 1.26.
If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.
We are delighted to present version v1.23.6 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
For a fresh install of Contour, consult the getting started documentation.
To upgrade an existing Contour installation, please consult the upgrade documentation.
Contour v1.23.6 is tested against Kubernetes 1.23 through 1.25.
If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.
We are delighted to present version v1.25.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
A big thank you to everyone who contributed to the release.
Contour's HTTPProxy now supports configuring Envoy's RBAC filter for allowing or denying requests by IP.
An HTTPProxy can optionally include one or more IP filter rules, which define CIDR ranges to allow or deny requests based on origin IP. Filters can indicate whether the direct IP should be used or whether a reported IP from PROXY
or X-Forwarded-For
should be used instead. If the latter, Contour's numTrustedHops
setting will be respected when determining the source IP. Filters defined at the VirtualHost level apply to all routes, unless overridden by a route-specific filter.
For more information, see:
(#5008, @ecordell)
Contour now supports exporting tracing data to OpenTelemetry
The Contour configuration file and ContourConfiguration CRD will be extended with a new optional tracing
section. This configuration block, if present, will enable tracing and will define the trace properties needed to generate and export trace data.
contour
.100
.256
.(#5043, @yangyy93)
Contour now supports external authorization for all hosts by setting the config as part of the contourConfig
like so:
globalExtAuth:
extensionService: projectcontour-auth/htpasswd
failOpen: false
authPolicy:
context:
header1: value1
header2: value2
responseTimeout: 1s
Individual hosts can also override or opt out of this global configuration. You can read more about this feature in detail in the guide.
(#4994, @clayton-gonsalves)
HttpProxy conditions block now also supports exact path match condition.
(#5000, @arjunsalyan)
Contour now supports specifying an internalRedirectPolicy
on a Route
to handle 3xx redirects internally, that is capturing a configurable 3xx redirect response, synthesizing a new request, sending it to the upstream specified by the new route match, and returning the redirected response as the response to the original request.
(#5010, @Jean-Daniel)
Contour now implements HTTP query parameter matching for HTTPProxy resource-based routes. It supports Exact
, Prefix
, Suffix
, Regex
and Contains
string matching conditions together with the IgnoreCase
modifier and also the Present
matching condition. For example, the following HTTPProxy will route requests based on the configured condition examples for the given query parameter search
:
apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
name: httpproxy-queryparam-matching
spec:
routes:
- conditions:
- queryParam:
# will match e.g. '?search=example' as is
name: search
exact: example
services:
- name: s1
port: 80
- conditions:
- queryParam:
# will match e.g. '?search=prefixthis' or any string value prefixed by `prefix` (case insensitive)
name: search
prefix: PreFix
ignoreCase: true
services:
- name: s2
port: 80
- conditions:
- queryParam:
# will match e.g. '?search=thispostfix' or any string value suffixed by `postfix` (case sensitive)
name: search
suffix: postfix
services:
- name: s3
port: 80
- conditions:
- queryParam:
# will match e.g. '?search=regularexp123' or any string value matching the given regular expression
name: search
regex: ^regular.*
services:
- name: s4
port: 80
- conditions:
- queryParam:
# will match e.g. '?search=somethinginsideanother' or any string value containing the substring 'inside' (case sensitive)
name: search
contains: inside
services:
- name: s5
port: 80
- conditions:
- queryParam:
# will match e.g. '?search=' or any string value given to the named parameter
name: search
present: true
services:
- name: s6
port: 80
(#5036, @relu)
The contour serve
command takes a new optional flag, --disable-feature
, that allows disabling certain features.
The flag is used to disable the informer for a custom resource, effectively making the corresponding CRD optional in the cluster. You can provide the flag multiple times.
Current options include extensionservices
and the experimental Gateway API features tlsroutes
and grpcroutes
.
For example, to disable ExtensionService CRD, use the flag as follows: --disable-feature=extensionservices
.
(#5080, @nsimons)
Contour now implements GRPCRoute (https://gateway-api.sigs.k8s.io/api-types/grpcroute/). The "core conformance" parts of the spec are implemented. See https://projectcontour.io/docs/1.25/guides/grpc/#gateway-api-configuration on how to use GRPCRoute.
(#5114, @fangfpeng)
AllowPrivateNetwork
to CORSPolicy
for support Access-Control-Allow-Private-Network. (#5034, @lvyanru8200)path
field on the HTTPRoute RequestRedirect filter. (#5068, @skriss)contour_dag_cache_object
, to indicate the total number of items that are currently in the DAG cache. (#5109, @izturn)NotImplemented
condition with the upstream Accepted: false
condition with reason UnsupportedValue
to match the spec. (#5125, @skriss)%REQ()
operator in request/response header policies now properly supports HTTP/2 pseudo-headers, header fallbacks, and truncating header values. (#5130, @sunjayBhatia)GOMAXPROCS
to match the number of CPUs available to the container which results in lower and more stable CPU usage under high loads and where the container and node CPU counts differ significantly.
This is the default behavior but can be overridden by specifying GOMAXPROCS
to a fixed value as an environment variable. (#5211, @rajatvig)envoy.health.port
and envoy.metrics.port
if they are defined in ContourDeployment.spec.runtimeSettings
. (#5233, @Jean-Daniel)For a fresh install of Contour, consult the getting started documentation.
To upgrade an existing Contour installation, please consult the upgrade documentation.
Contour v1.25.0 is tested against Kubernetes 1.25 through 1.27.
We’re immensely grateful for all the community contributions that help make Contour even better! For this release, we would like to give a special shoutout to the folks who joined our ContribFest at KubeCon EU 2023:
We'd also like to thank the other contributors to this release:
If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.
We are delighted to present version v1.24.4 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
For a fresh install of Contour, consult the getting started documentation.
To upgrade an existing Contour installation, please consult the upgrade documentation.
Contour v1.24.4 is tested against Kubernetes 1.24 through 1.26.
If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.
We are delighted to present version v1.25.0-rc.1 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
A big thank you to everyone who contributed to the release.
Please note that this is pre-release software, and as such we do not recommend installing it in production environments. Feedback and bug reports are welcome!
Contour's HTTPProxy now supports configuring Envoy's RBAC filter for allowing or denying requests by IP.
An HTTPProxy can optionally include one or more IP filter rules, which define CIDR ranges to allow or deny requests based on origin IP.
Filters can indicate whether the direct IP should be used or whether a reported IP from PROXY
or X-Forwarded-For
should be used instead.
If the latter, Contour's numTrustedHops
setting will be respected when determining the source IP.
Filters defined at the VirtualHost level apply to all routes, unless overridden by a route-specific filter.
For more information, see:
(#5008, @ecordell)
Contour now supports exporting tracing data to OpenTelemetry
The Contour configuration file and ContourConfiguration CRD will be extended with a new optional tracing
section. This configuration block, if present, will enable tracing and will define the trace properties needed to generate and export trace data.
contour
.100
.256
.(#5043, @yangyy93)
Contour now supports external authorization for all hosts by setting the config as part of the contourConfig
like so:
globalExtAuth:
extensionService: projectcontour-auth/htpasswd
failOpen: false
authPolicy:
context:
header1: value1
header2: value2
responseTimeout: 1s
Individual hosts can also override or opt out of this global configuration. You can read more about this feature in detail in the guide.
(#4994, @clayton-gonsalves)
HttpProxy conditions block now also supports exact path match condition.
(#5000, @arjunsalyan)
Contour now supports specifying an internalRedirectPolicy
on a Route
to handle 3xx redirects internally, that is capturing a configurable 3xx redirect response, synthesizing a new request,
sending it to the upstream specified by the new route match,
and returning the redirected response as the response to the original request.
(#5010, @Jean-Daniel)
Contour now implements HTTP query parameter matching for HTTPProxy
resource-based routes. It supports Exact
, Prefix
, Suffix
, Regex
and
Contains
string matching conditions together with the IgnoreCase
modifier
and also the Present
matching condition.
For example, the following HTTPProxy will route requests based on the configured
condition examples for the given query parameter search
:
apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
name: httpproxy-queryparam-matching
spec:
routes:
- conditions:
- queryParam:
# will match e.g. '?search=example' as is
name: search
exact: example
services:
- name: s1
port: 80
- conditions:
- queryParam:
# will match e.g. '?search=prefixthis' or any string value prefixed by `prefix` (case insensitive)
name: search
prefix: PreFix
ignoreCase: true
services:
- name: s2
port: 80
- conditions:
- queryParam:
# will match e.g. '?search=thispostfix' or any string value suffixed by `postfix` (case sensitive)
name: search
suffix: postfix
services:
- name: s3
port: 80
- conditions:
- queryParam:
# will match e.g. '?search=regularexp123' or any string value matching the given regular expression
name: search
regex: ^regular.*
services:
- name: s4
port: 80
- conditions:
- queryParam:
# will match e.g. '?search=somethinginsideanother' or any string value containing the substring 'inside' (case sensitive)
name: search
contains: inside
services:
- name: s5
port: 80
- conditions:
- queryParam:
# will match e.g. '?search=' or any string value given to the named parameter
name: search
present: true
services:
- name: s6
port: 80
(#5036, @relu)
The contour serve
command takes a new optional flag, --disable-feature
, that allows disabling
certain features.
The flag is used to disable the informer for a custom resource, effectively making the corresponding CRD optional in the cluster. You can provide the flag multiple times.
Current options include extensionservices
and the experimental Gateway API features tlsroutes
and
grpcroutes
.
For example, to disable ExtensionService CRD, use the flag as follows: --disable-feature=extensionservices
.
(#5080, @nsimons)
Contour now implements GRPCRoute (https://gateway-api.sigs.k8s.io/api-types/grpcroute/). The "core conformance" parts of the spec are implemented. See https://projectcontour.io/docs/v1.25.0/guides/grpc/#gateway-api-configuration on how to use GRPCRoute.
(#5114, @fangfpeng)
AllowPrivateNetwork
to CORSPolicy
for support Access-Control-Allow-Private-Network. (#5034, @lvyanru8200)path
field on the HTTPRoute RequestRedirect filter. (#5068, @skriss)contour_dag_cache_object
, to indicate the total number of items that are currently in the DAG cache. (#5109, @izturn)NotImplemented
condition with the upstream Accepted: false
condition with reason UnsupportedValue
to match the spec. (#5125, @skriss)%REQ()
operator in request/response header policies now properly supports HTTP/2 pseudo-headers, header fallbacks, and truncating header values. (#5130, @sunjayBhatia)GOMAXPROCS
to match the number of CPUs available to the container which results in lower and more stable CPU usage under high loads and where the container and node CPU counts differ significantly.
This is the default behavior but can be overridden by specifying GOMAXPROCS
to a fixed value as an environment variable. (#5211, @rajatvig)envoy.health.port
and envoy.metrics.port
if they are defined in ContourDeployment.spec.runtimeSettings
. (#5233, @Jean-Daniel)The simplest way to install v1.25.0-rc.1 is to apply one of the example configurations:
With Gateway API:
kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/v1.25.0-rc.1/examples/render/contour-gateway.yaml
Without Gateway API:
kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/v1.25.0-rc.1/examples/render/contour.yaml
Contour v1.25.0-rc.1 is tested against Kubernetes 1.25 through 1.27.
We’re immensely grateful for all the community contributions that help make Contour even better! For this release, special thanks go out to the following contributors:
If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.
We are delighted to present version v1.24.3 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
For a fresh install of Contour, consult the getting started documentation.
To upgrade an existing Contour installation, please consult the upgrade documentation.
Contour v1.24.3 is tested against Kubernetes 1.24 through 1.26.
If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.
We are delighted to present version v1.23.5 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
For a fresh install of Contour, consult the getting started documentation.
To upgrade an existing Contour installation, please consult the upgrade documentation.
Contour v1.23.5 is tested against Kubernetes 1.23 through 1.25.
If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.
We are delighted to present version v1.22.6 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
For a fresh install of Contour, consult the getting started documentation.
To upgrade an existing Contour installation, please consult the upgrade documentation.
Contour v1.22.6 is tested against Kubernetes 1.22 through 1.24.
If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.