Merge pull request #1508 from kinvolk/surajssd/update-contour-1.16

contour: Update to v1.16.0

assets/charts/components/contour/Chart.yaml

@@ -13,11 +13,11 @@ type: application
 
 # This is the chart version. This version number is incremented each time changes are made
 # to the chart and its templates, including the app version.
-version: 0.3.2
+version: 0.3.3
 
 # This is the version number of the upstream Contour
 # https://github.com/projectcontour/contour/releases
-appVersion: v1.13.1
+appVersion: v1.16.0
 
 description: Contour is a Kubernetes ingress controller using Lyft's Envoy proxy.
 home: https://projectcontour.io/

assets/charts/components/contour/templates/01-contour-config.yaml

@@ -11,8 +11,9 @@ data:
     #   determine which XDS Server implementation to utilize in Contour.
     #   xds-server-type: contour
     #
-    # Specify the gateway-api Gateway Contour should watch.
+    # Specify the Gateway API configuration.
     # gateway:
+    #   controllerName: projectcontour.io/projectcontour/contour
     #   name: contour
     #   namespace: projectcontour
     #
@@ -120,3 +121,25 @@ data:
     #   service fails to respond with a valid rate limit decision within
     #   the timeout defined on the extension service.
     #   failOpen: false
+    #   Defines whether to include the X-RateLimit headers X-RateLimit-Limit,
+    #   X-RateLimit-Remaining, and X-RateLimit-Reset (as defined by the IETF
+    #   Internet-Draft linked below), on responses to clients when the Rate
+    #   Limit Service is consulted for a request.
+    #   ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html
+    #   enableXRateLimitHeaders: false
+    #
+    # Global Policy settings.
+    # policy:
+    #   # Default headers to set on all requests (unless set/removed on the HTTPProxy object itself)
+    #   request-headers:
+    #     set:
+    #       # example: the hostname of the Envoy instance that proxied the request
+    #       X-Envoy-Hostname: %HOSTNAME%
+    #       # example: add a l5d-dst-override header to instruct Linkerd what service the request is destined for
+    #       l5d-dst-override: %CONTOUR_SERVICE_NAME%.%CONTOUR_NAMESPACE%.svc.cluster.local:%CONTOUR_SERVICE_PORT%
+    #   # default headers to set on all responses (unless set/removed on the HTTPProxy object itself)
+    #   response-headers:
+    #     set:
+    #       # example: Envoy flags that provide additional details about the response or connection
+    #       X-Envoy-Response-Flags: %RESPONSE_FLAGS%
+    #

assets/charts/components/contour/templates/02-job-certgen.yaml

@@ -36,7 +36,7 @@ rules:
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: contour-certgen-v1.13.1
+  name: contour-certgen-v1.16.0
   namespace: projectcontour
 spec:
   ttlSecondsAfterFinished: 0

assets/charts/components/contour/templates/02-role-contour.yaml

@@ -25,6 +25,14 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -75,13 +83,27 @@ rules:
   - networking.x-k8s.io
   resources:
   - backendpolicies
+  - gatewayclasses
   - gateways
   - httproutes
+  - tcproutes
   - tlsroutes
+  - udproutes
   verbs:
   - get
   - list
   - watch
+- apiGroups:
+  - networking.x-k8s.io
+  resources:
+  - backendpolicies/status
+  - gatewayclasses/status
+  - httproutes/status
+  - tcproutes/status
+  - tlsroutes/status
+  - udproutes/status
+  verbs:
+  - update
 - apiGroups:
   - projectcontour.io
   resources:

assets/charts/components/contour/templates/02-service-envoy.yaml

@@ -21,12 +21,14 @@ spec:
     {{- end }}
     name: http
     protocol: TCP
+    targetPort: 8080
   - port: 443
     {{- if eq .Values.envoy.serviceType "NodePort" }}
     nodePort: 30443
     {{- end }}
     name: https
     protocol: TCP
+    targetPort: 8443
   selector:
     app: envoy
   type: {{ .Values.envoy.serviceType }}

assets/charts/components/contour/templates/03-contour.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -50,8 +49,6 @@ spec:
         - --incluster
         - --xds-address=0.0.0.0
         - --xds-port=8001
-        - --envoy-service-http-port=80
-        - --envoy-service-https-port=443
         - --contour-cafile=/certs/ca.crt
         - --contour-cert-file=/certs/tls.crt
         - --contour-key-file=/certs/tls.key

assets/charts/components/contour/templates/03-envoy.yaml

@@ -94,11 +94,11 @@ spec:
               apiVersion: v1
               fieldPath: metadata.name
         ports:
-        - containerPort: 80
+        - containerPort: 8080
           # XXX: Lokomotive specific change. `hostPort: 80` is removed.
           name: http
           protocol: TCP
-        - containerPort: 443
+        - containerPort: 8443
           # XXX: Lokomotive specific change. `hostPort: 443` is removed.
           name: https
           protocol: TCP

assets/charts/components/contour/values.yaml

@@ -3,11 +3,11 @@ monitoring:
 
 contour:
   image: docker.io/projectcontour/contour
-  tag: v1.13.1
+  tag: v1.16.0
 
 envoy:
   image: docker.io/envoyproxy/envoy
-  tag: v1.17.1
+  tag: v1.18.3
   serviceType:
   metricsScrapeInterval:
 

pkg/platform/aks/aks.go

@@ -83,7 +83,7 @@ const (
 	subscriptionIDEnv = "LOKOMOTIVE_AKS_SUBSCRIPTION_ID"
 	tenantIDEnv       = "LOKOMOTIVE_AKS_TENANT_ID"
 
-	kubernetesVersion = "1.18.17"
+	kubernetesVersion = "1.20.7"
 )
 
 // NewConfig returns new AKS platform configuration with default values set.

test/components/kubernetes/namespaces_labels_test.go

@@ -46,6 +46,11 @@ func TestAllNamespacesHaveNameLabels(t *testing.T) {
 			continue
 		}
 
+		// AKS creates this namespace which we don't label it hence ignore it.
+		if testutil.IsPlatformSupported(t, []testutil.Platform{testutil.PlatformAKS}) && name == "calico-system" {
+			continue
+		}
+
 		if name != labels[internal.NamespaceLabelKey] {
 			t.Fatalf("expected %q, got: %q", name, labels[internal.NamespaceLabelKey])
 		}