diff --git a/deployment/generate.ts b/deployment/generate.ts index e059a4363..ce15a0458 100755 --- a/deployment/generate.ts +++ b/deployment/generate.ts @@ -32,7 +32,7 @@ async function generateVectorDevTypes() { } async function generateContourTypes() { - const helmValuesFileUrl = `https://raw.githubusercontent.com/bitnami/charts/contour/${CONTOUR_CHART.version}/bitnami/contour/values.yaml`; + const helmValuesFileUrl = `https://raw.githubusercontent.com/projectcontour/helm-charts/refs/tags/contour-${CONTOUR_CHART.version}/charts/contour/values.yaml`; const valuesFile = await fetch(helmValuesFileUrl).then(r => r.text()); const valuesTempFile = fileSync(); diff --git a/deployment/utils/contour.types.ts b/deployment/utils/contour.types.ts index 34db233f0..c503675c9 100644 --- a/deployment/utils/contour.types.ts +++ b/deployment/utils/contour.types.ts @@ -263,168 +263,6 @@ export interface ContourValues { }; [k: string]: unknown; }; - defaultBackend?: { - affinity?: { - [k: string]: unknown; - }; - args?: unknown[]; - command?: unknown[]; - containerPorts?: { - http?: number; - [k: string]: unknown; - }; - containerSecurityContext?: { - allowPrivilegeEscalation?: boolean; - capabilities?: { - drop?: string[]; - [k: string]: unknown; - }; - enabled?: boolean; - privileged?: boolean; - readOnlyRootFilesystem?: boolean; - runAsGroup?: number; - runAsNonRoot?: boolean; - runAsUser?: number; - seLinuxOptions?: { - [k: string]: unknown; - }; - seccompProfile?: { - type?: string; - [k: string]: unknown; - }; - [k: string]: unknown; - }; - customLivenessProbe?: { - [k: string]: unknown; - }; - customReadinessProbe?: { - [k: string]: unknown; - }; - customStartupProbe?: { - [k: string]: unknown; - }; - enabled?: boolean; - extraArgs?: { - [k: string]: unknown; - }; - extraEnvVars?: unknown[]; - extraEnvVarsCM?: string; - extraEnvVarsSecret?: string; - extraVolumeMounts?: unknown[]; - extraVolumes?: unknown[]; - hostAliases?: unknown[]; - image?: { - digest?: string; - pullPolicy?: string; - pullSecrets?: unknown[]; - registry?: string; - repository?: string; - tag?: string; - [k: string]: unknown; - }; - initContainers?: unknown[]; - lifecycleHooks?: { - [k: string]: unknown; - }; - livenessProbe?: { - enabled?: boolean; - failureThreshold?: number; - initialDelaySeconds?: number; - periodSeconds?: number; - successThreshold?: number; - timeoutSeconds?: number; - [k: string]: unknown; - }; - networkPolicy?: { - allowExternal?: boolean; - allowExternalEgress?: boolean; - enabled?: boolean; - extraEgress?: unknown[]; - extraIngress?: unknown[]; - ingressNSMatchLabels?: { - [k: string]: unknown; - }; - ingressNSPodMatchLabels?: { - [k: string]: unknown; - }; - [k: string]: unknown; - }; - nodeAffinityPreset?: { - key?: string; - type?: string; - values?: unknown[]; - [k: string]: unknown; - }; - nodeSelector?: { - [k: string]: unknown; - }; - pdb?: { - create?: boolean; - maxUnavailable?: string; - minAvailable?: string; - [k: string]: unknown; - }; - podAffinityPreset?: string; - podAnnotations?: { - [k: string]: unknown; - }; - podAntiAffinityPreset?: string; - podLabels?: { - [k: string]: unknown; - }; - podSecurityContext?: { - enabled?: boolean; - fsGroup?: number; - fsGroupChangePolicy?: string; - supplementalGroups?: unknown[]; - sysctls?: unknown[]; - [k: string]: unknown; - }; - priorityClassName?: string; - readinessProbe?: { - enabled?: boolean; - failureThreshold?: number; - initialDelaySeconds?: number; - periodSeconds?: number; - successThreshold?: number; - timeoutSeconds?: number; - [k: string]: unknown; - }; - replicaCount?: number; - resources?: { - [k: string]: unknown; - }; - resourcesPreset?: string; - schedulerName?: string; - service?: { - annotations?: { - [k: string]: unknown; - }; - ports?: { - http?: number; - [k: string]: unknown; - }; - type?: string; - [k: string]: unknown; - }; - sidecars?: unknown[]; - startupProbe?: { - enabled?: boolean; - failureThreshold?: number; - initialDelaySeconds?: number; - periodSeconds?: number; - successThreshold?: number; - timeoutSeconds?: number; - [k: string]: unknown; - }; - terminationGracePeriodSeconds?: number; - tolerations?: unknown[]; - topologySpreadConstraints?: unknown[]; - updateStrategy?: { - [k: string]: unknown; - }; - [k: string]: unknown; - }; diagnosticMode?: { args?: number[]; command?: string[]; @@ -485,6 +323,37 @@ export interface ContourValues { customStartupProbe?: { [k: string]: unknown; }; + defaultInitContainers?: { + initConfig?: { + containerSecurityContext?: { + allowPrivilegeEscalation?: boolean; + capabilities?: { + drop?: string[]; + [k: string]: unknown; + }; + enabled?: boolean; + privileged?: boolean; + readOnlyRootFilesystem?: boolean; + runAsGroup?: number; + runAsNonRoot?: boolean; + runAsUser?: number; + seLinuxOptions?: { + [k: string]: unknown; + }; + seccompProfile?: { + type?: string; + [k: string]: unknown; + }; + [k: string]: unknown; + }; + resources?: { + [k: string]: unknown; + }; + resourcesPreset?: string; + [k: string]: unknown; + }; + [k: string]: unknown; + }; dnsPolicy?: string; enabled?: boolean; extraArgs?: unknown[]; @@ -516,30 +385,6 @@ export interface ContourValues { tag?: string; [k: string]: unknown; }; - initConfig?: { - containerSecurityContext?: { - allowPrivilegeEscalation?: boolean; - capabilities?: { - drop?: string[]; - [k: string]: unknown; - }; - enabled?: boolean; - privileged?: boolean; - readOnlyRootFilesystem?: boolean; - runAsGroup?: number; - runAsNonRoot?: boolean; - runAsUser?: number; - seLinuxOptions?: { - [k: string]: unknown; - }; - seccompProfile?: { - type?: string; - [k: string]: unknown; - }; - [k: string]: unknown; - }; - [k: string]: unknown; - }; initContainers?: unknown[]; kind?: string; lifecycleHooks?: { @@ -796,34 +641,9 @@ export interface ContourValues { defaultStorageClass?: string; imagePullSecrets?: unknown[]; imageRegistry?: string; - security?: { - allowInsecureImages?: boolean; - [k: string]: unknown; - }; storageClass?: string; [k: string]: unknown; }; - ingress?: { - annotations?: { - [k: string]: unknown; - }; - apiVersion?: string; - certManager?: boolean; - enabled?: boolean; - extraHosts?: unknown[]; - extraPaths?: unknown[]; - extraRules?: unknown[]; - extraTls?: unknown[]; - hostname?: string; - ingressClassName?: string; - path?: string; - pathType?: string; - rulesOverride?: unknown[]; - secrets?: unknown[]; - selfSigned?: boolean; - tls?: boolean; - [k: string]: unknown; - }; kubeVersion?: string; metrics?: { prometheusRule?: { diff --git a/deployment/utils/reverse-proxy.ts b/deployment/utils/reverse-proxy.ts index ad76da27d..fc2cc7620 100644 --- a/deployment/utils/reverse-proxy.ts +++ b/deployment/utils/reverse-proxy.ts @@ -4,7 +4,7 @@ import { ContourValues } from './contour.types'; import { helmChart } from './helm'; // prettier-ignore -export const CONTOUR_CHART = helmChart('https://raw.githubusercontent.com/bitnami/charts/refs/heads/index/bitnami/', 'contour', '20.0.3'); +export const CONTOUR_CHART = helmChart('https://projectcontour.github.io/helm-charts/', 'contour', '0.4.0'); export class Proxy { private lbService: Output | null = null; @@ -91,22 +91,6 @@ export class Proxy { | 'RequestHash' | 'Cookie'; customRewrite?: string; - virtualHost?: Output; - httpsUpstream?: boolean; - withWwwDomain?: boolean; - // https://projectcontour.io/docs/1.29/config/rate-limiting/#local-rate-limiting - rateLimit?: { - // Max amount of request allowed with the "unit" parameter. - maxRequests: number; - unit: 'second' | 'minute' | 'hour'; - // defining the number of requests above the baseline rate that are allowed in a short period of time. - // This would allow occasional larger bursts of traffic not to be rate limited. - burst?: number; - // default 429 - responseStatusCode?: number; - // headers to add to the response in case of a rate limit - responseHeadersToAdd?: Record; - }; }[], ) { const cert = new k8s.apiextensions.CustomResource(`cert-${dns.record}`, { @@ -159,32 +143,10 @@ export class Proxy { port: route.service.spec.ports[0].port, }, ], - // https://projectcontour.io/docs/1.31/config/request-routing/ + // https://projectcontour.io/docs/1.33/config/request-routing/ loadBalancerPolicy: { strategy: route.loadBalancerPolicy ?? 'RoundRobin', }, - // https://projectcontour.io/docs/1.29/config/rate-limiting/#local-rate-limiting - rateLimitPolicy: route.rateLimit - ? { - local: { - requests: route.rateLimit.maxRequests, - unit: route.rateLimit.unit, - responseHeadersToAdd: [ - { - name: 'x-rate-limit-active', - value: 'true', - }, - ...(route.rateLimit.responseHeadersToAdd - ? Object.entries(route.rateLimit.responseHeadersToAdd).map( - ([key, value]) => ({ name: key, value }), - ) - : []), - ], - responseStatusCode: route.rateLimit.responseStatusCode || 429, - burst: route.rateLimit.burst, - }, - } - : undefined, ...(route.path === '/' ? {} : { @@ -318,16 +280,7 @@ export class Proxy { } : {}), }, - // Needed because we override the `contour.image.repository` field. - global: { - security: { - allowInsecureImages: true, - }, - }, contour: { - image: { - repository: 'bitnamilegacy/contour', - }, podAnnotations: { 'prometheus.io/scrape': 'true', 'prometheus.io/port': '8000', @@ -337,14 +290,13 @@ export class Proxy { podLabels: { 'vector.dev/exclude': 'true', }, + // Placeholder, see below resources: { limits: {}, }, }, envoy: { - image: { - repository: 'bitnamilegacy/envoy', - }, + // Placeholder, see below resources: { limits: {}, }, @@ -386,7 +338,7 @@ export class Proxy { const proxyController = new k8s.helm.v3.Chart('contour-proxy', { ...CONTOUR_CHART, namespace: ns.metadata.name, - // https://github.com/bitnami/charts/tree/master/bitnami/contour + // https://artifacthub.io/packages/helm/contour/contour values: chartValues, });