Setup contour to use ADS with DELTA_GRPC

Signed-off-by: David Sale <[email protected]>

examples/contour/02-job-certgen.yaml

@@ -36,18 +36,19 @@ rules:
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: contour-certgen-v1-30-1
+  name: contour-certgen-main
   namespace: projectcontour
 spec:
+  ttlSecondsAfterFinished: 0
   template:
     metadata:
       labels:
         app: "contour-certgen"
     spec:
       containers:
       - name: contour
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         command:
         - contour
         - certgen

examples/contour/03-contour.yaml

@@ -42,8 +42,8 @@ spec:
         - --contour-key-file=/certs/tls.key
         - --config-path=/config/contour.yaml
         command: ["contour"]
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         name: contour
         ports:
         - containerPort: 8001

examples/contour/03-envoy.yaml

@@ -25,8 +25,8 @@ spec:
         args:
           - envoy
           - shutdown-manager
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         lifecycle:
           preStop:
             exec:
@@ -107,8 +107,8 @@ spec:
         - --envoy-key-file=/certs/tls.key
         command:
         - contour
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         name: envoy-initconfig
         volumeMounts:
         - name: envoy-config

examples/deployment/03-envoy-deployment.yaml

@@ -37,8 +37,8 @@ spec:
           args:
             - envoy
             - shutdown-manager
-          image: ghcr.io/projectcontour/contour:v1.30.1
-          imagePullPolicy: IfNotPresent
+          image: ghcr.io/projectcontour/contour:main
+          imagePullPolicy: Always
           lifecycle:
             preStop:
               exec:

examples/gateway-provisioner/03-gateway-provisioner.yaml

@@ -22,8 +22,8 @@ spec:
         - --metrics-addr=127.0.0.1:8080
         - --enable-leader-election
         command: ["contour"]
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         name: contour-gateway-provisioner
         resources:
           requests:

examples/render/contour-deployment.yaml

@@ -8958,18 +8958,19 @@ rules:
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: contour-certgen-v1-30-1
+  name: contour-certgen-main
   namespace: projectcontour
 spec:
+  ttlSecondsAfterFinished: 0
   template:
     metadata:
       labels:
         app: "contour-certgen"
     spec:
       containers:
       - name: contour
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         command:
         - contour
         - certgen
@@ -9227,8 +9228,8 @@ spec:
         - --contour-key-file=/certs/tls.key
         - --config-path=/config/contour.yaml
         command: ["contour"]
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         name: contour
         ports:
         - containerPort: 8001
@@ -9323,8 +9324,8 @@ spec:
           args:
             - envoy
             - shutdown-manager
-          image: ghcr.io/projectcontour/contour:v1.30.1
-          imagePullPolicy: IfNotPresent
+          image: ghcr.io/projectcontour/contour:main
+          imagePullPolicy: Always
           lifecycle:
             preStop:
               exec:
@@ -9405,8 +9406,8 @@ spec:
             - --envoy-key-file=/certs/tls.key
           command:
             - contour
-          image: ghcr.io/projectcontour/contour:v1.30.1
-          imagePullPolicy: IfNotPresent
+          image: ghcr.io/projectcontour/contour:main
+          imagePullPolicy: Always
           name: envoy-initconfig
           volumeMounts:
             - name: envoy-config

examples/render/contour-gateway-provisioner.yaml

@@ -25522,8 +25522,8 @@ spec:
         - --metrics-addr=127.0.0.1:8080
         - --enable-leader-election
         command: ["contour"]
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         name: contour-gateway-provisioner
         resources:
           requests:

examples/render/contour-gateway.yaml

@@ -8774,18 +8774,19 @@ rules:
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: contour-certgen-v1-30-1
+  name: contour-certgen-main
   namespace: projectcontour
 spec:
+  ttlSecondsAfterFinished: 0
   template:
     metadata:
       labels:
         app: "contour-certgen"
     spec:
       containers:
       - name: contour
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         command:
         - contour
         - certgen
@@ -9043,8 +9044,8 @@ spec:
         - --contour-key-file=/certs/tls.key
         - --config-path=/config/contour.yaml
         command: ["contour"]
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         name: contour
         ports:
         - containerPort: 8001
@@ -9127,8 +9128,8 @@ spec:
         args:
           - envoy
           - shutdown-manager
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         lifecycle:
           preStop:
             exec:
@@ -9209,8 +9210,8 @@ spec:
         - --envoy-key-file=/certs/tls.key
         command:
         - contour
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         name: envoy-initconfig
         volumeMounts:
         - name: envoy-config

examples/render/contour.yaml

@@ -8958,18 +8958,19 @@ rules:
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: contour-certgen-v1-30-1
+  name: contour-certgen-main
   namespace: projectcontour
 spec:
+  ttlSecondsAfterFinished: 0
   template:
     metadata:
       labels:
         app: "contour-certgen"
     spec:
       containers:
       - name: contour
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         command:
         - contour
         - certgen
@@ -9227,8 +9228,8 @@ spec:
         - --contour-key-file=/certs/tls.key
         - --config-path=/config/contour.yaml
         command: ["contour"]
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         name: contour
         ports:
         - containerPort: 8001
@@ -9311,8 +9312,8 @@ spec:
         args:
           - envoy
           - shutdown-manager
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         lifecycle:
           preStop:
             exec:
@@ -9393,8 +9394,8 @@ spec:
         - --envoy-key-file=/certs/tls.key
         command:
         - contour
-        image: ghcr.io/projectcontour/contour:v1.30.1
-        imagePullPolicy: IfNotPresent
+        image: ghcr.io/projectcontour/contour:main
+        imagePullPolicy: Always
         name: envoy-initconfig
         volumeMounts:
         - name: envoy-config

internal/envoy/v3/auth.go

@@ -31,7 +31,7 @@ func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni st
 	if clientSecret != nil {
 		clientSecretConfigs = []*envoy_transport_socket_tls_v3.SdsSecretConfig{{
 			Name:      envoy.Secretname(clientSecret),
-			SdsConfig: ConfigSource("contour"),
+			SdsConfig: ConfigSource(),
 		}}
 	}
 
@@ -125,7 +125,7 @@ func DownstreamTLSContext(serverSecret *dag.Secret, tlsMinProtoVersion, tlsMaxPr
 			},
 			TlsCertificateSdsSecretConfigs: []*envoy_transport_socket_tls_v3.SdsSecretConfig{{
 				Name:      envoy.Secretname(serverSecret),
-				SdsConfig: ConfigSource("contour"),
+				SdsConfig: ConfigSource(),
 			}},
 			AlpnProtocols: alpnProtos,
 		},

internal/envoy/v3/bootstrap.go

@@ -169,7 +169,7 @@ func bootstrapConfig(c *envoy.BootstrapConfig) *envoy_config_bootstrap_v3.Bootst
 					LayerSpecifier: &envoy_config_bootstrap_v3.RuntimeLayer_RtdsLayer_{
 						RtdsLayer: &envoy_config_bootstrap_v3.RuntimeLayer_RtdsLayer{
 							Name:       DynamicRuntimeLayerName,
-							RtdsConfig: ConfigSource("contour"),
+							RtdsConfig: ConfigSource(),
 						},
 					},
 				},
@@ -187,8 +187,15 @@ func bootstrapConfig(c *envoy.BootstrapConfig) *envoy_config_bootstrap_v3.Bootst
 			},
 		},
 		DynamicResources: &envoy_config_bootstrap_v3.Bootstrap_DynamicResources{
-			LdsConfig: ConfigSource("contour"),
-			CdsConfig: ConfigSource("contour"),
+			AdsConfig: &envoy_config_core_v3.ApiConfigSource{
+				ApiType:             envoy_config_core_v3.ApiConfigSource_DELTA_GRPC,
+				TransportApiVersion: envoy_config_core_v3.ApiVersion_V3,
+				GrpcServices: []*envoy_config_core_v3.GrpcService{
+					GrpcService("contour", "", timeout.DefaultSetting()),
+				},
+			},
+			LdsConfig: ConfigSource(),
+			CdsConfig: ConfigSource(),
 		},
 		StaticResources: &envoy_config_bootstrap_v3.Bootstrap_StaticResources{
 			Clusters: []*envoy_config_cluster_v3.Cluster{{