►
From YouTube: Contour Community Meeting - July 28, 2020
Description
July 28, 2020
What have we been working on?
Integration tests running on CI jobs
Add response timeout min/max limits to the config file (https://github.com/projectcontour/contour/pull/2741)
Migration from Google groups to https://lists.cncf.io/g/cncf-contour-users
A
And
there
we
go
hello,
everyone
and
welcome
to
the
contour
community
meeting
today
is
july,
28
2020
and
we're
going
to
go
through
some
status
updates
and
then
dive
into
discussions.
A
So
let
me
show
you
my
screen
here
we
go
all
right
who
wants
to
go?
First.
B
I
can
go,
I
think,
I'm
first,
I
didn't
put
my
name
on
it,
but
the
first
one's
mine,
so
I
know
so
a
while
back
james
peach
had
done
a
lot
of
work
to
set
up
some
framework
for
some
integration
tests
and
the
idea
of
these
tests
was
to
actually
have
spin
up
a
real
kubernetes
cluster
with
a
real
envoy,
passive
configuration
and
validate
hey
does
design
void.
Do
what
we
expect
it
to
do
up
until
now,
we've
always
done
validations.
B
What
we
call
feature
tests
or
ede
tests,
and
all
we
do
is
basically
validate
the
configuration
that
we
would
send
to
envoy.
So
assuming
that
envoy
consumes
that
configuration
correctly,
you
know
it
was
a
quick,
easy
way
to
run
through
tests,
but
then
also
see
that
hey,
you
know,
given
these
these
inputs
of
services
and
secrets
and
and
ingress
resources,
all
those
different
things
does
it
produce
the
correct.
B
You
know
set
of
listeners
a
lot
of
clusters
endpoints
that
sort
of
thing,
but
since
then
you
know
we
found
some
some
cases
where
that
doesn't
do
enough,
so
that
there
are
some
times
where
even
validating
that
config
hasn't
hasn't,
found
issues
and
contoured
that
that
we've
run
into
so
so
we
have
some
of
these
tests
now.
So
part
of
my
goal
is:
I
want
to
help
expand
these
tasks.
B
I
feel
like
they're
beneficial,
for
lots
of
different
reasons
as
we
grow
contour
as
we
go
users
and
things
I
think
these
are,
these
will
be
important.
The
trade-off
is
is
that
they
take
a
long
longer
to
run
as
all
integration
tests
do
and
they
can
be
flaky
as
well.
So
what
I
did
initially
was.
I
turned
on
these
tests
to
run
on
pr's
now,
so
in
every
test.
These
will
run
through
all
those
different
ci
things.
B
So
hopefully
we
can
flush
out
some
of
those
those
you
know,
flaky
tests
or
things
like
that
that
run
into
now
before
we
generate
or
develop
too
much
of
it
and
then
have
issues
of
like
hey,
I'm
not
sure.
What's
going
on
here.
What's
going
on
there,
so
that's
all
so
if
you,
if
you
send
pr's
and
look
at
pr's
you'll,
see
them
take
a
little
longer
now.
So
those
are
those
tests
that
we're
running.
C
Steve,
do
you
have
any
sense
of
for
the
for
any
flakes
that
you're
seeing
like
what?
What
are
some
of
the
reasons
behind
this.
B
I
know
there
was
one
I
had.
I
had
an
issue
with
which
I
chatted
with
james.
He
said
it
was
a
timing
issue
where
the
container
wouldn't
come
up
in
time,
but
so
I,
since
added
it
to
we
do
so
we
use
kind
as
the
infrastructure
for
kubernetes.
B
I
mean
there's
a
way
that
you
can
side
load
images
into
that
into
that
cluster,
so,
instead
of
having
to
download
it
from
the
internet,
so
I'm
sideloading
that
in
now-
and
it
seems
like
that-
has
fixed
that
seemingly
now,
but
it
would
just
be
like
on
my
machine
I'd
run
it
it
would
work
the
next
time,
I'd
run
it
it
wouldn't.
I
know
in
travis
I
ran
it
a
few
times
and
it
was
sort
of
flaky,
but
the
last
few
that
I've
been
watching
have
been
pretty
stable.
B
B
C
Yeah
this
is
me:
I've
been
working
on
adding
configurable
minimum
and
maximum
values
for
response
timeouts.
So
the
http
proxy
allows
you
to
specify
a
per
route
response
timeout
and
also
specify
this
on
an
ingress
resource
using
annotations.
C
But
the
issue
there
is
that
you
know
individual
users
or
application
owners
could
potentially
put
response
timeouts
that
that
the
contour
the
proxy
administrator
doesn't
want
to
allow.
So
you
know
you
can
put
an
infinite
timeout
on
all
of
your
requests
or
all
of
your
responses,
which
which
may
not
be
desirable
if
there's
a
sort
of
a
centralized
proxy.
C
So
this
pr
adds
minimum
and
maximum
settings
to
the
config
file
they're
optional,
but
if
they're
specified
then
the
contour
administrator
can
say
you
know
this
is
the
valid
range
for
these
timeouts
and
any
proxy
that
specifies
a
value
outside
of
that
will
be
marked
as
invalid.
C
So
just
I
just
put
this
pr
up
a
few
minutes
ago.
It's
it's
still
in
draft
because
I'm
still
doing
some
testing.
But
you
know
I've
got
all
the
unit
tests
in
there
and
everything
and
things
look
to
be
working
correctly,
but
I
want
to
do
a
little
bit
more
testing
before
it's.
It's
really
ready
for
review.
D
Michael,
so
before
we
go
directly
to
my
item,
our
goal
is
to
to
get
the
new
release
out
in
the
next
couple
of
days.
So
I
know
a
few
folks
are
looking
into
that.
So
you
know
it
seems
that
we're
tracking
well,
so
we
should
be
able
to
cut
a
new
release
that
will
support
envoy
115
there
and
a
couple
of
changes
that
came
in.
I
don't
know
slogan.
D
Do
you
know
who
fixed
that
that
that
last
issue
that
came
in
from
on
contour
actually
find
the
ticket
number
really
quickly.
B
Yeah,
so
I
believe
james
james
did
that
that
fix,
so
there
were
two
pr's
for
that.
One
was
to
push
in
the
secret,
wasn't
getting
pulled
into
the
cache,
I
think,
and
then
there
was
a
route
filter
not
getting
added
to
the
fallback
cert
path.
So
this
has
been
merged.
Yeah
yeah.
D
And
that
will
also
make
it
to
the
to
the
release.
Sorry,
to
put
you
on
the
spot,
steve,
I
wasn't
sure
if
you
fixed
it
or
not,
so
I
only
had
the
ticket
number.
Thank
you
and
the
last
thing
is:
if
any
of
you
have
been
a
member
of
the
google
group
that
we
had
for
contour,
you
should
have
gotten
an
email
both
in
the
google
group,
as
well
as
an
invitation
to
the
new
mailing
list
that
you
have,
which
is
on
the
cncf
mailing
list.
D
So
the
new
list
is
called
cncf
contour
users.
It
has
the
same
kind
of
moderation
and
you
can
get
individual
emails.
You
can
get
digest.
You
get
to
decide
how
you
wanna
configure
it.
So
please
sign
up
to
this
list.
That's
where
we're
gonna
send
release
announcements.
That's
where
we're
gonna!
You
can
have
discussion
around
contour.
If
you
have
questions
that
you
don't
want
to
post
some
slack,
that's
another
area
to
to
have
a
discussion.
So
please
join
that,
because
the
google
group
will
not
be
used
moving
forward.
A
E
Yeah,
can
I
just
can
I
go
back
to
that
fallback
cert
thing
for
just
a
second,
so
we've
been
building
from
maine,
I'm
trying
to
use
the
new
terminology.
I
don't
know
what
the
plans
are
for
the
project
to
change
the
terminology,
but
we've
been
building
from
the
main
branch
we've
validated
that
the
curl
is
now
working
with
the
fallback
and
I've
asked
the
team
to
test
against
where
five
load
balancers,
which
can't
issue
s.
I
based
https
health
checks.
E
That's
going
to
be
another
check,
so
we're
going
to
try
and
do
that,
but
it
looks
like
the
fallback
stuff
is
getting
closer
to
working.
So
we'll
have
some
more
news
later
today.
D
A
Thank
you
any
other
questions
comments.
Any
discussion
topics
that
anyone
wants
to
bring
up
for
the
meeting
today.
F
A
quick
question
on
the
new
feature
to
limit
the
ranges
of
valid
timeout
values.
Is
this
the
case
that
you
know
an
h2
proxy
that
would
have
an
invalid
out
of
range
value
would
be
marked
as
invalid,
or
would
it
be
refused
outright
through
some
admission
control.
C
F
Okay,
and
is
there
sort
of
ongoing
discussions
about
the
mission
control
in
general
with
regards
to
to
crds
for
contour,
because
it
seems
it's
it's
getting
sort
of
out
of
sync
with
the
way
things
work
in
kubernetes
in
general,
like
I'm
thinking,
limit
range
objects
and
then
mission
control
is
sort
of
synchronous
in
the
sense
that
you
can't
even
create
those
resources,
but
now
with
contour
we
can
create
them
in
invalid
states
and
they
just
sort
of
linger
around
with
those
invalid
values.
I
wonder
if
there's
any
discussion
on
going
on
that.
B
So
I
know
those
have
come
up
before
so
some
of
the
things
that
are
frustrating
is
when
you,
when
you
submit
a
config
and
then
you
go
see,
it
doesn't
work
and
it
won't
work
and
you
check
the
status
and
you
see.
Oh,
look,
you
know
the
status
on
the
object
is
invalid.
So
there's
a
couple
things
with
that.
B
So
one
is
we're,
adding
a
condition
spec
to
the
status
field,
which
doesn't
answer
your
question,
but
that's
just
a
new
thing
that
I
know
nick
was
working
on
so
instead
of
having
just
basically
a
thumbs
up
or
thumbs
down,
we'll
be
able
to
set
a
set
of
conditions
now
of
like
hey
these
five
things
are
wrong
with
with
your
your
proxy
or
your
ingress
or
whatever,
but
part
b,
I
think
is,
is
getting
that
feedback
loop
back
to
the
user
faster,
so
things
like
you're,
mentioning
like
hey.
B
It'll
or
the
current
implementation,
if
you
set
those
things,
you
can
break
your
resources
because
when
you
set
become
invalid
and
they
they
get
thrown
out
of
of
of
contour,
so
it's
a
bad
state
to
be
in
in
terms
of
if
someone
just
you
know,
makes
a
bad
configuration,
then
all
of
a
sudden,
all
of
your
ingress
resources
go
down.
So
I
think
something
we've
talked
about
just
haven't
ever
implemented.
F
F
Context,
we,
you
know,
have
other
cases
of
validation,
we'd
like
to
implement
and
we're
considering
a
mission
control
for
that.
You
know
we
have
our
own
homebrew
way
of
delivering
tls
certificate
automatically
for
hp
proxies,
which
we
implemented
as
a
controller
that
watches
the
hp
proxies
and
you
know,
binds
the
newly
created
secret.
F
But
there's
still
this
question
of
like,
for
example,
we
have
limitations
on
the
size
of
the
fgdn,
we
can
issue
certificates
for
and
so
we're
considering
adding
validation
on
the
fqdn
length,
which
is
specific
to
our
deployment.
I
was
wondering,
if
it's
better
to
do
it
as
a
condition
in
the
status
or
you
know
flat
out
with
using
that
that
object
from
admission
control.
So
it's
sort
of
related
if
we're
introducing
these
ranges
of
values
that
are
for
for
timeouts
and
other
stuff.
A
B
I
personally
I
like
the
idea
of
having
the
the
quick
feedback.
Just
saying
hey
this,
you
try
to
apply
something
and
hey
you're,
you're
you're
breaking
some
rule
somewhere.
Somehow
you
know
I
like
that,
but
some
other
things
like
in
terms
of
knowing
contour
like
if
you're,
using
like
the
inclusion
model
or
something
you
know,
we
need
to
have
that
dag
getting
rebuilt
in
that
emission
control
or
somehow
or
getting
access
to
that
to
do
those
sort
of
checks
on
things
which
is.
B
Tricky
than
than
just
you
know,
static
checks
that
maybe
you're
describing
those
length
length,
requirements
and
stuff,
so
yeah
that'd
be
great
yeah.
If
there's
not
an
issue,
all
right,
maybe
I'll
go
find
one.
If
you
wouldn't
mind
opening
one
we
could
we
could
chat
more
about
some
of
those
use
cases
that
I
think,
would
be
great
sure
I'll.
Do
that
thanks
awesome
thanks.
E
All
right
I'll,
just
just
sorry,
I
wanted
to
chuck
in
there.
I
I
raised
a
new
issue
today
and
maybe
a
dupe,
but
it's
we
raised
an
old
issue
as
close
to
dupe,
there's
still
an
ongoing
issue,
but
it's
basically
404s
on
on
well
the
absence
of
404s
on
non-existent
urls
and
wildcards.
E
So
it
seems
like
it's
regressed,
a
little
in
1.3.
It
would
generate.
If
you
tried
to
hit
a
url
that
didn't
exist,
it
would
create
an
ssl
error,
which
is
not
super
ideal,
but
at
least
it
would,
you
know,
fail
in
the
browser,
but
now
in
one
six
it
it
doesn't
fail.
It
just
hangs
that
connection
on
a
non-existent
url.
So
ideally,
what
we'd
like
is
you
know
for
a
non-existing
url
to
for
it
to
404
as
you'd
expect,
so
just
raise
a
new
issue
on
that.
E
So
just
let
me
get
a
chance.
B
It's
two
seven,
three,
eight
thank
you
yeah,
so
I
I
I
looked
into
this.
I
have
to
see
why
why
why
it
changed?
I
know
I
know,
there's
been
a
bunch
of
work
with
refactoring
how
sni
gets
configured
and
stuff,
but
I
know
there's
a
fix
in
envoy
to
allow
us
to
set
now
a
certain
error
code
or
error
message.
Yeah,
which
would
be
great,
so
there'd,
be
a
neat
way
to
say
like
hey.
If
for
all
other
domains
that
don't
aren't
configured
then
return
this
result
or
something
yeah.
B
E
Well,
yeah,
it's
not
super
urgent,
but
it's
not
great,
but
I'll
also
have
a
look
to
see
what
I
can
see
as
well.
I
just
wanted
to
based
on
the
testing
we
did.
I
think
I
observated
all
of
our.
You
know
business
stuff
out
of
it,
but
we
did
a
fair
bit
of
testing
on
this.
B
Gotcha,
okay,
yeah
I'll,
have
to
see.
I
know
I
remember
getting
the
error
before
that.
The
ssl
error,
when
something
didn't
match
properly,
which
still
wasn't
very,
very
helpful
because,
like
android
was
working,
it
just
wasn't
working
the
way.
The
way
you
thought
it
was
not
working,
you
know
it
was
functional.
I
guess
it
just
wasn't
yeah.
It
was
just
a
bad
bad
experience
there.
So.
E
What
it
does
down
there
now
is,
it
basically
goes
through
and
it
just
it
sort
of
makes
a
connection
and
then
just
hangs.
B
Okay,
yeah:
I
can
have
a
look
and
see
see
where
so
it's
getting
hung
up
in.
A
Cool
all
right,
thank
you.
Anyone
have
anything
else
to
add.
A
All
right,
then,
we're
gonna
close
out
the
meeting
for
today.
Thank
you
all
for
joining.
Thank
you
for
the
discussions
here
have
a
fantastic
rest
of
the
week.
Everyone
and
see
you
all
next
week.