►
From YouTube: Contour Community Meeting - July 28, 2020
Description
July 28, 2020
What have we been working on?
Integration tests running on CI jobs
Add response timeout min/max limits to the config file (https://github.com/projectcontour/contour/pull/2741)
Migration from Google groups to https://lists.cncf.io/g/cncf-contour-users
B
I
can
go,
I
think,
I'm
first,
I
didn't
put
my
name
on
it,
but
the
first
one's
mine,
so
I
know
so
a
while
back
james
peach
had
done
a
lot
of
work
to
set
up
some
framework
for
some
integration
tests
and
the
idea
of
these
tests
was
to
actually
have
spin
up
a
real
kubernetes
cluster
with
a
real
envoy,
passive
configuration
and
validate
hey
does
design
void.
Do
what
we
expect
it
to
do
up
until
now,
we've
always
done
validations.
B
What
we
call
feature
tests
or
ede
tests,
and
all
we
do
is
basically
validate
the
configuration
that
we
would
send
to
envoy.
So
assuming
that
envoy
consumes
that
configuration
correctly,
you
know
it
was
a
quick,
easy
way
to
run
through
tests,
but
then
also
see
that
hey,
you
know,
given
these
these
inputs
of
services
and
secrets
and
and
ingress
resources,
all
those
different
things
does
it
produce
the
correct.
B
You
know
set
of
listeners
a
lot
of
clusters
endpoints
that
sort
of
thing,
but
since
then
you
know
we
found
some
some
cases
where
that
doesn't
do
enough,
so
that
there
are
some
times
where
even
validating
that
config
hasn't
hasn't,
found
issues
and
contoured
that
that
we've
run
into
so
so
we
have
some
of
these
tests
now.
So
part
of
my
goal
is:
I
want
to
help
expand
these
tasks.
B
I
feel
like
they're
beneficial,
for
lots
of
different
reasons
as
we
grow
contour
as
we
go
users
and
things
I
think
these
are,
these
will
be
important.
The
trade-off
is
is
that
they
take
a
long
longer
to
run
as
all
integration
tests
do
and
they
can
be
flaky
as
well.
So
what
I
did
initially
was.
I
turned
on
these
tests
to
run
on
pr's
now,
so
in
every
test.
These
will
run
through
all
those
different
ci
things.
B
So
hopefully
we
can
flush
out
some
of
those
those
you
know,
flaky
tests
or
things
like
that
that
run
into
now
before
we
generate
or
develop
too
much
of
it
and
then
have
issues
of
like
hey,
I'm
not
sure.
What's
going
on
here.
What's
going
on
there,
so
that's
all
so
if
you,
if
you
send
pr's
and
look
at
pr's
you'll,
see
them
take
a
little
longer
now.
So
those
are
those
tests
that
we're
running.
C
B
B
I
mean
there's
a
way
that
you
can
side
load
images
into
that
into
that
cluster,
so,
instead
of
having
to
download
it
from
the
internet,
so
I'm
sideloading
that
in
now-
and
it
seems
like
that-
has
fixed
that
seemingly
now,
but
it
would
just
be
like
on
my
machine
I'd
run
it
it
would
work
the
next
time,
I'd
run
it
it
wouldn't.
I
know
in
travis
I
ran
it
a
few
times
and
it
was
sort
of
flaky,
but
the
last
few
that
I've
been
watching
have
been
pretty
stable.
B
B
C
C
But
the
issue
there
is
that
you
know
individual
users
or
application
owners
could
potentially
put
response
timeouts
that
that
the
contour
the
proxy
administrator
doesn't
want
to
allow.
So
you
know
you
can
put
an
infinite
timeout
on
all
of
your
requests
or
all
of
your
responses,
which
which
may
not
be
desirable
if
there's
a
sort
of
a
centralized
proxy.
C
So
just
I
just
put
this
pr
up
a
few
minutes
ago.
It's
it's
still
in
draft
because
I'm
still
doing
some
testing.
But
you
know
I've
got
all
the
unit
tests
in
there
and
everything
and
things
look
to
be
working
correctly,
but
I
want
to
do
a
little
bit
more
testing
before
it's.
It's
really
ready
for
review.
D
Michael,
so
before
we
go
directly
to
my
item,
our
goal
is
to
to
get
the
new
release
out
in
the
next
couple
of
days.
So
I
know
a
few
folks
are
looking
into
that.
So
you
know
it
seems
that
we're
tracking
well,
so
we
should
be
able
to
cut
a
new
release
that
will
support
envoy
115
there
and
a
couple
of
changes
that
came
in.
I
don't
know
slogan.
B
D
And
that
will
also
make
it
to
the
to
the
release.
Sorry,
to
put
you
on
the
spot,
steve,
I
wasn't
sure
if
you
fixed
it
or
not,
so
I
only
had
the
ticket
number.
Thank
you
and
the
last
thing
is:
if
any
of
you
have
been
a
member
of
the
google
group
that
we
had
for
contour,
you
should
have
gotten
an
email
both
in
the
google
group,
as
well
as
an
invitation
to
the
new
mailing
list
that
you
have,
which
is
on
the
cncf
mailing
list.
D
So
the
new
list
is
called
cncf
contour
users.
It
has
the
same
kind
of
moderation
and
you
can
get
individual
emails.
You
can
get
digest.
You
get
to
decide
how
you
wanna
configure
it.
So
please
sign
up
to
this
list.
That's
where
we're
gonna
send
release
announcements.
That's
where
we're
gonna!
You
can
have
discussion
around
contour.
If
you
have
questions
that
you
don't
want
to
post
some
slack,
that's
another
area
to
to
have
a
discussion.
So
please
join
that,
because
the
google
group
will
not
be
used
moving
forward.
A
E
Yeah,
can
I
just
can
I
go
back
to
that
fallback
cert
thing
for
just
a
second,
so
we've
been
building
from
maine,
I'm
trying
to
use
the
new
terminology.
I
don't
know
what
the
plans
are
for
the
project
to
change
the
terminology,
but
we've
been
building
from
the
main
branch
we've
validated
that
the
curl
is
now
working
with
the
fallback
and
I've
asked
the
team
to
test
against
where
five
load
balancers,
which
can't
issue
s.
I
based
https
health
checks.
E
D
A
F
F
Okay,
and
is
there
sort
of
ongoing
discussions
about
the
mission
control
in
general
with
regards
to
to
crds
for
contour,
because
it
seems
it's
it's
getting
sort
of
out
of
sync
with
the
way
things
work
in
kubernetes
in
general,
like
I'm
thinking,
limit
range
objects
and
then
mission
control
is
sort
of
synchronous
in
the
sense
that
you
can't
even
create
those
resources,
but
now
with
contour
we
can
create
them
in
invalid
states
and
they
just
sort
of
linger
around
with
those
invalid
values.
I
wonder
if
there's
any
discussion
on
going
on
that.
B
So
I
know
those
have
come
up
before
so
some
of
the
things
that
are
frustrating
is
when
you,
when
you
submit
a
config
and
then
you
go
see,
it
doesn't
work
and
it
won't
work
and
you
check
the
status
and
you
see.
Oh,
look,
you
know
the
status
on
the
object
is
invalid.
So
there's
a
couple
things
with
that.
B
It'll
or
the
current
implementation,
if
you
set
those
things,
you
can
break
your
resources
because
when
you
set
become
invalid
and
they
they
get
thrown
out
of
of
of
contour,
so
it's
a
bad
state
to
be
in
in
terms
of
if
someone
just
you
know,
makes
a
bad
configuration,
then
all
of
a
sudden,
all
of
your
ingress
resources
go
down.
So
I
think
something
we've
talked
about
just
haven't
ever
implemented.
F
F
Context,
we,
you
know,
have
other
cases
of
validation,
we'd
like
to
implement
and
we're
considering
a
mission
control
for
that.
You
know
we
have
our
own
homebrew
way
of
delivering
tls
certificate
automatically
for
hp
proxies,
which
we
implemented
as
a
controller
that
watches
the
hp
proxies
and
you
know,
binds
the
newly
created
secret.
F
But
there's
still
this
question
of
like,
for
example,
we
have
limitations
on
the
size
of
the
fgdn,
we
can
issue
certificates
for
and
so
we're
considering
adding
validation
on
the
fqdn
length,
which
is
specific
to
our
deployment.
I
was
wondering,
if
it's
better
to
do
it
as
a
condition
in
the
status
or
you
know
flat
out
with
using
that
that
object
from
admission
control.
So
it's
sort
of
related
if
we're
introducing
these
ranges
of
values
that
are
for
for
timeouts
and
other
stuff.
A
B
I
personally
I
like
the
idea
of
having
the
the
quick
feedback.
Just
saying
hey
this,
you
try
to
apply
something
and
hey
you're,
you're
you're
breaking
some
rule
somewhere.
Somehow
you
know
I
like
that,
but
some
other
things
like
in
terms
of
knowing
contour
like
if
you're,
using
like
the
inclusion
model
or
something
you
know,
we
need
to
have
that
dag
getting
rebuilt
in
that
emission
control
or
somehow
or
getting
access
to
that
to
do
those
sort
of
checks
on
things
which
is.
B
Tricky
than
than
just
you
know,
static
checks
that
maybe
you're
describing
those
length
length,
requirements
and
stuff,
so
yeah
that'd
be
great
yeah.
If
there's
not
an
issue,
all
right,
maybe
I'll
go
find
one.
If
you
wouldn't
mind
opening
one
we
could
we
could
chat
more
about
some
of
those
use
cases
that
I
think,
would
be
great
sure
I'll.
Do
that
thanks
awesome
thanks.
E
E
So
it
seems
like
it's
regressed,
a
little
in
1.3.
It
would
generate.
If
you
tried
to
hit
a
url
that
didn't
exist,
it
would
create
an
ssl
error,
which
is
not
super
ideal,
but
at
least
it
would,
you
know,
fail
in
the
browser,
but
now
in
one
six
it
it
doesn't
fail.
It
just
hangs
that
connection
on
a
non-existent
url.
So
ideally,
what
we'd
like
is
you
know
for
a
non-existing
url
to
for
it
to
404
as
you'd
expect,
so
just
raise
a
new
issue
on
that.
B
It's
two
seven,
three,
eight
thank
you
yeah,
so
I
I
I
looked
into
this.
I
have
to
see
why
why
why
it
changed?
I
know
I
know,
there's
been
a
bunch
of
work
with
refactoring
how
sni
gets
configured
and
stuff,
but
I
know
there's
a
fix
in
envoy
to
allow
us
to
set
now
a
certain
error
code
or
error
message.
Yeah,
which
would
be
great,
so
there'd,
be
a
neat
way
to
say
like
hey.
If
for
all
other
domains
that
don't
aren't
configured
then
return
this
result
or
something
yeah.
B
E
B
Gotcha,
okay,
yeah
I'll,
have
to
see.
I
know
I
remember
getting
the
error
before
that.
The
ssl
error,
when
something
didn't
match
properly,
which
still
wasn't
very,
very
helpful
because,
like
android
was
working,
it
just
wasn't
working
the
way.
The
way
you
thought
it
was
not
working,
you
know
it
was
functional.
I
guess
it
just
wasn't
yeah.
It
was
just
a
bad
bad
experience
there.
So.