fix(deployment): upgrade contour to latest version (1.33) and update chart url (#7947)

dotansimha · n1ru4l · commit 917258d08765 · 2026-04-10T13:29:39.000+02:00
diff --git a/deployment/generate.ts b/deployment/generate.ts
@@ -32,7 +32,7 @@ async function generateVectorDevTypes() {
 }
 
 async function generateContourTypes() {
-  const helmValuesFileUrl = `https://raw.githubusercontent.com/bitnami/charts/contour/${CONTOUR_CHART.version}/bitnami/contour/values.yaml`;
+  const helmValuesFileUrl = `https://raw.githubusercontent.com/projectcontour/helm-charts/refs/tags/contour-${CONTOUR_CHART.version}/charts/contour/values.yaml`;
   const valuesFile = await fetch(helmValuesFileUrl).then(r => r.text());
 
   const valuesTempFile = fileSync();
diff --git a/deployment/utils/contour.types.ts b/deployment/utils/contour.types.ts
@@ -263,168 +263,6 @@ export interface ContourValues {
     };
     [k: string]: unknown;
   };
-  defaultBackend?: {
-    affinity?: {
-      [k: string]: unknown;
-    };
-    args?: unknown[];
-    command?: unknown[];
-    containerPorts?: {
-      http?: number;
-      [k: string]: unknown;
-    };
-    containerSecurityContext?: {
-      allowPrivilegeEscalation?: boolean;
-      capabilities?: {
-        drop?: string[];
-        [k: string]: unknown;
-      };
-      enabled?: boolean;
-      privileged?: boolean;
-      readOnlyRootFilesystem?: boolean;
-      runAsGroup?: number;
-      runAsNonRoot?: boolean;
-      runAsUser?: number;
-      seLinuxOptions?: {
-        [k: string]: unknown;
-      };
-      seccompProfile?: {
-        type?: string;
-        [k: string]: unknown;
-      };
-      [k: string]: unknown;
-    };
-    customLivenessProbe?: {
-      [k: string]: unknown;
-    };
-    customReadinessProbe?: {
-      [k: string]: unknown;
-    };
-    customStartupProbe?: {
-      [k: string]: unknown;
-    };
-    enabled?: boolean;
-    extraArgs?: {
-      [k: string]: unknown;
-    };
-    extraEnvVars?: unknown[];
-    extraEnvVarsCM?: string;
-    extraEnvVarsSecret?: string;
-    extraVolumeMounts?: unknown[];
-    extraVolumes?: unknown[];
-    hostAliases?: unknown[];
-    image?: {
-      digest?: string;
-      pullPolicy?: string;
-      pullSecrets?: unknown[];
-      registry?: string;
-      repository?: string;
-      tag?: string;
-      [k: string]: unknown;
-    };
-    initContainers?: unknown[];
-    lifecycleHooks?: {
-      [k: string]: unknown;
-    };
-    livenessProbe?: {
-      enabled?: boolean;
-      failureThreshold?: number;
-      initialDelaySeconds?: number;
-      periodSeconds?: number;
-      successThreshold?: number;
-      timeoutSeconds?: number;
-      [k: string]: unknown;
-    };
-    networkPolicy?: {
-      allowExternal?: boolean;
-      allowExternalEgress?: boolean;
-      enabled?: boolean;
-      extraEgress?: unknown[];
-      extraIngress?: unknown[];
-      ingressNSMatchLabels?: {
-        [k: string]: unknown;
-      };
-      ingressNSPodMatchLabels?: {
-        [k: string]: unknown;
-      };
-      [k: string]: unknown;
-    };
-    nodeAffinityPreset?: {
-      key?: string;
-      type?: string;
-      values?: unknown[];
-      [k: string]: unknown;
-    };
-    nodeSelector?: {
-      [k: string]: unknown;
-    };
-    pdb?: {
-      create?: boolean;
-      maxUnavailable?: string;
-      minAvailable?: string;
-      [k: string]: unknown;
-    };
-    podAffinityPreset?: string;
-    podAnnotations?: {
-      [k: string]: unknown;
-    };
-    podAntiAffinityPreset?: string;
-    podLabels?: {
-      [k: string]: unknown;
-    };
-    podSecurityContext?: {
-      enabled?: boolean;
-      fsGroup?: number;
-      fsGroupChangePolicy?: string;
-      supplementalGroups?: unknown[];
-      sysctls?: unknown[];
-      [k: string]: unknown;
-    };
-    priorityClassName?: string;
-    readinessProbe?: {
-      enabled?: boolean;
-      failureThreshold?: number;
-      initialDelaySeconds?: number;
-      periodSeconds?: number;
-      successThreshold?: number;
-      timeoutSeconds?: number;
-      [k: string]: unknown;
-    };
-    replicaCount?: number;
-    resources?: {
-      [k: string]: unknown;
-    };
-    resourcesPreset?: string;
-    schedulerName?: string;
-    service?: {
-      annotations?: {
-        [k: string]: unknown;
-      };
-      ports?: {
-        http?: number;
-        [k: string]: unknown;
-      };
-      type?: string;
-      [k: string]: unknown;
-    };
-    sidecars?: unknown[];
-    startupProbe?: {
-      enabled?: boolean;
-      failureThreshold?: number;
-      initialDelaySeconds?: number;
-      periodSeconds?: number;
-      successThreshold?: number;
-      timeoutSeconds?: number;
-      [k: string]: unknown;
-    };
-    terminationGracePeriodSeconds?: number;
-    tolerations?: unknown[];
-    topologySpreadConstraints?: unknown[];
-    updateStrategy?: {
-      [k: string]: unknown;
-    };
-    [k: string]: unknown;
-  };
   diagnosticMode?: {
     args?: number[];
     command?: string[];
@@ -485,6 +323,37 @@ export interface ContourValues {
     customStartupProbe?: {
       [k: string]: unknown;
     };
+    defaultInitContainers?: {
+      initConfig?: {
+        containerSecurityContext?: {
+          allowPrivilegeEscalation?: boolean;
+          capabilities?: {
+            drop?: string[];
+            [k: string]: unknown;
+          };
+          enabled?: boolean;
+          privileged?: boolean;
+          readOnlyRootFilesystem?: boolean;
+          runAsGroup?: number;
+          runAsNonRoot?: boolean;
+          runAsUser?: number;
+          seLinuxOptions?: {
+            [k: string]: unknown;
+          };
+          seccompProfile?: {
+            type?: string;
+            [k: string]: unknown;
+          };
+          [k: string]: unknown;
+        };
+        resources?: {
+          [k: string]: unknown;
+        };
+        resourcesPreset?: string;
+        [k: string]: unknown;
+      };
+      [k: string]: unknown;
+    };
     dnsPolicy?: string;
     enabled?: boolean;
     extraArgs?: unknown[];
@@ -516,30 +385,6 @@ export interface ContourValues {
       tag?: string;
       [k: string]: unknown;
     };
-    initConfig?: {
-      containerSecurityContext?: {
-        allowPrivilegeEscalation?: boolean;
-        capabilities?: {
-          drop?: string[];
-          [k: string]: unknown;
-        };
-        enabled?: boolean;
-        privileged?: boolean;
-        readOnlyRootFilesystem?: boolean;
-        runAsGroup?: number;
-        runAsNonRoot?: boolean;
-        runAsUser?: number;
-        seLinuxOptions?: {
-          [k: string]: unknown;
-        };
-        seccompProfile?: {
-          type?: string;
-          [k: string]: unknown;
-        };
-        [k: string]: unknown;
-      };
-      [k: string]: unknown;
-    };
     initContainers?: unknown[];
     kind?: string;
     lifecycleHooks?: {
@@ -796,34 +641,9 @@ export interface ContourValues {
     defaultStorageClass?: string;
     imagePullSecrets?: unknown[];
     imageRegistry?: string;
-    security?: {
-      allowInsecureImages?: boolean;
-      [k: string]: unknown;
-    };
     storageClass?: string;
     [k: string]: unknown;
   };
-  ingress?: {
-    annotations?: {
-      [k: string]: unknown;
-    };
-    apiVersion?: string;
-    certManager?: boolean;
-    enabled?: boolean;
-    extraHosts?: unknown[];
-    extraPaths?: unknown[];
-    extraRules?: unknown[];
-    extraTls?: unknown[];
-    hostname?: string;
-    ingressClassName?: string;
-    path?: string;
-    pathType?: string;
-    rulesOverride?: unknown[];
-    secrets?: unknown[];
-    selfSigned?: boolean;
-    tls?: boolean;
-    [k: string]: unknown;
-  };
   kubeVersion?: string;
   metrics?: {
     prometheusRule?: {
diff --git a/deployment/utils/reverse-proxy.ts b/deployment/utils/reverse-proxy.ts
@@ -4,7 +4,7 @@ import { ContourValues } from './contour.types';
 import { helmChart } from './helm';
 
 // prettier-ignore
-export const CONTOUR_CHART = helmChart('https://raw.githubusercontent.com/bitnami/charts/refs/heads/index/bitnami/', 'contour', '20.0.3');
+export const CONTOUR_CHART = helmChart('https://projectcontour.github.io/helm-charts/', 'contour', '0.4.0');
 
 export class Proxy {
   private lbService: Output<k8s.core.v1.Service> | null = null;
@@ -91,22 +91,6 @@ export class Proxy {
         | 'RequestHash'
         | 'Cookie';
       customRewrite?: string;
-      virtualHost?: Output<string>;
-      httpsUpstream?: boolean;
-      withWwwDomain?: boolean;
-      // https://projectcontour.io/docs/1.29/config/rate-limiting/#local-rate-limiting
-      rateLimit?: {
-        // Max amount of request allowed with the "unit" parameter.
-        maxRequests: number;
-        unit: 'second' | 'minute' | 'hour';
-        // defining the number of requests above the baseline rate that are allowed in a short period of time.
-        // This would allow occasional larger bursts of traffic not to be rate limited.
-        burst?: number;
-        // default 429
-        responseStatusCode?: number;
-        // headers to add to the response in case of a rate limit
-        responseHeadersToAdd?: Record<string, string>;
-      };
     }[],
   ) {
     const cert = new k8s.apiextensions.CustomResource(`cert-${dns.record}`, {
@@ -159,32 +143,10 @@ export class Proxy {
                 port: route.service.spec.ports[0].port,
               },
             ],
-            // https://projectcontour.io/docs/1.31/config/request-routing/
+            // https://projectcontour.io/docs/1.33/config/request-routing/
             loadBalancerPolicy: {
               strategy: route.loadBalancerPolicy ?? 'RoundRobin',
             },
-            // https://projectcontour.io/docs/1.29/config/rate-limiting/#local-rate-limiting
-            rateLimitPolicy: route.rateLimit
-              ? {
-                  local: {
-                    requests: route.rateLimit.maxRequests,
-                    unit: route.rateLimit.unit,
-                    responseHeadersToAdd: [
-                      {
-                        name: 'x-rate-limit-active',
-                        value: 'true',
-                      },
-                      ...(route.rateLimit.responseHeadersToAdd
-                        ? Object.entries(route.rateLimit.responseHeadersToAdd).map(
-                            ([key, value]) => ({ name: key, value }),
-                          )
-                        : []),
-                    ],
-                    responseStatusCode: route.rateLimit.responseStatusCode || 429,
-                    burst: route.rateLimit.burst,
-                  },
-                }
-              : undefined,
             ...(route.path === '/'
               ? {}
               : {
@@ -318,16 +280,7 @@ export class Proxy {
             }
           : {}),
       },
-      // Needed because we override the `contour.image.repository` field.
-      global: {
-        security: {
-          allowInsecureImages: true,
-        },
-      },
       contour: {
-        image: {
-          repository: 'bitnamilegacy/contour',
-        },
         podAnnotations: {
           'prometheus.io/scrape': 'true',
           'prometheus.io/port': '8000',
@@ -337,14 +290,13 @@ export class Proxy {
         podLabels: {
           'vector.dev/exclude': 'true',
         },
+        // Placeholder, see below
         resources: {
           limits: {},
         },
       },
       envoy: {
-        image: {
-          repository: 'bitnamilegacy/envoy',
-        },
+        // Placeholder, see below
         resources: {
           limits: {},
         },
@@ -386,7 +338,7 @@ export class Proxy {
     const proxyController = new k8s.helm.v3.Chart('contour-proxy', {
       ...CONTOUR_CHART,
       namespace: ns.metadata.name,
-      // https://github.com/bitnami/charts/tree/master/bitnami/contour
+      // https://artifacthub.io/packages/helm/contour/contour
       values: chartValues,
     });
 

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ async function generateVectorDevTypes() {`
`32`	`32`	`}`
`33`	`33`
`34`	`34`	`async function generateContourTypes() {`
`35`		- const helmValuesFileUrl = `https://raw.githubusercontent.com/bitnami/charts/contour/${CONTOUR_CHART.version}/bitnami/contour/values.yaml`;
	`35`	+ const helmValuesFileUrl = `https://raw.githubusercontent.com/projectcontour/helm-charts/refs/tags/contour-${CONTOUR_CHART.version}/charts/contour/values.yaml`;
`36`	`36`	`const valuesFile = await fetch(helmValuesFileUrl).then(r => r.text());`
`37`	`37`
`38`	`38`	`const valuesTempFile = fileSync();`