build(deps): bump github.com/projectcontour/contour from 1.18.1 to 1.27.0

[dependabot]

Bumps github.com/projectcontour/contour from 1.18.1 to 1.27.0.

Release notes

Sourced from github.com/projectcontour/contour's releases.

Contour v1.27.0

We are delighted to present version v1.27.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.

A big thank you to everyone who contributed to the release.

Major Changes

Fix bug with algorithm used to sort Envoy regex/prefix path rules

Envoy greedy matches routes and as a result the order route matches are presented to Envoy is important. Contour attempts to produce consistent routing tables so that the most specific route matches are given preference. This is done to facilitate consistency when using HTTPProxy inclusion and provide a uniform user experience for route matching to be inline with Ingress and Gateway API Conformance.

This changes fixes the sorting algorithm used for Prefix and Regex based path matching. Previously the algorithm lexicographically sorted based on the path match string instead of sorting them based on the length of the Prefix|Regex. i.e. Longer prefix/regexes will be sorted first in order to give preference to more specific routes, then lexicographic sorting for things of the same length.

Note that for prefix matching, this change is not expected to change the relative ordering of more specific prefixes vs. less specific ones when the more specific prefix match string has the less specific one as a prefix, e.g. /foo/bar will continue to sort before /foo. However, relative ordering of other combinations of prefix matches may change per the above description.

How to update safely

Caution is advised if you update Contour and you are operating large routing tables. We advise you to:

1. Deploy a duplicate Contour installation that parses the same CRDs
2. Port-forward to the Envoy admin interface docs
3. Access http://127.0.0.1:9001/config_dump and compare the configuration of Envoy. In particular the routes and their order. The prefix routes might be changing in order, so if they are you need to verify that the route matches as expected.

(#5752, @​davinci26)

Minor Changes

Specific routes can now opt out of the virtual host's global rate limit policy

Setting rateLimitPolicy.global.disabled flag to true on a specific route now disables the global rate limit policy inherited from the virtual host for that route.

Sample Configurations

In the example below, /foo route is opted out from the global rate limit policy defined by the virtualhost.

httpproxy.yaml

apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
  name: echo
spec:
  virtualhost:
    fqdn: local.projectcontour.io
    rateLimitPolicy:
      global:
        descriptors:
          - entries:
            - remoteAddress: {}
            - genericKey:
                key: vhost
</tr></table> 

... (truncated)

Commits

• 30f317e Update Contour Docker image to v1.27.0.
• f08f1ce v1.27.0 changelog and docs (#5899)
• d208eac build(deps): bump github.com/onsi/gomega from 1.28.1 to 1.29.0 (#5902)
• 557e672 build(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#5903)
• d2d293e build(deps): bump aquasecurity/trivy-action from 0.12.0 to 0.13.0 (#5908)
• 95e8dbf build(deps): bump actions/checkout from 3 to 4 (#5907)
• 6917d85 Minor fixes to Gateway API conformance on release tag (#5894)
• 381c2c5 Run Gateway API conformance and generate report on tagged builds (#5893)
• 0036a26 fix lint issue (#5892)
• a216475 add support for endpoint slices (#5745)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)