Benoit Gagnon

As a workaround, can this be achieved by removing Contour’s RBAC permission to read/list/watch Ingress objects?

We've neutralized the `Ingress` object in our clusters in two ways: * blocking Contour from seeing any `Ingress` objects, via RBAC * enforcing a `ResourceQuota` of `max: 0` objects of...

This issue should be revised to disable Ingress and/or IngressRoute objects. This lets an operator support _only_ HTTPProxy objects.

My only concern is that custom Secret types are not really an established practice in the K8S ecosystem. In fact, even the tls/non-tls dichotomy is mostly convention since ultimately, only...

PROXY support for upstream sockets (envoyproxy/envoy#1031) has now landed in Envoy (envoyproxy/envoy#12762).

Thanks @youngnick! The first low-hanging fruit I see is to integrate the [grpc-ecosystem/go-grpc-prometheus](https://github.com/grpc-ecosystem/go-grpc-prometheus) middleware into Contour. There is very little code to write to instrument the server: https://github.com/grpc-ecosystem/go-grpc-prometheus#server-side. The list...

We have an extra requirement that makes this even more niche: the CIDRs for the tags are changing often enough in our network that we need to automatically refresh this...

We're using the Contour API via [kubernetes-sigs/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) and have been mostly fine: ```go ingressroutev1b1.AddKnownTypes(mgr.GetScheme()) projectcontour.AddKnownTypes(mgr.GetScheme()) ``` ... ```go ctrl.NewControllerManagedBy(mgr). For(&projectcontour.HTTPProxy{}). Owns(&v1.Secret{}). Complete(...) ``` But the idea of an official Contour...

There are metrics on the Envoy side for xDS versions: * `envoy_http_rds_version` * `envoy_cluster_manager_cds_version` * `envoy_listener_manager_lds_version` Assuming Contour has some level of control on the versions of the xDS objects,...