Bump github.com/projectcontour/contour from 1.27.0 to 1.28.3

[dependabot]

Bumps github.com/projectcontour/contour from 1.27.0 to 1.28.3.

Release notes

Sourced from github.com/projectcontour/contour's releases.

Contour v1.28.3

We are delighted to present version v1.28.3 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.

All Changes

Update Envoy to v1.29.3

See the release notes for v1.29.3 here.

Note that this Envoy version retains the hop-by-hop TE header when set to trailers, fixing a regression seen in v1.29.0-v1.29.2 for HTTP/2, particularly gRPC. However, this version of Contour continues to set the envoy.reloadable_features.sanitize_te Envoy runtime setting to false to ensure seamless upgrades. This runtime setting will be removed in Contour v1.29.0.

Update Go to v1.21.9

See the release notes for v1.21.9 here.

Installing and Upgrading

For a fresh install of Contour, consult the getting started documentation.

To upgrade an existing Contour installation, please consult the upgrade documentation.

Compatible Kubernetes Versions

Contour v1.28.3 is tested against Kubernetes 1.27 through 1.29.

Are you a Contour user? We would love to know!

If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread.

Contour v1.28.2

We are delighted to present version v1.28.2 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.

• All Changes
• Installing/Upgrading
• Compatible Kubernetes Versions

All Changes

Update Envoy to v1.29.2

See the release notes here.

Note that this Envoy version reverts the HTTP/2 codec back to nghttp2 from oghttp2.

Disable Envoy removing TE header

As of version v1.29.0, Envoy removes the hop-by-hop TE header. However, this causes issues with HTTP/2, particularly gRPC, with implementations expecting the header to be present (and set to trailers). Contour disables this via Envoy runtime setting and reverts to the v1.28.x and prior behavior of allowing the header to be proxied.

... (truncated)

Commits

• 27d3bc6 Update Contour Docker image to v1.28.3.
• 84594a4 v1.28.3 backports (#6332)
• 9615a5f build(deps): bump google.golang.org/grpc from 1.61.1 to 1.61.2 (#6324)
• fe96037 build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 (#6325)
• 6ff7d1e build(deps): bump github/codeql-action from 3.24.8 to 3.24.9 (#6300)
• e309b03 build(deps): bump actions/cache from 4.0.1 to 4.0.2 (#6299)
• 71ce498 Update Contour Docker image to v1.28.2.
• a807fc6 release-1.28: Disable Envoy removing TE request header (#6290)
• 91e3b45 Bump Envoy to v1.29.2 (#6289)
• eb2ef2c build(deps): bump github/codeql-action from 3.24.6 to 3.24.8 (#6284)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: area/dependency.

[dependabot]

Superseded by #80.