chore: add snappcloud to adopters #6056
Conversation
m-yosefpor
requested review from
tsaarni and
sunjayBhatia
and removed request for
a team
sunjayBhatia
requested review from
a team,
davinci26 and
clayton-gonsalves
and removed request for
a team
|
Hi @m-yosefpor! Welcome to our community and thank you for opening your first Pull Request. Someone will review it soon. Thank you for committing to making Contour better. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #6056 +/- ##
==========================================
+ Coverage 78.77% 78.81% +0.03%
==========================================
Files 138 138
Lines 19747 19765 +18
==========================================
+ Hits 15555 15577 +22
+ Misses 3888 3885 -3
+ Partials 304 303 -1 |
|
|
||
| 2. [Contour Global Rate Limit Operator](https://github.com/snapp-incubator/contour-global-ratelimit-operator): This project provides a Kubernetes operator that allows users to configure global ratelimits in their HTTPProxy and it configures a RLS service based on [envoyproxy/ratelimit](https://github.com/envoyproxy/ratelimit). | ||
|
|
||
| 3. [Contour Admission Webhook](https://github.com/snapp-incubator/contour-admission-webhook): This webhook facilitates the validation and mutation of Contour's HTTPProxy resources, ensuring configurations adhere to defined policies and standards. For example, it blocks creation of HTTPProxies with conflicting FQDNs, to prevent a user to invalidate other HTTPProxies in other namespaces. |
There was a problem hiding this comment.
@projectcontour/maintainers we are also finding the need to build this.
Should we bring in an implementation of this into projecontour organization? Should we open an issue for that?
There was a problem hiding this comment.
🤔 we have some examples of using Gatekeeper for this -- see https://projectcontour.io/guides/gatekeeper/ and https://github.com/projectcontour/contour/tree/main/examples/gatekeeper. I think we would also prefer to make more use of CEL validation where possible, since they don't require deploying an additional component.
That said, if there is still a need for a custom admission webhook and is something that there is shared community interest in, we could definitely look at creating a repo for it in the projectcontour org.
There was a problem hiding this comment.
let me digest that but seems really useful!
There was a problem hiding this comment.
Regarding CEL, AFAIK, CEL validation in CRDs are generally limited to the properties of the resource itself. So for HTTPProxy host FQDN conflicts, it's not possible to do so. It is possible to do it with other policy engines such as Gatekeeper and kyverno ( as it support apiCall ), however it still requires to get all HTTPProxies in all namespaces with every update on HTTPProxies. We implemented a custom webhook, so we can cache all FQDNs to avoid such heavy lookups for every operation.
There was a problem hiding this comment.
JFYI:
We're pleased to inform you about the release of the new version of our custom admission webhook. This update focuses on improving stability, making it a dependable choice for production environments. The admission webhook maintains its commitment to enforcing security standards for Contour in multi-tenant clusters.
https://github.com/snapp-incubator/contour-admission-webhook/tree/v2.0.1
skriss
added
the
release-note/none-required
There was a problem hiding this comment.
Just need to add DCO signoff to your commit per https://github.com/projectcontour/contour/pull/6056/checks?check_run_id=20191677028 -- git commit --amend --signoff && git push -f should do it.
Signed-off-by: Mohammad Yosefpor <[email protected]>
done @skriss |
Hello from SnappCloud!
We at SnappCloud are excited to share our journey with Contour and would like to be included in the list of Contour Adopters. We have successfully integrated Contour into our infrastructure and actively contribute to the open-source community by developing solutions around Contour. Our contributions include several tools and plugins enhancing Contour's functionality. We believe our experience and contributions would be a valuable addition to the Contour Adopters page.
Thank you for considering our request.