projectcontour · jsoref · Oct 15, 2024 · Oct 15, 2024 · Oct 15, 2024 · Oct 15, 2024
@@ -4,7 +4,7 @@ Thanks for taking the time to join our community and start contributing.
 These guidelines will help you get started with the Contour project.
 Please note that we require [DCO sign off](#dco-sign-off).
 
-Read this document for additional website specific guildlines: [Site Contribution Guidelines](/SITE_CONTRIBUTION.md).
+Read this document for additional website specific guidelines: [Site Contribution Guidelines](/SITE_CONTRIBUTION.md).
 Guidelines in this document still apply to website contributions.
 
 If you want to get more insight into how the Contour maintainer team approaches R&D, this [page](https://projectcontour.io/resources/how-we-work/) captures how we work on Contour.
@@ -63,7 +63,7 @@ This section describes how to build Contour from source.
     brew install go
     ```
 
-4. (Optional for MacOS) [Docker Mac Net Connect](https://github.com/chipmk/docker-mac-net-connect) to connect directly to Docker-for-Mac containers via IP address.
+4. (Optional for macOS) [Docker Mac Net Connect](https://github.com/chipmk/docker-mac-net-connect) to connect directly to Docker-for-Mac containers via IP address.
 
     See installation instructions [here](https://github.com/chipmk/docker-mac-net-connect?tab=readme-ov-file#installation)
 
@@ -126,15 +126,15 @@ To remove the Kind cluster and all resources, run:
 make cleanup-kind
 ```
 
-#### MacOS
+#### macOS
 
 Both `install-contour-working` and `install-provisioner-working` configure [MetalLB](https://metallb.universe.tf/) to setup a local LoadBalancer Service that can be accessed on the Docker network.
-On Linux, you are able to directly reach IPs on the Docker network, but on MacOS the docker network is not directly accessible on the host.
+On Linux, you are able to directly reach IPs on the Docker network, but on macOS the docker network is not directly accessible on the host.
 
 As a workaround to this problem, [Docker Mac Net Connect](https://github.com/chipmk/docker-mac-net-connect) can be installed to setup a tunnel between your host and the Docker Desktop Linux VM (see [here](https://github.com/chipmk/docker-mac-net-connect?tab=readme-ov-file#how-does-it-work) for more info on how this works).
 To setup follow the [readme installation instructions](https://github.com/chipmk/docker-mac-net-connect?tab=readme-ov-file#installation).
 
-Once it is setup, you are able to create the kind cluster using the above instructions. If you have issues with connecting to the MetalLB IP try to restart the Docker Engine or make sure there is an HTTProxy deployed on your kind cluster so the Contour listener is created.
+Once it is setup, you are able to create the kind cluster using the above instructions. If you have issues with connecting to the MetalLB IP try to restart the Docker Engine or make sure there is an HTTPProxy deployed on your kind cluster so the Contour listener is created.
 
 ### Pre-submit checks
 
@@ -255,7 +255,7 @@ In addition, the meeting will be used to go over untriaged issues, longer-term i
 - Use the imperative mood (ie "If applied, this commit will (subject)" should make sense).
 - There must be a DCO line ("Signed-off-by: David Cheney <[email protected]>"), see [DCO Sign Off](#dco-sign-off) below.
 - Do not merge commits that don't relate to the affected issue (e.g. "Updating from PR comments", etc). Should
-the need to cherrypick a commit or rollback arise, it should be clear what a specific commit's purpose is.
+the need to cherry-pick a commit or rollback arise, it should be clear what a specific commit's purpose is.
 - Put a summary of the main area affected by the commit at the start,
 with a colon as delimiter. For example 'docs:', 'internal/(packagename):', 'design:' or something similar.
 - PRs *must* be labelled with a `release-note/category` label, where category is one of

@@ -6,7 +6,7 @@ IMAGE := $(REGISTRY)/$(PROJECT)
 GATEWAY_API_VERSION ?= $(shell grep "sigs.k8s.io/gateway-api" go.mod | awk '{print $$2}')
 
 # Used to supply a local Envoy docker container an IP to connect to that is running
-# 'contour serve'. On MacOS this will work, but may not on other OSes. Defining
+# 'contour serve'. On macOS this will work, but may not on other OSes. Defining
 # LOCALIP as an env var before running 'make local' will solve that.
 LOCALIP ?= $(shell ifconfig | grep inet | grep -v '::' | grep -v 'inet 127.' | head -n1 | awk '{print $$2}')
 

@@ -187,7 +187,7 @@ func getIndex(condType string, subconds []SubCondition) int {
 	return -1
 }
 
-// GetConditionFor returns the a pointer to the condition for a given type,
+// GetConditionFor returns a pointer to the condition for a given type,
 // or nil if there are none currently present.
 func (status *HTTPProxyStatus) GetConditionFor(condType string) *DetailedCondition {
 	for i, cond := range status.Conditions {

@@ -116,7 +116,7 @@ type MatchCondition struct {
 // IgnoreCase has no effect for Regex.
 type HeaderMatchCondition struct {
 	// Name is the name of the header to match against. Name is required.
-	// Header names are case insensitive.
+	// Header names are case-insensitive.
 	Name string `json:"name"`
 
 	// Present specifies that condition is true when the named header
@@ -142,7 +142,7 @@ type HeaderMatchCondition struct {
 	// +optional
 	NotContains string `json:"notcontains,omitempty"`
 
-	// IgnoreCase specifies that string matching should be case insensitive.
+	// IgnoreCase specifies that string matching should be case-insensitive.
 	// Note that this has no effect on the Regex parameter.
 	// +optional
 	IgnoreCase bool `json:"ignoreCase,omitempty"`
@@ -175,7 +175,7 @@ type HeaderMatchCondition struct {
 // for Regex.
 type QueryParameterMatchCondition struct {
 	// Name is the name of the query parameter to match against. Name is required.
-	// Query parameter names are case insensitive.
+	// Query parameter names are case-insensitive.
 	Name string `json:"name"`
 
 	// Exact specifies a string that the query parameter value must be equal to.
@@ -200,7 +200,7 @@ type QueryParameterMatchCondition struct {
 	// +optional
 	Contains string `json:"contains,omitempty"`
 
-	// IgnoreCase specifies that string matching should be case insensitive.
+	// IgnoreCase specifies that string matching should be case-insensitive.
 	// Note that this has no effect on the Regex parameter.
 	// +optional
 	IgnoreCase bool `json:"ignoreCase,omitempty"`

@@ -462,7 +462,7 @@ type SocketOptions struct {
 	TrafficClass int32 `json:"trafficClass,omitempty"`
 }
 
-// EnvoyTLS describes tls parameters for Envoy listneners.
+// EnvoyTLS describes tls parameters for Envoy listeners.
 type EnvoyTLS struct {
 	// MinimumProtocolVersion is the minimum TLS version this vhost should
 	// negotiate.

@@ -30,7 +30,7 @@ var featureFlagsMap = map[string]struct{}{
 // Validate configuration that is not already covered by CRD validation.
 func (c *ContourConfigurationSpec) Validate() error {
 	// Validation of root configuration fields.
-	if err := endpointsInConfict(c.Health, c.Metrics); err != nil {
+	if err := endpointsInConflict(c.Health, c.Metrics); err != nil {
 		return fmt.Errorf("invalid contour configuration: %v", err)
 	}
 
@@ -120,7 +120,7 @@ func (d ClusterDNSFamilyType) Validate() error {
 
 // Validate configuration that cannot be handled with CRD validation.
 func (e *EnvoyConfig) Validate() error {
-	if err := endpointsInConfict(e.Health, e.Metrics); err != nil {
+	if err := endpointsInConflict(e.Health, e.Metrics); err != nil {
 		return fmt.Errorf("invalid envoy configuration: %v", err)
 	}
 
@@ -335,8 +335,8 @@ func (e *EnvoyLogging) AccessLogFormatterExtensions() []string {
 	return extensions
 }
 
-// endpointsInConfict returns error if different protocol are configured to use single port.
-func endpointsInConfict(health *HealthConfig, metrics *MetricsConfig) error {
+// endpointsInConflict returns error if different protocol are configured to use single port.
+func endpointsInConflict(health *HealthConfig, metrics *MetricsConfig) error {
 	if health != nil && metrics != nil && metrics.TLS != nil && health.Address == metrics.Address && health.Port == metrics.Port {
 		return fmt.Errorf("cannot use single port for health over HTTP and metrics over HTTPS")
 	}

@@ -17,7 +17,7 @@ import (
 	contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1"
 )
 
-// GetConditionFor returns the a pointer to the condition for a given type,
+// GetConditionFor returns a pointer to the condition for a given type,
 // or nil if there are none currently present.
 func (status *ExtensionServiceStatus) GetConditionFor(condType string) *contour_v1.DetailedCondition {
 	for i, cond := range status.Conditions {

@@ -11,7 +11,7 @@ A big thank you to everyone who contributed to the release.
 
 
 # Changes
-- Fixed a bug where upstream TLS SNI (`HTTProxy.spec.routes.requestHeadersPolicy` `Host` key) and protocol fields might not take effect when e.g. two `HTTPProxies` were otherwise equal but differed only on those fields. (#4350, @tsaarni)
+- Fixed a bug where upstream TLS SNI (`HTTPProxy.spec.routes.requestHeadersPolicy` `Host` key) and protocol fields might not take effect when e.g. two `HTTPProxies` were otherwise equal but differed only on those fields. (#4350, @tsaarni)
 - Update github.com/prometheus/client_golang to v1.11.1 to address CVE-2022-21698. (#4361, @tsaarni)
 - Updates Envoy to v1.21.1. See the [Envoy changelog](https://www.envoyproxy.io/docs/envoy/v1.21.1/version_history/current) for details. (#4365, @skriss)
 

@@ -165,7 +165,7 @@ Credit to @pkit for implementing this feature!
 - Node labels in `localhost:6060/debug/dag` troubleshooting API are sanitized by html-escaping user fields. (#4323, @kb000)
 - Upstream TCP connection timeout is now configurable in [configuration file](https://projectcontour.io/docs/main/configuration/#timeout-configuration) and in [`ContourConfiguration`](https://projectcontour.io/docs/main/config/api/#projectcontour.io/v1alpha1.TimeoutParameters). (#4326, @tsaarni)
 - Drops RBAC and caching for the `networking.k8s.io/IngressClass` resource as it's not used by Contour. (#4329, @skriss)
-- Fixed a bug where upstream TLS SNI (`HTTProxy.spec.routes.requestHeadersPolicy` `Host` key) and protocol fields might not take effect when e.g. two `HTTPProxies` were otherwise equal but differed only on those fields. (#4350, @tsaarni)
+- Fixed a bug where upstream TLS SNI (`HTTPProxy.spec.routes.requestHeadersPolicy` `Host` key) and protocol fields might not take effect when e.g. two `HTTPProxies` were otherwise equal but differed only on those fields. (#4350, @tsaarni)
 - New field `HTTPProxy.spec.routes.timeoutPolicy.idleConnection` was added. The field sets timeout for how long the upstream connection will be kept idle between requests before disconnecting it. (#4356, @tsaarni)
 - Update github.com/prometheus/client_golang to v1.11.1 to address CVE-2022-21698. (#4361, @tsaarni)
 - Envoy's [`merge_slashes`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-merge-slashes) option that enables

@@ -109,7 +109,7 @@ spec:
           port: 80
     - conditions:
       - queryParam:
-          # will match e.g. '?search=prefixthis' or any string value prefixed by `prefix` (case insensitive)
+          # will match e.g. '?search=prefixthis' or any string value prefixed by `prefix` (case-insensitive)
           name: search
           prefix: PreFix
           ignoreCase: true
@@ -118,7 +118,7 @@ spec:
           port: 80
     - conditions:
       - queryParam:
-          # will match e.g. '?search=thispostfix' or any string value suffixed by `postfix` (case sensitive)
+          # will match e.g. '?search=thispostfix' or any string value suffixed by `postfix` (case-sensitive)
           name: search
           suffix: postfix
       services:
@@ -134,7 +134,7 @@ spec:
           port: 80
     - conditions:
       - queryParam:
-          # will match e.g. '?search=somethinginsideanother' or any string value containing the substring 'inside' (case sensitive)
+          # will match e.g. '?search=somethinginsideanother' or any string value containing the substring 'inside' (case-sensitive)
           name: search
           contains: inside
       services:
@@ -218,7 +218,7 @@ To upgrade an existing Contour installation, please consult the [upgrade documen
 Contour v1.25.0 is tested against Kubernetes 1.25 through 1.27.
 
 # Community Thanks!
-We’re immensely grateful for all the community contributions that help make Contour even better! For this release, we would like to give a special shoutout to the folks who joined our ContribFest at KubeCon EU 2023:
+We’re immensely grateful for all the community contributions that help make Contour even better! For this release, we would like to give a special shout-out to the folks who joined our ContribFest at KubeCon EU 2023:
 
 - @padlar
 - @IdanAtias

@@ -61,7 +61,7 @@ Fixes a bug where when the external authorization filter and JWT authentication
 
 This change introduces a max length of 250 characters to the field `subjectName` in the UpstreamValidation block.
 
-Allow multiple SANs in Upstream Validation by adding a new field `subjectNames` to the UpstreamValidtion block. This will exist side by side with the previous `subjectName` field. Using CEL validation, we can enforce that when both are present, the first entry in `subjectNames` must match the value of `subjectName`.
+Allow multiple SANs in Upstream Validation by adding a new field `subjectNames` to the UpstreamValidation block. This will exist side by side with the previous `subjectName` field. Using CEL validation, we can enforce that when both are present, the first entry in `subjectNames` must match the value of `subjectName`.
 
 (#5849, @KauzClay)
 

@@ -8,7 +8,7 @@ change, preferably with a link to the design document involved, and what the
 Contour user should do about it.
 
 If the change is a breaking one, this document should also include instructions
-on what to do, preferably with copy-pastable commands to do it.
+on what to do, preferably with copy-pasteable commands to do it.
 
 Below is an example from a previous changelog.
 

@@ -16,5 +16,5 @@
 package main
 
 // This file is protected by the go:build oidc tag above to prevent
-// the oicd dependencies from being part of the standard contour image.
+// the oidc dependencies from being part of the standard contour image.
 import _ "k8s.io/client-go/plugin/pkg/client/auth/oidc"
@@ -81,7 +81,7 @@ The Stream API returns full copies of its cache to the caller at a schedule dete
 For example, a Stream API implementation that replies with the cache contents every 30 seconds would be compliant with the API.
 This approach, however, just moves the polling from the client to the server, with limited benefit.
 
-We propose to implement Stream like this (in peudocode):
+We propose to implement Stream like this (in pseudocode):
 ```
 func Stream() {
         for {

@@ -8,7 +8,7 @@ The intent is to make the process of building the release changelog faster and e
 
 ## Background
 At the time of writing, creating Contour's release notes takes at least a day, sometimes two.
-Whoever is in charge of a given release must carefully check through all the PRs merged since the last release, write up a change summary for each, and get all of that into Markdown, ready to be put into the Github Release.
+Whoever is in charge of a given release must carefully check through all the PRs merged since the last release, write up a change summary for each, and get all of that into Markdown, ready to be put into the GitHub Release.
 The Contour team has got feedback on a few occasions that our current release notes are excellent, and we want to keep that up, but it should not take so long.
 
 ## Goals

@@ -182,7 +182,7 @@ Initially using the Envoy Lua filter, there should be no compatibility issues as
 If we do end up getting the Envoy native feature merged, we can wait to merge the Lua implementation until a couple releases with the Envoy feature.
 - In Contour version X, Envoy version Y we can implement feature with Lua.
 - In Contour version X+1, Envoy version Y+1 (with native feature), we will still implement this feature with Lua in Contour
-- In Contour version X+2, Envoy version Y+2, we can implement cookie reqriting with the Envoy native feature
+- In Contour version X+2, Envoy version Y+2, we can implement cookie rewriting with the Envoy native feature
 
 ## Open Issues
 

@@ -15,7 +15,7 @@ Nowadays, most modern browsers don't allow requests to a domain from a webpage t
 
 Knowing how authentication works, a malicious webpage could try to force a user to execute unwanted actions on a web application in which they're currently authenticated using some social engineering. This could be an attack example:
 - A user who is authenticated on an online bank (`www.mybank.com`) receives an email saying that they won a brand new car. To get the prize, they only have to visit `www.malicious-site.com/winner` and fill out a form with some personal data.
-- When the user goes to the malicious web page, a Javascript code is executed in the background sending an AJAX request to `www.mybank.com/transfer` which is the URL used for doing money transfers on the online bank.
+- When the user goes to the malicious web page, a JavaScript code is executed in the background sending an AJAX request to `www.mybank.com/transfer` which is the URL used for doing money transfers on the online bank.
 - As the user is already authenticated on `mybank.com`, the authentication cookie is sent automatically.
 - The web application checks the cookie and as it's valid, the money transfer is performed on the victim's behalf.
 
@@ -25,9 +25,9 @@ To avoid this kind of scenario, web browsers apply the same-origin policy.
 
 Under the same-origin policy, a web browser allows scripts contained on a web page to access data on another server, but only if both share the same origin. An origin is defined as a combination of URI scheme, host name, and port number. Thanks to same-origin policy, attacks like the one explained previously are prevented by the browser itself because `www.mybank.com` and `www.malicious-site.com` don't share the same origin.
 
-However, the way web applications are developed has evolved, and nowadays it’s very frequent to separate the frontend from the backend, deploying them independently. For instance, the frontend could be a Javascript single page application deployed on a CDN (`myfrontend.com`) and the backend, a microservices cluster deployed somewhere else (`mybackend.com`).
+However, the way web applications are developed has evolved, and nowadays it’s very frequent to separate the frontend from the backend, deploying them independently. For instance, the frontend could be a JavaScript single page application deployed on a CDN (`myfrontend.com`) and the backend, a microservices cluster deployed somewhere else (`mybackend.com`).
 
-As the Javascript application needs to send requests to the API exposed by the backend and they are hosted on different domains, the web browser will prevent any communication between them due to the same-origin policy. This is where CORS comes into play.
+As the JavaScript application needs to send requests to the API exposed by the backend and they are hosted on different domains, the web browser will prevent any communication between them due to the same-origin policy. This is where CORS comes into play.
 
 ### CORS
 

@@ -16,7 +16,7 @@ This document describes the design of a new resource in IngressRoute for custom
 # Background
 
 Contour supports custom request timeout and custom retry attempts via [Ingress Annotations](https://github.com/projectcontour/contour/blob/main/docs/annotations.md).
-We wish to expose the same same functionality has been requested via IngressRoute as well.
+We wish to expose the same functionality has been requested via IngressRoute as well.
 
 Additionally, request and retry behavior apply to any interaction that