[release-1.22] v1.22.0 cherrypicks (#4644)

* Gateway API: run conformance via a Go test (#4640)

Switches to running Gateway API conformance
via a Go test that uses the conformance
module. This allows us to customize the
settings for the run, including opting into
tests for extended conformance features.

Closes #4616.

Signed-off-by: Steve Kriss <krisss@vmware.com>

* v1.22.0 docs and changelog (#4642)

* Prepare documentation site for v1.22.0 release.
* Add changelog for v1.22.0 release.
* update versions.yaml and compatibility matrix
* update upgrading instructions

Signed-off-by: Steve Kriss <krisss@vmware.com>

changelogs/CHANGELOG-v1.22.0-rc.1.md → changelogs/CHANGELOG-v1.22.0.md

@@ -1,10 +1,7 @@
-We are delighted to present version v1.22.0-rc.1 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
+We are delighted to present version v1.22.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
 
 A big thank you to everyone who contributed to the release.
 
-**Please note that this is pre-release software**, and as such we do not recommend installing it in production environments.
-Feedback and bug reports are welcome!
-
 
 - [Major Changes](#major-changes)
 - [Minor Changes](#minor-changes)
@@ -32,6 +29,13 @@ For information on getting started with Contour and Gateway API, see the [Contou
 
 # Minor Changes
 
+## Update to Envoy 1.23.0
+
+Contour now uses Envoy 1.23.0.
+See [the Envoy changelog](https://www.envoyproxy.io/docs/envoy/v1.23.0/version_history/v1.23/v1.23.0) for more information on the contents of the release.
+
+(#4621, @skriss)
+
 ## HTTPProxy Direct Response Policy
 
 HTTPProxy.Route now has a HTTPDirectResponsePolicy which allows for routes to specify a DirectResponsePolicy.
@@ -42,17 +46,24 @@ It is important to note that one of route.services or route.requestRedirectPolic
 
 (#4526, @yangyy93)
 
-##  Bind create label operation for contour's deployment to the struct
+## Validating revocation status of client certificates
 
-There are now three places to create the same label(s), so let the operation to be a method of the Contour struct.
+It is now possible to enable revocation check for client certificates validation.
+The CRL files must be provided in advance and configured as opaque Secret.
+To enable the feature, `httpproxy.spec.virtualhost.tls.clientValidation.crlSecret` is set with the secret name.
 
-(#4585, @izturn)
+(#4592, @tsaarni)
 
-## Use local variable to replace the long access chain of fields
+## Consolidate access logging and TLS cipher suite validation
 
-The access chain of fields is too long, so use local variable to replace them.
+Access log and TLS cipher suite configuration validation logic is now consolidated in the `apis/projectcontour/v1alpha1` package.
+Existing exported elements of the `pkg/config` package are left untouched, though implementation logic now lives in `apis/projectcontour/v1alpha1`.
 
-(#4586, @izturn)
+This should largely be a no-op for users however, as part of this cleanup, a few minor incompatible changes have been made:
+- TLS cipher suite list elements will no longer be allowed to have leading or trailing whitespace
+- The ContourConfiguration CRD field `spec.envoy.logging.jsonFields` has been renamed to `spec.envoy.logging.accessLogJSONFields`
+
+(#4626, @sunjayBhatia)
 
 ## Gateway API: implement HTTP query parameter matching
 
@@ -87,14 +98,6 @@ spec:
 
 (#4588, @skriss)
 
-## Validating revocation status of client certificates
-
-It is now possible to enable revocation check for client certificates validation.
-The CRL files must be provided in advance and configured as opaque Secret.
-To enable the feature, `httpproxy.spec.virtualhost.tls.clientValidation.crlSecret` is set with the secret name.
-
-(#4592, @tsaarni)
-
 ## Gateway API: update handling of various invalid HTTPRoute/TLSRoute scenarios
 
 Updates the handling of various invalid HTTPRoute/TLSRoute scenarios to be conformant with the Gateway API spec, including:
@@ -105,36 +108,29 @@ Updates the handling of various invalid HTTPRoute/TLSRoute scenarios to be confo
 
 (#4614, @skriss)
 
-## Update to Envoy 1.23.0
-
-Contour now uses Envoy 1.23.0.
-See [the Envoy changelog](https://www.envoyproxy.io/docs/envoy/v1.23.0/version_history/v1.23/v1.23.0) for more information on the contents of the release.
+## Gateway API: enforce correct TLS modes for HTTPS and TLS listener protocols
 
-(#4621, @skriss)
+Contour now enforces that the correct TLS modes are used for the HTTPS and TLS listener protocols.
+For an HTTPS listener, the TLS mode "Terminate" must be used (this is compatible with HTTPRoutes).
+For a TLS listener, the TLS mode "Passthrough" must be used (this is compatible with TLSRoutes).
 
-## Consolidate access logging and TLS cipher suite validation
+(#4631, @skriss)
 
-Access log and TLS cipher suite configuration validation logic is now consolidated in the `apis/projectcontour/v1alpha1` package.
-Existing exported elements of the `pkg/config` package are left untouched, though implementation logic now lives in `apis/projectcontour/v1alpha1`.
+##  Bind create label operation for contour's deployment to the struct
 
-This should largely be a no-op for users however, as part of this cleanup, a few minor incompatible changes have been made:
-- TLS cipher suite list elements will no longer be allowed to have leading or trailing whitespace
-- The ContourConfiguration CRD field `spec.envoy.logging.jsonFields` has been renamed to `spec.envoy.logging.accessLogJSONFields`
+There are now three places to create the same label(s), so let the operation to be a method of the Contour struct.
 
-(#4626, @sunjayBhatia)
+(#4585, @izturn)
 
-## Gateway API: enforce correct TLS modes for HTTPS and TLS listener protocols
+## Use local variable to replace the long access chain of fields
 
-Contour now enforces that the correct TLS modes are used for the HTTPS and TLS listener protocols.
-For an HTTPS listener, the TLS mode "Terminate" must be used (this is compatible with HTTPRoutes).
-For a TLS listener, the TLS mode "Passthrough" must be used (this is compatible with TLSRoutes).
+The access chain of fields is too long, so use local variable to replace them.
 
-(#4631, @skriss)
+(#4586, @izturn)
 
 
 # Other Changes
-- RTDS now serves dynamic runtime configuration layer which is requested by bootstrap configuration.
-In this future, contents of this runtime configuration will be made configurable by users. (#4387, @sunjayBhatia)
+- RTDS now serves dynamic runtime configuration layer which is requested by bootstrap configuration. In the future, contents of this runtime configuration will be made configurable by users. (#4387, @sunjayBhatia)
 - internal/envoy: use Envoy's path-based prefix matching instead of regular expressions. (#4477, @mmalecki)
 - Gateway API: compute Listener supported kinds sooner, so it's populated in all cases where it can be computed. (#4523, @skriss)
 - When validating secrets, don't log an error for an Opaque secret that doesn't contain a `ca.crt` key. (#4528, @skriss)
@@ -160,11 +156,11 @@ In this future, contents of this runtime configuration will be made configurable
 
 # Docs Changes
 - Updated SITE_CONTRIBUTION.md to reflect Hugo platform. (#4620, @gary-tai)
+- Remove grey banner from main website page. (#4635, @gary-tai)
 
 
 # Deprecation and Removal Notices
 
-
 ## Gateway API: ReferencePolicy is deprecated, will be removed next release
 
 Gateway API has renamed ReferencePolicy to ReferenceGrant in the v0.5.0 release, while retaining the former for one release to ease migration.
@@ -176,22 +172,14 @@ Users of ReferencePolicies must migrate their resources to ReferenceGrants ahead
 
 # Installing and Upgrading
 
-The simplest way to install v1.22.0-rc.1 is to apply one of the example configurations:
-
-With Gateway API:
-```bash
-kubectl apply -f https://github.com/projectcontour/contour/blob/v1.22.0-rc.1/examples/render/contour-gateway.yaml
-```
+For a fresh install of Contour, consult the [getting started documentation](https://projectcontour.io/getting-started/).
 
-Without Gateway API:
-```bash
-kubectl apply -f https://github.com/projectcontour/contour/blob/v1.22.0-rc.1/examples/render/contour.yaml
-```
+To upgrade an existing Contour installation, please consult the [upgrade documentation](https://projectcontour.io/resources/upgrading/).
 
 
 # Compatible Kubernetes Versions
 
-Contour v1.22.0-rc.1 is tested against Kubernetes 1.22 through 1.24.
+Contour v1.22.0 is tested against Kubernetes 1.22 through 1.24.
 
 # Community Thanks!
 We’re immensely grateful for all the community contributions that help make Contour even better! For this release, special thanks go out to the following contributors: