fix spelling errors (projectcontour#5798)

Signed-off-by: Steve Kriss <krisss@vmware.com>

.codespell.ignorewords

@@ -6,3 +6,4 @@ od
 als
 wit
 aks
+immediatedly

design/configuration-crd.md

@@ -145,7 +145,7 @@ Contour will provide a new command or external tool (similar to ir2proxy) which
 A managed version of Contour was made available with the `Contour Operator`.
 Since Contour will manage Envoy instances, the Operator will now manage instances of Contour.
 The details of how an instance of Contour should be deployed within a cluster will be defined in the second CRD named `ContourDeployment`. 
-The `spec.confguration` of this object will be the same struct defined in the `ContourConfiguration`. 
+The `spec.configuration` of this object will be the same struct defined in the `ContourConfiguration`.
 
 A controller will watch for these objects to be created and take action on them accordingly to make desired state in the cluster match the configuration on the spec. 
 

design/downstream-crl-design.md

@@ -59,7 +59,7 @@ The same approach shall be followed for configuring revocation lists as is used
 The CRL is stored in an opaque Kubernetes secret.
 The secret will be stored in the same namespace as the corresponding `HTTPProxy` object.
 The secret object shall contain entry named `crl.pem`.
-The constents shall be the CRL in PEM format.
+The contents shall be the CRL in PEM format.
 The file may contain "PEM bundle", that is, a list of CRLs concatenated in single file.
 
 Example:

design/external-authorization-design.md

@@ -32,7 +32,7 @@ This document describes a design for performing request authorization for virtua
 
 ## High-Level Design
 A new `ExtensionService` CRD adds a way to represent and track an authorization service.
-This CRD is relatively generic, so that it can be re-used for Envoy rate limiting and logging services.
+This CRD is relatively generic, so that it can be reused for Envoy rate limiting and logging services.
 The core of the `ExtensionService` CRD is subset of the `projectcontour.v1.HTTPProxy` `Service` specification.
 Re-using the `Service` type allows the operator to specify configuration in familiar and consistent terms, especially TLS configuration.
 
@@ -115,7 +115,7 @@ Note that the Envoy cluster name can be non-obvious, so exposing it in status ma
 
 If the `Service` refers to a Kubernetes `ExternalName`, Contour should program Envoy to send the traffic to the external destination.
 
-The `ExtensionService` CRD re-uses the `Service` type from the `projectcontour.io/v1` API.
+The `ExtensionService` CRD reuses the `Service` type from the `projectcontour.io/v1` API.
 However, the setting following fields can generate a validation errors:
 
 - `Protocol` may only be set to `h2` or `h2c` (the default should be `h2`).
@@ -338,7 +338,7 @@ Once that happens, the client has to resend the original request and it will ent
 1. Contour could install itself as the authorization server.
    This could remove some of the limitations of the Envoy configuration structure at the cost of more complexity in Contour.
 1. Integrate external authorization directly into `HTTPProxy`.
-   This increases the complexity of the `HTTPProxy` structure and makes it difficult to re-use the same authorization service acrtoss multiple proxies.
+   This increases the complexity of the `HTTPProxy` structure and makes it difficult to reuse the same authorization service acrtoss multiple proxies.
    A separate CRD gives better opportunities to expose useful operational status.
    Integrating specific authorization parameters into `HTTPProxy` prevents operators implementing their own authorization flows.
 

design/session-affinity.md

@@ -155,7 +155,7 @@ For example consider two routes, `/cart` and `/checkout` are served by the same
     - name: ecommerce-pro
       port: 8080
       strategy: Cookie
-  - match: /cheeckout
+  - match: /checkout
     - name: ecommerce-pro
       port: 8080
       strategy: Cookie

internal/envoy/v3/listener.go

@@ -841,7 +841,7 @@ func FilterChainTLS(domain string, downstream *envoy_tls_v3.DownstreamTlsContext
 	return fc
 }
 
-// FilterChainTLSFallback returns a TLS enabled envoy_listener_v3.FilterChain conifgured for FallbackCertificate.
+// FilterChainTLSFallback returns a TLS enabled envoy_listener_v3.FilterChain configured for FallbackCertificate.
 func FilterChainTLSFallback(downstream *envoy_tls_v3.DownstreamTlsContext, filters []*envoy_listener_v3.Filter) *envoy_listener_v3.FilterChain {
 	fc := &envoy_listener_v3.FilterChain{
 		Name:    "fallback-certificate",

site/content/docs/v1.1.0/annotations.md

@@ -16,7 +16,7 @@ The <code>contour.heptio.com</code> annotations are deprecated, please use the <
 
 ## Standard Kubernetes Ingress annotations
 
-The following Kubernetes annotions are supported on [`Ingress`] objects:
+The following Kubernetes annotations are supported on [`Ingress`] objects:
 
  - `kubernetes.io/ingress.class`: The Ingress class that should interpret and serve the Ingress. If not set, then all Ingress controllers serve the Ingress. If specified as `kubernetes.io/ingress.class: contour`, then Contour serves the Ingress. If any other value, Contour ignores the Ingress definition. You can override the default class `contour` with the `--ingress-class-name` flag at runtime. This can be useful while you are migrating from another controller, or if you need multiple instances of Contour.
  - `ingress.kubernetes.io/force-ssl-redirect`: Requires TLS/SSL for the Ingress to Envoy by setting the [Envoy virtual host option require_tls][16].

site/content/resources/faq.md

@@ -29,7 +29,7 @@ More information about the HTTPProxy API can be found [in the HTTPProxy document
 
 ## Q: When I load my site in Safari, it shows me an empty page. Developer tools show that the HTTP response was 421. Why does this happen?
 
-The HTTP/2 specification allows user agents (browsers) to re-use TLS sessions to different hostnames as long as they share an IP address and a TLS server certificate (see [RFC 7540](https://tools.ietf.org/html/rfc7540#section-9.1.1)).
+The HTTP/2 specification allows user agents (browsers) to reuse TLS sessions to different hostnames as long as they share an IP address and a TLS server certificate (see [RFC 7540](https://tools.ietf.org/html/rfc7540#section-9.1.1)).
 Sharing a TLS certificate typically uses a wildcard certificate, or a certificate containing multiple alternate names.
 If this kind of session reuse is not supported by the server, it sends a "421 Misdirected Request", and the user agent may retry the request with a new TLS session.
 Although Chrome and Firefox correctly retry 421 responses, Safari does not, and simply displays the 421 response body.
@@ -39,7 +39,7 @@ This is done for security reasons, so that TLS protocol configuration guarantees
 
 The best workaround for this Safari issue is to avoid the use of wildcard certificates.
 [cert-manager](https://cert-manager.io) can automatically issue TLS certificates for Ingress and HTTPProxy resources (see the [configuration guide][2]).
-If wildcard certificates cannot be avoided, the other workaround is to disable HTTP/2 support which will prevent inappropriate TLS session re-use.
+If wildcard certificates cannot be avoided, the other workaround is to disable HTTP/2 support which will prevent inappropriate TLS session reuse.
 HTTP/2 support can be disabled by setting the `default-http-versions` field in the Contour [configuration file][3].
 
 ## Q: Why is the Envoy container not accepting connections even though Contour is running?