@@ -11,17 +11,33 @@ data:
1111 # determine which XDS Server implementation to utilize in Contour.
1212 # xds-server-type: contour
1313 #
14+ # Specify the Gateway API configuration.
15+ # gateway:
16+ # controllerName: projectcontour.io/projectcontour/contour
17+ # name: contour
18+ # namespace: projectcontour
19+ #
1420 # should contour expect to be running inside a k8s cluster
1521 # incluster: true
1622 #
1723 # path to kubeconfig (if not running inside a k8s cluster)
1824 # kubeconfig: /path/to/.kube/config
1925 #
20- # disable HTTPProxy permitInsecure field
26+ # Disable RFC-compliant behavior to strip "Content-Length" header if
27+ # "Tranfer-Encoding: chunked" is also set.
28+ # disableAllowChunkedLength: false
29+ # Disable HTTPProxy permitInsecure field
2130 disablePermitInsecure: false
2231 tls:
2332 # minimum TLS version that Contour will negotiate
24- # minimum-protocol-version: "1.1"
33+ # minimum-protocol-version: "1.2"
34+ # TLS ciphers to be supported by Envoy TLS listeners when negotiating
35+ # TLS 1.2.
36+ # cipher-suites:
37+ # - '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]'
38+ # - '[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]'
39+ # - 'ECDHE-ECDSA-AES256-GCM-SHA384'
40+ # - 'ECDHE-RSA-AES256-GCM-SHA384'
2541 # Defines the Kubernetes name/namespace matching a secret to use
2642 # as the fallback certificate when requests which don't match the
2743 # SNI defined for a vhost.
@@ -77,10 +93,53 @@ data:
7793 # connection-idle-timeout: 60s
7894 # stream-idle-timeout: 5m
7995 # max-connection-duration: infinity
96+ # delayed-close-timeout: 1s
8097 # connection-shutdown-grace-period: 5s
8198 #
8299 # Envoy cluster settings.
83100 # cluster:
84101 # configure the cluster dns lookup family
85102 # valid options are: auto (default), v4, v6
86103 # dns-lookup-family: auto
104+ #
105+ # Envoy network settings.
106+ # network:
107+ # Configure the number of additional ingress proxy hops from the
108+ # right side of the x-forwarded-for HTTP header to trust.
109+ # num-trusted-hops: 0
110+ #
111+ # Configure an optional global rate limit service.
112+ # rateLimitService:
113+ # Identifies the extension service defining the rate limit service,
114+ # formatted as <namespace>/<name>.
115+ # extensionService: projectcontour/ratelimit
116+ # Defines the rate limit domain to pass to the rate limit service.
117+ # Acts as a container for a set of rate limit definitions within
118+ # the RLS.
119+ # domain: contour
120+ # Defines whether to allow requests to proceed when the rate limit
121+ # service fails to respond with a valid rate limit decision within
122+ # the timeout defined on the extension service.
123+ # failOpen: false
124+ # Defines whether to include the X-RateLimit headers X-RateLimit-Limit,
125+ # X-RateLimit-Remaining, and X-RateLimit-Reset (as defined by the IETF
126+ # Internet-Draft linked below), on responses to clients when the Rate
127+ # Limit Service is consulted for a request.
128+ # ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html
129+ # enableXRateLimitHeaders: false
130+ #
131+ # Global Policy settings.
132+ # policy:
133+ # # Default headers to set on all requests (unless set/removed on the HTTPProxy object itself)
134+ # request-headers:
135+ # set:
136+ # # example: the hostname of the Envoy instance that proxied the request
137+ # X-Envoy-Hostname: %HOSTNAME%
138+ # # example: add a l5d-dst-override header to instruct Linkerd what service the request is destined for
139+ # l5d-dst-override: %CONTOUR_SERVICE_NAME%.%CONTOUR_NAMESPACE%.svc.cluster.local:%CONTOUR_SERVICE_PORT%
140+ # # default headers to set on all responses (unless set/removed on the HTTPProxy object itself)
141+ # response-headers:
142+ # set:
143+ # # example: Envoy flags that provide additional details about the response or connection
144+ # X-Envoy-Response-Flags: %RESPONSE_FLAGS%
145+ #
0 commit comments