envoy/permissive-mode: use cluster service discovery and routing

pkg/envoy/cds/cluster.go

@@ -12,6 +12,7 @@ import (
 	"github.com/golang/protobuf/ptypes/wrappers"
 
 	"github.com/openservicemesh/osm/pkg/catalog"
+	"github.com/openservicemesh/osm/pkg/configurator"
 	"github.com/openservicemesh/osm/pkg/constants"
 	"github.com/openservicemesh/osm/pkg/envoy"
 	"github.com/openservicemesh/osm/pkg/service"
@@ -23,27 +24,37 @@ const (
 )
 
 // getRemoteServiceCluster returns an Envoy Cluster corresponding to the remote service
-func getRemoteServiceCluster(remoteService, localService service.MeshService) (*xds_cluster.Cluster, error) {
+func getRemoteServiceCluster(remoteService, localService service.MeshService, cfg configurator.Configurator) (*xds_cluster.Cluster, error) {
 	clusterName := remoteService.String()
 	marshalledUpstreamTLSContext, err := envoy.MessageToAny(
 		envoy.GetUpstreamTLSContext(localService, remoteService.GetCommonName().String()))
 	if err != nil {
 		return nil, err
 	}
 
-	return &xds_cluster.Cluster{
-		Name:                 clusterName,
-		ConnectTimeout:       ptypes.DurationProto(clusterConnectTimeout),
-		LbPolicy:             xds_cluster.Cluster_ROUND_ROBIN,
-		ClusterDiscoveryType: &xds_cluster.Cluster_Type{Type: xds_cluster.Cluster_EDS},
-		EdsClusterConfig:     &xds_cluster.Cluster_EdsClusterConfig{EdsConfig: envoy.GetADSConfigSource()},
+	remoteCluster := &xds_cluster.Cluster{
+		Name:           clusterName,
+		ConnectTimeout: ptypes.DurationProto(clusterConnectTimeout),
 		TransportSocket: &xds_core.TransportSocket{
 			Name: wellknown.TransportSocketTls,
 			ConfigType: &xds_core.TransportSocket_TypedConfig{
 				TypedConfig: marshalledUpstreamTLSContext,
 			},
 		},
-	}, nil
+	}
+
+	if cfg.IsPermissiveTrafficPolicyMode() {
+		// Since no traffic policies exist with permissive mode, rely on cluster provided service discovery.
+		remoteCluster.ClusterDiscoveryType = &xds_cluster.Cluster_Type{Type: xds_cluster.Cluster_ORIGINAL_DST}
+		remoteCluster.LbPolicy = xds_cluster.Cluster_CLUSTER_PROVIDED
+	} else {
+		// Configure service discovery based on traffic policies
+		remoteCluster.ClusterDiscoveryType = &xds_cluster.Cluster_Type{Type: xds_cluster.Cluster_EDS}
+		remoteCluster.EdsClusterConfig = &xds_cluster.Cluster_EdsClusterConfig{EdsConfig: envoy.GetADSConfigSource()}
+		remoteCluster.LbPolicy = xds_cluster.Cluster_ROUND_ROBIN
+	}
+
+	return remoteCluster, nil
 }
 
 // getOutboundPassthroughCluster returns an Envoy cluster that is used for outbound passthrough traffic

pkg/envoy/cds/cluster_test.go

@@ -0,0 +1,44 @@
+package cds
+
+import (
+	xds_cluster "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
+
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+
+	"github.com/openservicemesh/osm/pkg/configurator"
+	"github.com/openservicemesh/osm/pkg/tests"
+)
+
+var _ = Describe("Cluster configurations", func() {
+
+	localService := tests.BookbuyerService
+	remoteService := tests.BookstoreService
+	Context("Test getRemoteServiceCluster", func() {
+		It("Returns an EDS based cluster when permissive mode is disabled", func() {
+			cfg := configurator.NewFakeConfiguratorWithOptions(
+				configurator.FakeConfigurator{
+					PermissiveTrafficPolicyMode: false,
+				},
+			)
+
+			remoteCluster, err := getRemoteServiceCluster(remoteService, localService, cfg)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(remoteCluster.GetType()).To(Equal(xds_cluster.Cluster_EDS))
+			Expect(remoteCluster.LbPolicy).To(Equal(xds_cluster.Cluster_ROUND_ROBIN))
+		})
+
+		It("Returns an Original Destination based cluster when permissive mode is enabled", func() {
+			cfg := configurator.NewFakeConfiguratorWithOptions(
+				configurator.FakeConfigurator{
+					PermissiveTrafficPolicyMode: true,
+				},
+			)
+
+			remoteCluster, err := getRemoteServiceCluster(remoteService, localService, cfg)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(remoteCluster.GetType()).To(Equal(xds_cluster.Cluster_ORIGINAL_DST))
+			Expect(remoteCluster.LbPolicy).To(Equal(xds_cluster.Cluster_CLUSTER_PROVIDED))
+		})
+	})
+})

pkg/envoy/cds/response.go

@@ -43,7 +43,7 @@ func NewResponse(_ context.Context, catalog catalog.MeshCataloger, proxy *envoy.
 			continue
 		}
 
-		remoteCluster, err := getRemoteServiceCluster(dstService, proxyServiceName)
+		remoteCluster, err := getRemoteServiceCluster(dstService, proxyServiceName, cfg)
 		if err != nil {
 			log.Error().Err(err).Msgf("Failed to construct service cluster for proxy %s", proxyServiceName)
 			return nil, err

pkg/envoy/cds/response_test.go

@@ -135,7 +135,7 @@ var _ = Describe("CDS Response", func() {
 		It("Returns a remote cluster object", func() {
 			localService := tests.BookbuyerService
 			remoteService := tests.BookstoreService
-			remoteCluster, err := getRemoteServiceCluster(remoteService, localService)
+			remoteCluster, err := getRemoteServiceCluster(remoteService, localService, cfg)
 			Expect(err).ToNot(HaveOccurred())
 
 			expectedClusterLoadAssignment := &xds_endpoint.ClusterLoadAssignment{

pkg/envoy/lds/listener.go

@@ -51,6 +51,13 @@ func newOutboundListener(cfg configurator.Configurator) (*xds_listener.Listener,
 				},
 			},
 		},
+		ListenerFilters: []*xds_listener.ListenerFilter{
+			{
+				// The OriginalDestination ListenerFilter is used to redirect traffic
+				// to its original destination.
+				Name: wellknown.OriginalDestination,
+			},
+		},
 	}
 
 	if cfg.IsEgressEnabled() {
@@ -95,8 +102,6 @@ func updateOutboundListenerForEgress(outboundListener *xds_listener.Listener, cf
 		return err
 	}
 	outboundListener.FilterChains = append(outboundListener.FilterChains, egressFilterChain)
-	listenerFilters := buildEgressListenerFilters()
-	outboundListener.ListenerFilters = append(outboundListener.ListenerFilters, listenerFilters...)
 
 	return nil
 }
@@ -163,20 +168,6 @@ func buildEgressFilterChain() (*xds_listener.FilterChain, error) {
 	}, nil
 }
 
-func buildEgressListenerFilters() []*xds_listener.ListenerFilter {
-	return []*xds_listener.ListenerFilter{
-		{
-			// The OriginalDestination ListenerFilter is used to redirect traffic
-			// to its original destination.
-			Name: wellknown.OriginalDestination,
-		},
-		{
-			// The TlsInspector ListenerFilter is used to examine the transport protocol
-			Name: wellknown.TlsInspector,
-		},
-	}
-}
-
 func parseCIDR(cidr string) (string, uint32, error) {
 	var addr string
 

pkg/envoy/lds/listener_test.go

@@ -48,7 +48,7 @@ var _ = Describe("Construct inbound and outbound listeners", func() {
 			Expect(listener.FilterChains[1].FilterChainMatch).Should(BeNil())
 
 			// Test ListenerFilters
-			expectedListenerFilters := []string{wellknown.OriginalDestination, wellknown.TlsInspector}
+			expectedListenerFilters := []string{wellknown.OriginalDestination}
 			Expect(len(listener.ListenerFilters)).To(Equal(len(expectedListenerFilters)))
 			for _, filter := range listener.ListenerFilters {
 				Expect(containsListenerFilter(expectedListenerFilters, filter.Name)).To(BeTrue())
@@ -70,8 +70,12 @@ var _ = Describe("Construct inbound and outbound listeners", func() {
 			Expect(len(listener.FilterChains)).To(Equal(1)) // Filter chain for in-mesh
 			Expect(listener.FilterChains[0].FilterChainMatch).Should(BeNil())
 
-			// Test that the ListenerFilters for egress don't exist
-			Expect(len(listener.ListenerFilters)).To(Equal(0))
+			// Test ListenerFilters
+			expectedListenerFilters := []string{wellknown.OriginalDestination}
+			Expect(len(listener.ListenerFilters)).To(Equal(len(expectedListenerFilters)))
+			for _, filter := range listener.ListenerFilters {
+				Expect(containsListenerFilter(expectedListenerFilters, filter.Name)).To(BeTrue())
+			}
 			Expect(listener.TrafficDirection).To(Equal(xds_core.TrafficDirection_OUTBOUND))
 		})
 	})