config/meshConfig: New localProxyMode field (#4686)

Add new `spec.sidecar.localProxyMode` field for user to
control how mesh traffic gets proxied

Signed-off-by: Keith Mattix II <[email protected]>

Author: keithmattix

charts/osm/README.md

@@ -138,6 +138,7 @@ The following table lists the configurable parameters of the osm chart and their
 | osm.injector.replicaCount | int | `1` | Sidecar injector's replica count (ignored when autoscale.enable is true) |
 | osm.injector.resource | object | `{"limits":{"cpu":"0.5","memory":"64M"},"requests":{"cpu":"0.3","memory":"64M"}}` | Sidecar injector's container resource parameters |
 | osm.injector.webhookTimeoutSeconds | int | `20` | Mutating webhook timeout |
+| osm.localProxyMode | string | `"Localhost"` | Proxy mode for the Envoy proxy sidecar. Acceptable values are ['Localhost', 'PodIP'] |
 | osm.maxDataPlaneConnections | int | `0` | Sets the max data plane connections allowed for an instance of osm-controller, set to 0 to not enforce limits |
 | osm.meshName | string | `"osm"` | Identifier for the instance of a service mesh within a cluster |
 | osm.multicluster | object | `{"gatewayLogLevel":"error"}` | OSM multicluster feature configuration |

charts/osm/values.schema.json

@@ -701,6 +701,16 @@
                         "error"
                     ]
                 },
+                "localProxyMode": {
+                    "$id": "#/properties/osm/properties/localProxyMode",
+                    "type": "string",
+                    "title": "The localProxyMode schema",
+                    "description": "Proxy mode for the Envoy proxy sidecar. Acceptable values are ['Localhost', 'PodIP'].",
+                    "enum": ["Localhost","PodIP"],
+                    "examples": [
+                        "Localhost"
+                    ]
+                },
                 "controllerLogLevel": {
                     "$id": "#/properties/osm/properties/controllerLogLevel",
                     "type": "string",

charts/osm/values.yaml

@@ -204,6 +204,9 @@ osm:
   # -- Log level for the Envoy proxy sidecar. Non developers should generally never set this value. In production environments the LogLevel should be set to `error`
   envoyLogLevel: error
 
+  # -- Proxy mode for the Envoy proxy sidecar. Acceptable values are ['Localhost', 'PodIP']
+  localProxyMode: Localhost
+
   # -- Sets the max data plane connections allowed for an instance of osm-controller, set to 0 to not enforce limits
   maxDataPlaneConnections: 0
 

cmd/osm-bootstrap/crds/config_meshconfig.yaml

@@ -116,6 +116,13 @@ spec:
                       type: array
                       items:
                         type: string
+                    localProxyMode:
+                      description: Sets the destination ip address the envoy proxy will use when connecting to the backend application. Acceptable values are [Localhost, PodIP]. The default value is Localhost
+                      type: string
+                      enum:
+                        - Localhost
+                        - PodIP
+                      default: Localhost
                 traffic:
                   description: Configuration for traffic management
                   type: object

pkg/apis/config/v1alpha2/mesh_config.go

@@ -40,6 +40,16 @@ type MeshConfigSpec struct {
 	FeatureFlags FeatureFlags `json:"featureFlags,omitempty"`
 }
 
+// LocalProxyMode is a type alias representing the way the envoy sidecar proxies to the main application
+type LocalProxyMode string
+
+const (
+	// LocalProxyModeLocalhost indicates the the sidecar should communicate with the main application over localhost
+	LocalProxyModeLocalhost LocalProxyMode = "Localhost"
+	// LocalProxyModePodIP indicates that the sidecar should communicate with the main application via the pod ip
+	LocalProxyModePodIP LocalProxyMode = "PodIP"
+)
+
 // SidecarSpec is the type used to represent the specifications for the proxy sidecar.
 type SidecarSpec struct {
 	// EnablePrivilegedInitContainer defines a boolean indicating whether the init container for a meshed pod should run as privileged.
@@ -77,6 +87,9 @@ type SidecarSpec struct {
 
 	// ECDHCurves defines a list of ECDH curves that TLS connection supports. If not specified, the curves are [X25519, P-256] for non-FIPS build and P-256 for builds using BoringSSL FIPS.
 	ECDHCurves []string `json:"ecdhCurves,omitempty"`
+
+	// LocalProxyMode defines the network interface the envoy proxy will use to send traffic to the backend service application. Acceptable values are [`Localhost`, `PodIP`]. The default is `Localhost`
+	LocalProxyMode LocalProxyMode `json:"localProxyMode,omitempty"`
 }
 
 // TrafficSpec is the type used to represent OSM's traffic management configuration.