Support multi tenant route configuration selection based on HTTP attributes

[AndresGuedez]

Problem Statement

Envoy currently supports route configuration isolation in multi tenant environments by allowing a Listener FilterChain to specify a FilterChainMatch based on IP, TCP and TLS layer attributes.

When tenancy can be determined via these types of attributes, a FilterChain can be instantiated with a corresponding HttpConnectionManager RouteConfiguration proto (via static config or RDS) that corresponds to the tenant.

This issue tracks a design proposal to also support tenant differentiation via HTTP layer attributes, such that a single Listener -> HttpConnectionManager filter can be used to process requests for multiple tenants, each of which must be assigned its own RouteConfiguration.

Design Proposal

The design proposal extends Envoy with a Scoped Route Discovery Service API, which supports creating route configuration "scopes" indexed via a dynamically generated key extracted from HTTP layer attributes.

The proposed enhancement can be used to satisfy other use cases as well, such as #4690.

[htuch]

This has +1 from me and other Googlers, so looking for community input.

[mattklein123]

+1. I had one question about SRDS vs. building directly into RDS, and it seems to me the real problem is incremental delivery. There was discussion in the doc about field deprecation for this approach which I didn't fully understand and might be clarified a bit.

[AndresGuedez]

@htuch @mattklein123 thanks for the reviews and feedback.

I responded to comments in the doc and made some adjustments based on the feedback. I have been tied up with other work, but will be starting with implementation work on this shortly.

[htuch]

LGTM, anyone else wants to weigh in before we move forward? CC @envoyproxy/maintainers

[stale]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

[AndresGuedez]

Implementation work is ongoing. I am working on tests for the first PR which I am targeting for next week, although US holidays and a higher priority task are likely to delay this until the week after.