Support EG local running

[danehans]

Causes Incorrect xDS Address

The "run-kube-local" Make target causes Envoy to fail to connect to the xDS server, i.e. Envoy Gateway. This is because the Envoy Deployment will use "envoy-gateway" as the DNS name to connect to Envoy Gateway. Since this Service and associated EG Deployment does not exist, Envoy never connects to the xDS server. This Make target should update the xDS address to "host.docker.internal" of the Make target when called.

EG<>Envoy TLS

#208 added control plane TLS. The cert-gen Job creates the certs and stores them in certs that get mounted to EG and the managed Envoys. This process needs to be augmented to allow the certs to be stored locally and configure EG to fetch the cert/key from the local path.

xref: #245
xref: #224

[arkodg]

imho make run-kube-local should pick a new bootstrap file (which would be supported once #31 is in) which would contain the updated xDS address host.docker.internal (for non linux systems)
it would be a long list of things to support if we starting supporting configuration of individual fields such as the xds server address

[Xunzhuo]

/assign cc @arkodg

[arkodg]

I dont see an easy of doing this w/o adding a new API or supporting Envoy resource configs directly.
suggesting moving this in backlog and tackling this later once #31 is supported

[danehans]

Agreed. With control plane auth being added, we need to expose the certs dir and have a tool that generates the certs similar to the certgen job:

2022-09-26T17:13:47.105Z	ERROR	runner/runner.go:162	failed to load certificate and key	{"runner": "xds-server", "error": "open /certs/tls.crt: no such file or directory"}

xref: https://envoyproxy.slack.com/archives/C03E6NHLESV/p1664212644662989