address comments

Signed-off-by: Sean Teeling <[email protected]>

pkg/catalog/endpoint_test.go

@@ -192,9 +192,9 @@ func TestListAllowedUpstreamEndpointsForService(t *testing.T) {
 					}
 					pod.Status.PodIPs = podIps
 					pod.Spec.ServiceAccountName = sa.Name
-					_, err := kubeClient.CoreV1().Pods(tests.Namespace).Create(context.TODO(), &pod, metav1.CreateOptions{})
+					_, err := kubeClient.CoreV1().Pods(tests.Namespace).Create(context.TODO(), pod, metav1.CreateOptions{})
 					assert.Nil(err)
-					pods = append(pods, &pod)
+					pods = append(pods, pod)
 				}
 			}
 			mockKubeController.EXPECT().ListPods().Return(pods).AnyTimes()

pkg/catalog/helpers_test.go

@@ -57,19 +57,19 @@ func newFakeMeshCatalogForRoutes(t *testing.T, testParams testParams) *MeshCatal
 
 	// Create a bookstoreV1 pod
 	bookstoreV1Pod := tests.NewPodFixture(tests.BookstoreV1Service.Namespace, tests.BookstoreV1Service.Name, tests.BookstoreServiceAccountName, tests.PodLabels)
-	if _, err := kubeClient.CoreV1().Pods(tests.BookstoreV1Service.Namespace).Create(context.TODO(), &bookstoreV1Pod, metav1.CreateOptions{}); err != nil {
+	if _, err := kubeClient.CoreV1().Pods(tests.BookstoreV1Service.Namespace).Create(context.TODO(), bookstoreV1Pod, metav1.CreateOptions{}); err != nil {
 		t.Fatalf("Error creating new pod: %s", err.Error())
 	}
 
 	// Create a bookstoreV2 pod
 	bookstoreV2Pod := tests.NewPodFixture(tests.BookstoreV2Service.Namespace, tests.BookstoreV2Service.Name, tests.BookstoreV2ServiceAccountName, tests.PodLabels)
-	if _, err := kubeClient.CoreV1().Pods(tests.BookstoreV2Service.Namespace).Create(context.TODO(), &bookstoreV2Pod, metav1.CreateOptions{}); err != nil {
+	if _, err := kubeClient.CoreV1().Pods(tests.BookstoreV2Service.Namespace).Create(context.TODO(), bookstoreV2Pod, metav1.CreateOptions{}); err != nil {
 		t.Fatalf("Error creating new pod: %s", err.Error())
 	}
 
 	// Create a bookbuyer pod
 	bookbuyerPod := tests.NewPodFixture(tests.BookbuyerService.Namespace, tests.BookbuyerService.Name, tests.BookbuyerServiceAccountName, tests.PodLabels)
-	if _, err := kubeClient.CoreV1().Pods(tests.BookbuyerService.Namespace).Create(context.TODO(), &bookbuyerPod, metav1.CreateOptions{}); err != nil {
+	if _, err := kubeClient.CoreV1().Pods(tests.BookbuyerService.Namespace).Create(context.TODO(), bookbuyerPod, metav1.CreateOptions{}); err != nil {
 		t.Fatalf("Error creating new pod: %s", err.Error())
 	}
 

pkg/debugger/proxy.go

@@ -82,8 +82,8 @@ func (ds DebugConfig) getConfigDump(uuid string, w http.ResponseWriter) {
 }
 
 func (ds DebugConfig) getProxy(uuid string, w http.ResponseWriter) {
-	proxy, ok := ds.proxyRegistry.GetConnectedProxy(uuid)
-	if !ok {
+	proxy := ds.proxyRegistry.GetConnectedProxy(uuid)
+	if proxy == nil {
 		msg := fmt.Sprintf("Proxy for UUID %s not found, may have been disconnected", uuid)
 		log.Error().Msg(msg)
 		if _, err := w.Write([]byte(msg)); err != nil {

pkg/envoy/ads/response_test.go

@@ -69,7 +69,7 @@ var _ = Describe("Test ADS response functions", func() {
 	// Create a Pod
 	pod := tests.NewPodFixture(namespace, fmt.Sprintf("pod-0-%s", uuid.New()), tests.BookstoreServiceAccountName, tests.PodLabels)
 	pod.Labels[constants.EnvoyUniqueIDLabelName] = proxyUUID.String()
-	_, err = kubeClient.CoreV1().Pods(namespace).Create(context.TODO(), &pod, metav1.CreateOptions{})
+	_, err = kubeClient.CoreV1().Pods(namespace).Create(context.TODO(), pod, metav1.CreateOptions{})
 	It("should have created a pod", func() {
 		Expect(err).ToNot(HaveOccurred())
 	})

pkg/envoy/cds/response_test.go

@@ -116,7 +116,7 @@ func TestNewResponse(t *testing.T) {
 	newPod1.Annotations = map[string]string{
 		constants.PrometheusScrapeAnnotation: "true",
 	}
-	_, err := kubeClient.CoreV1().Pods(tests.Namespace).Create(context.TODO(), &newPod1, metav1.CreateOptions{})
+	_, err := kubeClient.CoreV1().Pods(tests.Namespace).Create(context.TODO(), newPod1, metav1.CreateOptions{})
 	assert.Nil(err)
 
 	mockKubeController.EXPECT().GetPodForProxy(proxy).Return(&newPod1, nil)
@@ -456,7 +456,7 @@ func TestNewResponseGetEgressTrafficPolicyError(t *testing.T) {
 	pod := tests.NewPodFixture("ns", "pod-1", "svcacc", map[string]string{
 		constants.EnvoyUniqueIDLabelName: proxyUUID.String(),
 	})
-	mockKubeController.EXPECT().GetPodForProxy(proxy).Return(&pod, nil)
+	mockKubeController.EXPECT().GetPodForProxy(proxy).Return(pod, nil)
 
 	resp, err := NewResponse(meshCatalog, proxy, nil, cfg, nil, proxyRegistry)
 	tassert.NoError(t, err)
@@ -493,7 +493,7 @@ func TestNewResponseGetEgressTrafficPolicyNotEmpty(t *testing.T) {
 	pod := tests.NewPodFixture("ns", "pod-1", "svcacc", map[string]string{
 		constants.EnvoyUniqueIDLabelName: proxyUUID.String(),
 	})
-	mockKubeController.EXPECT().GetPodForProxy(proxy).Return(&pod, nil)
+	mockKubeController.EXPECT().GetPodForProxy(proxy).Return(pod, nil)
 
 	resp, err := NewResponse(meshCatalog, proxy, nil, cfg, nil, proxyRegistry)
 	tassert.NoError(t, err)

pkg/envoy/lds/response_test.go

@@ -42,7 +42,7 @@ func getProxy(kubeClient kubernetes.Interface) (*envoy.Proxy, *v1.Pod, error) {
 	newPod1.Annotations = map[string]string{
 		constants.PrometheusScrapeAnnotation: "true",
 	}
-	if _, err := kubeClient.CoreV1().Pods(tests.Namespace).Create(context.TODO(), &newPod1, metav1.CreateOptions{}); err != nil {
+	if _, err := kubeClient.CoreV1().Pods(tests.Namespace).Create(context.TODO(), newPod1, metav1.CreateOptions{}); err != nil {
 		return nil, nil, err
 	}
 
@@ -62,7 +62,7 @@ func getProxy(kubeClient kubernetes.Interface) (*envoy.Proxy, *v1.Pod, error) {
 		}
 	}
 
-	return envoy.NewProxy(envoy.KindSidecar, uuid.MustParse(tests.ProxyUUID), identity.New(tests.BookbuyerServiceAccountName, tests.Namespace), nil), &newPod1, nil
+	return envoy.NewProxy(envoy.KindSidecar, uuid.MustParse(tests.ProxyUUID), identity.New(tests.BookbuyerServiceAccountName, tests.Namespace), nil), newPod1, nil
 }
 
 func TestNewResponse(t *testing.T) {

pkg/envoy/proxy_test.go

@@ -25,7 +25,7 @@ var _ = Describe("Test proxy methods", func() {
 	podUID := uuid.New().String()
 	proxy := NewProxy(KindSidecar, proxyUUID, identity.New("svc-acc", "namespace"), tests.NewMockAddress("1.2.3.4"))
 
-	Context("Proxy is valid", func() {
+	It("creates a valid proxy", func() {
 		Expect(proxy).ToNot((BeNil()))
 	})
 

pkg/envoy/registry/announcement_handlers.go

@@ -38,7 +38,6 @@ func (pr *ProxyRegistry) ReleaseCertificateHandler(certManager certificateReleas
 			if proxyIface, ok := pr.connectedProxies.Load(proxyUUID); ok {
 				proxy := proxyIface.(*envoy.Proxy)
 				log.Warn().Msgf("Pod with label %s: %s found in proxy registry; releasing certificate for proxy %s", constants.EnvoyUniqueIDLabelName, proxyUUID, proxy.Identity)
-				// NewXDSCertCommonName
 				cn := envoy.NewXDSCertCommonName(proxy.UUID, proxy.Kind(), proxy.Identity.ToK8sServiceAccount().Name, proxy.Identity.ToK8sServiceAccount().Namespace)
 				certManager.ReleaseCertificate(cn)
 			} else {

pkg/envoy/registry/registry.go

@@ -20,12 +20,12 @@ func (pr *ProxyRegistry) RegisterProxy(proxy *envoy.Proxy) {
 }
 
 // GetConnectedProxy loads a connected proxy from the registry.
-func (pr *ProxyRegistry) GetConnectedProxy(uuid string) (*envoy.Proxy, bool) {
+func (pr *ProxyRegistry) GetConnectedProxy(uuid string) *envoy.Proxy {
 	p, ok := pr.connectedProxies.Load(uuid)
 	if !ok {
-		return nil, false
+		return nil
 	}
-	return p.(*envoy.Proxy), true
+	return p.(*envoy.Proxy)
 }
 
 // UnregisterProxy unregisters the given proxy from the catalog.

pkg/envoy/registry/registry_test.go

@@ -14,7 +14,7 @@ var _ = Describe("Test catalog proxy register/unregister", func() {
 	proxyRegistry := NewProxyRegistry(nil, nil)
 	proxy := envoy.NewProxy(envoy.KindSidecar, uuid.New(), identity.New("foo", "bar"), nil)
 
-	Context("Proxy is valid", func() {
+	It("Proxy is valid", func() {
 		Expect(proxy).ToNot((BeNil()))
 	})
 

pkg/envoy/registry/services.go

@@ -106,5 +106,6 @@ func getCertCommonNameForPod(pod v1.Pod) (certificate.CommonName, error) {
 	if err != nil {
 		return "", errors.Wrapf(err, "invalid UID value for %s label", constants.EnvoyUniqueIDLabelName)
 	}
-	return certificate.CommonName(fmt.Sprintf("%s.%s.%s.%s.cluster.local", proxyUID, envoy.KindSidecar, pod.Spec.ServiceAccountName, pod.Namespace)), nil
+	cn := envoy.NewXDSCertCommonName(proxyUID, envoy.KindSidecar, pod.Spec.ServiceAccountName, pod.Namespace)
+	return cn, nil
 }

pkg/envoy/registry/services_test.go

@@ -45,7 +45,7 @@ var _ = Describe("Test Proxy-Service mapping", func() {
 					constants.EnvoyUniqueIDLabelName: proxyUUID.String(),
 					constants.AppLabel:               tests.SelectorValue})
 			Expect(pod.Spec.ServiceAccountName).To(Equal(tests.BookstoreServiceAccountName))
-			mockKubeController.EXPECT().ListPods().Return([]*v1.Pod{&pod}).Times(1)
+			mockKubeController.EXPECT().ListPods().Return([]*v1.Pod{pod}).Times(1)
 
 			// Create the SERVICE
 			svcName := uuid.New().String()
@@ -131,7 +131,7 @@ var _ = Describe("Test Proxy-Service mapping", func() {
 			newPod := tests.NewPodFixture(namespace, podName, tests.BookstoreServiceAccountName, tests.PodLabels)
 			newPod.Labels[constants.EnvoyUniqueIDLabelName] = proxyUUID.String()
 
-			mockKubeController.EXPECT().ListPods().Return([]*v1.Pod{&newPod}).Times(1)
+			mockKubeController.EXPECT().ListPods().Return([]*v1.Pod{newPod}).Times(1)
 
 			// Create the SERVICE
 			svcName := uuid.New().String()
@@ -221,7 +221,7 @@ var _ = Describe("Test Proxy-Service mapping", func() {
 					},
 				},
 			}, nil).Times(1)
-			actualSvcs := listServicesForPod(&pod, mockKubeController)
+			actualSvcs := listServicesForPod(pod, mockKubeController)
 			Expect(len(actualSvcs)).To(Equal(2))
 
 			actualNames := []string{actualSvcs[0].Name, actualSvcs[1].Name}
@@ -240,7 +240,7 @@ var _ = Describe("Test Proxy-Service mapping", func() {
 
 			mockKubeController.EXPECT().ListServices().Return([]*v1.Service{service})
 			pod := tests.NewPodFixture(namespace, "pod-name", tests.BookstoreServiceAccountName, tests.PodLabels)
-			actualSvcs := listServicesForPod(&pod, mockKubeController)
+			actualSvcs := listServicesForPod(pod, mockKubeController)
 			Expect(len(actualSvcs)).To(Equal(0))
 		})
 
@@ -263,7 +263,7 @@ var _ = Describe("Test Proxy-Service mapping", func() {
 
 			mockKubeController.EXPECT().ListServices().Return([]*v1.Service{service})
 			pod := tests.NewPodFixture(namespace, "pod-name", tests.BookstoreServiceAccountName, tests.PodLabels)
-			actualSvcs := listServicesForPod(&pod, mockKubeController)
+			actualSvcs := listServicesForPod(pod, mockKubeController)
 			Expect(len(actualSvcs)).To(Equal(0))
 		})
 	})

pkg/errcode/errcode.go

@@ -203,10 +203,6 @@ const (
 	// ErrStartingADSServer indicates the gPRC service failed to start
 	ErrStartingADSServer
 
-	// ERRInitializingProxy indicates an instance of the Envoy proxy that connected to the XDS server could not be
-	// initialized
-	ErrInitializingProxy
-
 	// ErrMismatchedServiceAccount inicates the ServiceAccount referenced in the NodeID does not match the
 	// ServiceAccount specified in the proxy certificate
 	ErrMismatchedServiceAccount
@@ -648,11 +644,6 @@ a new snapshot in the Envoy xDS Aggregate Discovery Services cache.
 
 	ErrStartingADSServer: `
 The Aggregate Discovery Server (ADS) created by the OSM controller failed to start.
-`,
-
-	ErrInitializingProxy: `
-An Envoy proxy data structure representing a newly connected envoy proxy to the XDS
-server could not be initialized.
 `,
 
 	ErrMismatchedServiceAccount: `

pkg/injector/patch_test.go

@@ -164,7 +164,7 @@ func TestCreatePatch(t *testing.T) {
 				Object:    runtime.RawExtension{Raw: raw},
 				DryRun:    &tc.dryRun,
 			}
-			rawPatches, err := wh.createPatch(&pod, req, proxyUUID)
+			rawPatches, err := wh.createPatch(pod, req, proxyUUID)
 			assert.NoError(err)
 			patches := string(rawPatches)
 
@@ -200,7 +200,7 @@ func TestCreatePatch(t *testing.T) {
 			}
 
 			newUUID := uuid.New()
-			rawPatches, err = wh.createPatch(&pod, req, newUUID)
+			rawPatches, err = wh.createPatch(pod, req, newUUID)
 			assert.NoError(err)
 
 			patches = string(rawPatches)
@@ -259,7 +259,7 @@ func TestCreatePatch(t *testing.T) {
 			Namespace: namespace,
 			Object:    runtime.RawExtension{Raw: raw},
 		}
-		_, err = wh.createPatch(&pod, req, proxyUUID)
+		_, err = wh.createPatch(pod, req, proxyUUID)
 		assert.Error(err)
 	})
 }

pkg/k8s/client.go

@@ -30,20 +30,6 @@ import (
 	"github.com/openservicemesh/osm/pkg/service"
 )
 
-var (
-	// ErrMoreThanOnePodForUUID is an error for when OSM finds more than one pod for a given xDS certificate. There should always be exactly one Pod for a given xDS certificate.
-	ErrMoreThanOnePodForUUID = errors.New("found more than one pod for xDS uuid")
-
-	// ErrDidNotFindPodForUUID is an error for when OSM cannot not find a pod for the given xDS certificate.
-	ErrDidNotFindPodForUUID = errors.New("did not find pod for uuid")
-
-	// ErrServiceAccountDoesNotMatchProxy is an error for when the service account of a Pod does not match the xDS certificate.
-	ErrServiceAccountDoesNotMatchProxy = errors.New("service account does not match proxy")
-
-	// ErrNamespaceDoesNotMatchProxy is an error for when the namespace of the Pod does not match the xDS certificate.
-	ErrNamespaceDoesNotMatchProxy = errors.New("namespace does not match proxy")
-)
-
 // NewKubernetesController returns a new kubernetes.Controller which means to provide access to locally-cached k8s resources
 func NewKubernetesController(kubeClient kubernetes.Interface, policyClient policyv1alpha1Client.Interface, meshName string,
 	stop <-chan struct{}, msgBroker *messaging.Broker, selectInformers ...InformerKey) (Controller, error) {
@@ -470,7 +456,7 @@ func (c client) GetPodForProxy(proxy *envoy.Proxy) (*v1.Pod, error) {
 		log.Error().Str(errcode.Kind, errcode.GetErrCodeWithMetric(errcode.ErrFetchingPodFromCert)).
 			Msgf("Did not find Pod with label %s = %s in namespace %s",
 				constants.EnvoyUniqueIDLabelName, proxyUUID, svcAccount.Namespace)
-		return nil, ErrDidNotFindPodForUUID
+		return nil, errDidNotFindPodForUUID
 	}
 
 	// Each pod is assigned a unique UUID at the time of sidecar injection.
@@ -482,25 +468,27 @@ func (c client) GetPodForProxy(proxy *envoy.Proxy) (*v1.Pod, error) {
 		log.Error().Str(errcode.Kind, errcode.GetErrCodeWithMetric(errcode.ErrPodBelongsToMultipleServices)).
 			Msgf("Found more than one pod with label %s = %s in namespace %s. There can be only one!",
 				constants.EnvoyUniqueIDLabelName, proxyUUID, svcAccount.Namespace)
-		return nil, ErrMoreThanOnePodForUUID
+		return nil, errMoreThanOnePodForUUID
 	}
 
 	pod := pods[0]
 	log.Trace().Msgf("Found Pod with UID=%s for proxyID %s", pod.ObjectMeta.UID, proxyUUID)
 
 	if pod.Namespace != svcAccount.Namespace {
-		log.Warn().Msgf("Pod with UID=%s belongs to Namespace %s. The pod's xDS certificate was issued for Namespace %s",
-			pod.ObjectMeta.UID, pod.Namespace, svcAccount.Namespace)
-		return nil, ErrNamespaceDoesNotMatchProxy
+		log.Warn().Str(errcode.Kind, errcode.GetErrCodeWithMetric(errcode.ErrFetchingPodFromCert)).
+			Msgf("Pod with UID=%s belongs to Namespace %s. The pod's xDS certificate was issued for Namespace %s",
+				pod.ObjectMeta.UID, pod.Namespace, svcAccount.Namespace)
+		return nil, errNamespaceDoesNotMatchProxy
 	}
 
 	// Ensure the Name encoded in the certificate matches that of the Pod
 	// TODO(draychev): check that the Kind matches too! [https://github.com/openservicemesh/osm/issues/3173]
 	if pod.Spec.ServiceAccountName != svcAccount.Name {
 		// Since we search for the pod in the namespace we obtain from the certificate -- these namespaces will always match.
-		log.Warn().Msgf("Pod with UID=%s belongs to ServiceAccount=%s. The pod's xDS certificate was issued for ServiceAccount=%s",
-			pod.ObjectMeta.UID, pod.Spec.ServiceAccountName, svcAccount)
-		return nil, ErrServiceAccountDoesNotMatchProxy
+		log.Warn().Str(errcode.Kind, errcode.GetErrCodeWithMetric(errcode.ErrFetchingPodFromCert)).
+			Msgf("Pod with UID=%s belongs to ServiceAccount=%s. The pod's xDS certificate was issued for ServiceAccount=%s",
+				pod.ObjectMeta.UID, pod.Spec.ServiceAccountName, svcAccount)
+		return nil, errServiceAccountDoesNotMatchProxy
 	}
 
 	return &pod, nil

pkg/k8s/client_test.go

@@ -1,7 +1,6 @@
 package k8s
 
 import (
-	"context"
 	"testing"
 
 	"github.com/golang/mock/gomock"
@@ -1033,12 +1032,8 @@ func TestK8sServicesToMeshServices(t *testing.T) {
 
 func TestGetPodForProxy(t *testing.T) {
 	assert := tassert.New(t)
-	kubeClient := fake.NewSimpleClientset()
 	stop := make(chan struct{})
-	kubeController, err := NewKubernetesController(kubeClient, nil, testMeshName, stop, messaging.NewBroker(nil))
-	assert.Nil(err)
-
-	ctx := context.Background()
+	defer close(stop)
 
 	proxyUUID := uuid.New()
 	someOtherEnvoyUID := uuid.New()
@@ -1052,23 +1047,17 @@ func TestGetPodForProxy(t *testing.T) {
 		constants.EnvoyUniqueIDLabelName: someOtherEnvoyUID.String(),
 	}
 
-	newPod0 := tests.NewPodFixture(namespace, "pod-0", tests.BookstoreServiceAccountName, someOthePodLabels)
-	_, err = kubeClient.CoreV1().Pods(namespace).Create(ctx, &newPod0, metav1.CreateOptions{})
-	assert.NoError(err)
-
-	newPod1 := tests.NewPodFixture(namespace, "pod-1", tests.BookstoreServiceAccountName, podlabels)
-	_, err = kubeClient.CoreV1().Pods(namespace).Create(ctx, &newPod1, metav1.CreateOptions{})
-	assert.NoError(err)
+	pod := tests.NewPodFixture(namespace, "pod-1", tests.BookstoreServiceAccountName, podlabels)
+	kubeClient := fake.NewSimpleClientset(
+		monitoredNS(namespace),
+		monitoredNS("bad-namespace"),
+		tests.NewPodFixture(namespace, "pod-0", tests.BookstoreServiceAccountName, someOthePodLabels),
+		pod,
+		tests.NewPodFixture(namespace, "pod-2", tests.BookstoreServiceAccountName, someOthePodLabels),
+	)
 
-	newPod2 := tests.NewPodFixture(namespace, "pod-2", tests.BookstoreServiceAccountName, someOthePodLabels)
-	_, err = kubeClient.CoreV1().Pods(namespace).Create(ctx, &newPod2, metav1.CreateOptions{})
-	assert.NoError(err)
-
-	_, err = kubeClient.CoreV1().Namespaces().Create(ctx, monitoredNS(namespace), metav1.CreateOptions{})
-	assert.NoError(err)
-
-	_, err = kubeClient.CoreV1().Namespaces().Create(ctx, monitoredNS("bad-namespace"), metav1.CreateOptions{})
-	assert.NoError(err)
+	kubeController, err := NewKubernetesController(kubeClient, nil, testMeshName, stop, messaging.NewBroker(nil))
+	assert.Nil(err)
 
 	testCases := []struct {
 		name  string
@@ -1079,26 +1068,26 @@ func TestGetPodForProxy(t *testing.T) {
 		{
 			name:  "fails when UUID does not match",
 			proxy: envoy.NewProxy(envoy.KindSidecar, uuid.New(), tests.BookstoreServiceIdentity, nil),
-			err:   ErrDidNotFindPodForUUID,
+			err:   errDidNotFindPodForUUID,
 		},
 		{
 			name:  "fails when service account does not match certificate",
 			proxy: &envoy.Proxy{UUID: proxyUUID, Identity: identity.New("bad-name", namespace)},
-			err:   ErrServiceAccountDoesNotMatchProxy,
+			err:   errServiceAccountDoesNotMatchProxy,
 		},
 		{
 			name:  "2 pods with same uuid",
 			proxy: envoy.NewProxy(envoy.KindSidecar, someOtherEnvoyUID, tests.BookstoreServiceIdentity, nil),
-			err:   ErrMoreThanOnePodForUUID,
+			err:   errMoreThanOnePodForUUID,
 		},
 		{
 			name:  "fails when namespace does not match certificate",
 			proxy: envoy.NewProxy(envoy.KindSidecar, proxyUUID, identity.New(tests.BookstoreServiceAccountName, "bad-namespace"), nil),
-			err:   ErrNamespaceDoesNotMatchProxy,
+			err:   errNamespaceDoesNotMatchProxy,
 		},
 		{
 			name:  "works as expected",
-			pod:   &newPod1,
+			pod:   pod,
 			proxy: envoy.NewProxy(envoy.KindSidecar, proxyUUID, tests.BookstoreServiceIdentity, nil),
 		},
 	}