feat: disabling TLS for dev Destination Rules (#13)

* disabling TLS for dev Destination Rules

* comment

kontrol-service/engine/flow/constants.go

@@ -91,6 +91,10 @@ end
 `
 
 	luaFilterType = "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
+
+	// this is related to the prod flowID and prod default namespace
+	// TODO find a way to centralize this value for all of these concepts (Service.version, flowID and default namespace)
+	prodVersion = "prod"
 )
 
 func generateLuaTraceHeaderPriorities() string {

kontrol-service/engine/flow/dev_flow.go

@@ -58,7 +58,7 @@ func CreateDevFlow(pluginRunner *plugins.PluginRunner, baseClusterTopologyMaybeW
 
 	// Replace "prod" version services with baseTopology versions
 	for i, service := range topologyRef.Services {
-		if service.Version == "prod" {
+		if service.Version == prodVersion {
 			prodService, err := baseTopology.GetService(service.ServiceID)
 			if err != nil {
 				return nil, fmt.Errorf("failed to get prod service %s: %v", service.ServiceID, err)
@@ -73,7 +73,7 @@ func CreateDevFlow(pluginRunner *plugins.PluginRunner, baseClusterTopologyMaybeW
 	// postgres is marked as shared, we mark its parent "cartservice" as shared
 	// cartservice then happens in the loop and we try again (currently we don't as we check if version isn't shared)
 	for _, service := range topology.Services {
-		if service.IsShared && service.Version != "prod" && service.Version != constants.SharedVersionVersionString {
+		if service.IsShared && service.Version != prodVersion && service.Version != constants.SharedVersionVersionString {
 			logrus.Infof("Marking service '%v' as shared, current version '%v'", service.ServiceID, service.Version)
 			originalVersion := service.Version
 			service.Version = constants.SharedVersionVersionString
@@ -91,14 +91,14 @@ func CreateDevFlow(pluginRunner *plugins.PluginRunner, baseClusterTopologyMaybeW
 
 	// Update service dependencies
 	for i, dependency := range topologyRef.ServiceDependencies {
-		if dependency.Service.Version == "prod" {
+		if dependency.Service.Version == prodVersion {
 			prodService, err := baseTopology.GetService(dependency.Service.ServiceID)
 			if err != nil {
 				return nil, fmt.Errorf("failed to get prod service %s for dependency: %v", dependency.Service.ServiceID, err)
 			}
 			topologyRef.ServiceDependencies[i].Service = prodService
 		}
-		if dependency.DependsOnService.Version == "prod" {
+		if dependency.DependsOnService.Version == prodVersion {
 			prodDependsOnService, err := baseTopology.GetService(dependency.DependsOnService.ServiceID)
 			if err != nil {
 				return nil, fmt.Errorf("failed to get prod service %s for dependsOn: %v", dependency.DependsOnService.ServiceID, err)

kontrol-service/engine/flow/render.go

@@ -232,12 +232,26 @@ func getDestinationRule(serviceID string, services []*resolved.Service, namespac
 	// if we do that then the render work around isn't necessary
 	subsets := lo.UniqBy(
 		lo.Map(services, func(service *resolved.Service, _ int) *v1alpha3.Subset {
-			return &v1alpha3.Subset{
+
+			newSubset := &v1alpha3.Subset{
 				Name: service.Version,
 				Labels: map[string]string{
 					"version": service.Version,
 				},
 			}
+
+			// TODO Narrow down this configuration to only subsets created for telepresence intercepts or find a way to enable TLS for telepresence intercepts https://github.com/kurtosis-tech/kardinal-kontrol/issues/14
+			// This config is necessary for Kardinal/Telepresence (https://www.telepresence.io/) integration
+			if service.Version != prodVersion {
+				newTrafficPolicy := &v1alpha3.TrafficPolicy{
+					Tls: &v1alpha3.ClientTLSSettings{
+						Mode: v1alpha3.ClientTLSSettings_DISABLE,
+					},
+				}
+				newSubset.TrafficPolicy = newTrafficPolicy
+			}
+
+			return newSubset
 		}),
 		func(subset *v1alpha3.Subset) string {
 			return subset.Name