From 43c2f4d4a54e9bdb54891380c033216f6d91ce59 Mon Sep 17 00:00:00 2001
From: Eric <eric@haberkorn.co>
Date: Mon, 29 Aug 2022 10:41:31 -0400
Subject: [PATCH] Update max_ejection_percent on outlier detection for peered
 clusters to 100%

We can't trust health checks on peered services when service resolvers,
splitters and routers are used.
---
 .changelog/14373.txt                                        | 3 +++
 agent/xds/clusters.go                                       | 5 ++++-
 .../connect-proxy-with-peered-upstreams.latest.golden       | 4 ++--
 .../transparent-proxy-with-peered-upstreams.latest.golden   | 6 +++---
 4 files changed, 12 insertions(+), 6 deletions(-)
 create mode 100644 .changelog/14373.txt

diff --git a/.changelog/14373.txt b/.changelog/14373.txt
new file mode 100644
index 0000000000000..d9531b09ec991
--- /dev/null
+++ b/.changelog/14373.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+xds: Set `max_ejection_percent` on Envoy's outlier detection to 100% for peered services.
+```
diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go
index adde810d3777f..0a09ae6cdf3ab 100644
--- a/agent/xds/clusters.go
+++ b/agent/xds/clusters.go
@@ -772,6 +772,9 @@ func (s *ResourceGenerator) makeUpstreamClusterForPeerService(
 
 	clusterName := generatePeeredClusterName(uid, tbs)
 
+	outlierDetection := ToOutlierDetection(cfg.PassiveHealthCheck)
+	outlierDetection.MaxEjectionPercent = &wrappers.UInt32Value{Value: 100}
+
 	s.Logger.Trace("generating cluster for", "cluster", clusterName)
 	if c == nil {
 		c = &envoy_cluster_v3.Cluster{
@@ -785,7 +788,7 @@ func (s *ResourceGenerator) makeUpstreamClusterForPeerService(
 			CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{
 				Thresholds: makeThresholdsIfNeeded(cfg.Limits),
 			},
-			OutlierDetection: ToOutlierDetection(cfg.PassiveHealthCheck),
+			OutlierDetection: outlierDetection,
 		}
 		if cfg.Protocol == "http2" || cfg.Protocol == "grpc" {
 			if err := s.setHttp2ProtocolOptions(c); err != nil {
diff --git a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden
index d7c23515fcba1..29059b1435492 100644
--- a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden
+++ b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden
@@ -58,7 +58,7 @@
       "dnsRefreshRate": "10s",
       "dnsLookupFamily": "V4_ONLY",
       "outlierDetection": {
-
+        "maxEjectionPercent": 100
       },
       "commonLbConfig": {
         "healthyPanicThreshold": {
@@ -115,7 +115,7 @@
 
       },
       "outlierDetection": {
-
+        "maxEjectionPercent": 100
       },
       "commonLbConfig": {
         "healthyPanicThreshold": {
diff --git a/agent/xds/testdata/clusters/transparent-proxy-with-peered-upstreams.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-with-peered-upstreams.latest.golden
index 0dbbf4277da7f..d1f6d0bb0e1c8 100644
--- a/agent/xds/testdata/clusters/transparent-proxy-with-peered-upstreams.latest.golden
+++ b/agent/xds/testdata/clusters/transparent-proxy-with-peered-upstreams.latest.golden
@@ -18,7 +18,7 @@
 
       },
       "outlierDetection": {
-
+        "maxEjectionPercent": 100
       },
       "commonLbConfig": {
         "healthyPanicThreshold": {
@@ -75,7 +75,7 @@
 
       },
       "outlierDetection": {
-
+        "maxEjectionPercent": 100
       },
       "commonLbConfig": {
         "healthyPanicThreshold": {
@@ -157,7 +157,7 @@
 
       },
       "outlierDetection": {
-
+        "maxEjectionPercent": 100
       },
       "commonLbConfig": {
         "healthyPanicThreshold": {