[Improvement] Reconcile Envoy Proxy Infrastructure Changes

[haiyanmeng]

Description

The current implementation of the ResourceManager in pkg/infra/envoy/proxy.go only ensures the existence of Envoy proxy infrastructure resources (Deployment, Service, ConfigMap, ServiceAccount). It does not reconcile or update these resources if they already exist but their desired state has changed.
While traffic routing and policies are updated dynamically via the xDS server, any changes to the proxy's infrastructure are currently ignored after the initial creation.

Current Behavior

In pkg/infra/envoy/proxy.go, the EnsureProxyExist method and its helpers (like ensureDeployment, ensureConfigMap) follow a "create-if-missing" pattern:

1. They perform a Get to check if the resource exists.
2. If not found, they Create it.
3. If it exists, they do nothing, even if the desired spec (e.g., image version or bootstrap config) has changed.

Why This Matters

Without infrastructure reconciliation, the controller cannot support:

• Upgrades: Changing the envoyImage passed to the controller will not update existing Envoy deployments.
• Config Drift: Manual modifications to the Envoy deployments or services will not be reverted by the controller.
• Bootstrap Updates: Changes to the rendered ConfigMap (bootstrap config) are not applied to existing instances.

Expected Behavior

The controller should reconcile the infrastructure resources to match the desired state rendered by the ResourceManager.

• If the desired Deployment or ConfigMap differs from the current state in the cluster, the controller should update the resource.
• Appropriate rollout strategies should be considered (e.g., rolling update for the Deployment).

Possible Implementation Approach

Instead of just checking for existence, we can use an Update or Patch strategy:

• For the Deployment, we could check if the spec has changed (e.g., image or labels) and call Update.
• For the ConfigMap, we could update the data if it differs.

[HarshithaMS005]

/assign