When permissive traffic policy mode is not working as expected

1. Confirm Permissive traffic policy mode is enabled

Confirm permissive traffic policy mode is enabled by verifying the value for the enablePermissiveTrafficPolicyMode key in the osm-mesh-config custom resource. osm-mesh-config MeshConfig resides in the namespace OSM control plane namespace, osm-system by default.

# Returns true if permissive traffic policy mode is enabled
$ kubectl get meshconfig osm-mesh-config -n osm-system -o jsonpath='{.spec.traffic.enablePermissiveTrafficPolicyMode}{"\n"}'
true

The above command must return a boolean string (true or false) indicating if permissive traffic policy mode is enabled.

2. Inspect OSM controller logs for errors

# When osm-controller is deployed in the osm-system namespace
kubectl logs -n osm-system $(kubectl get pod -n osm-system -l app=osm-controller -o jsonpath='{.items[0].metadata.name}')

Errors will be logged with the level key in the log message set to error:

{"level":"error","component":"...","time":"...","file":"...","message":"..."}

3. Confirm the Envoy configuration

Confirm the Envoy proxy configuration on the client and server pods are allowing the client to access the server. Refer to the sample configurations to verify that the client has valid routes programmed to access the server.