Kubernetes manifests for TLS origination through an egress gateway through a tinyproxy

These manifests are only a proof a concept. Care must be taken.

flowchart LR

subgraph Mesh in Kubernetes
App -->|HTTP| SidecarProxy
SidecarProxy -->|mTLS| EgressGateway
end

EgressGateway -->|HTTPS| Tinyproxy
Tinyproxy --> Website

The tinyproxy is installed inside kubernetes, but can be configured outside.

Works with istio control plane 1.15.3, installed with istioctl install --set profile=minimal

Thanks a lot to https://gist.github.com/cortex93/6d7cd9738b077d0447ab891cbacd0d5e making the envoyfilter manifest possible.

Egressgateways manifests are taken from https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages/tree/main/samples/gateways/istio-egressgateway

TLS Originating manifests are taken from https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
egressgateway		egressgateway
envoyfilter		envoyfilter
istio-system		istio-system
namespaces		namespaces
sleep		sleep
tinyproxy		tinyproxy
tls-originating		tls-originating
README.md		README.md
kustomization.yaml		kustomization.yaml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Kubernetes manifests for TLS origination through an egress gateway through a tinyproxy

About

Releases

Packages

ybelleguic/envoyfilters-external-proxy

Folders and files

Latest commit

History

Repository files navigation

Kubernetes manifests for TLS origination through an egress gateway through a tinyproxy

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages