Can an Envoy Sidecar use an HTTP/HTTPS proxy for egress traffic

Question

We have a service and an Envoy sidecar deployed in a K8S pod. All ingress and egress traffic goes through Envoy which works great. However our production environment is locked down and all HTTP/HTTPS traffic must go through a Proxy provided via the standard http_proxy and https_proxy environment variables.

Envoy is routing requests using the http_connection_manager filter, referencing targets defined in clusters.

Is there a way to get Envoy to use the proxy server for its egress http traffic? Either using the https_proxy environment variable or defining the egress https proxy some other way.

score 0 · Answer 1 · answered Oct 18 '19 at 12:30

You can define a cluster for the proxy based on the domain name of the proxy:

- name: example_proxy
  connect_timeout: 5s
  type: LOGICAL_DNS
  hosts: [{ socket_address: { address: proxy.example.com, port_value: 80 }}]

or the IP address of the proxy:

- name: example_proxy_ipv4
  connect_timeout: 5s
  type: STATIC
  hosts: [{ socket_address: { address: 192.0.2.1, port_value: 80 }}]

Then use http_connection_manager filters to route all traffic not matching the other rules to this cluster.

Can an Envoy Sidecar use an HTTP/HTTPS proxy for egress traffic

1 Answers1