Using Envoy as an Egress Proxy for TLS Enabled Traffic

Explore a solution for using Envoy as an egress proxy for TLS-enabled traffic in this conference talk by Amit Jain and Kiran Kumar from VMware. Learn about the challenges faced by modern cloud-native applications in securing external interactions and how to overcome Envoy's limitations for egress security. Discover the combined approach of deploying Envoy as a transparent egress sidecar proxy along with SSLproxy for TLS interception. Dive into the traffic stitching mechanism and a new Envoy listener filter that acts as the glue between Envoy and SSLproxy, extending Envoy's capabilities for integrated egress security. Gain insights into the implementation details, including SSL Proxy for deep SSL inspection, Envoy extension with SSL Proxy Listener Filter, and ISTIO Control Plane integration using EnvoyFilter CRD.

Intro
Cloud-Native Applications Bring New Security Challenges
Egress Connectivity is Must to Have for Modern Microservice Applications rely on external services for critical part of their functionality
Envoy's Limitations For Egress Security and Proposed Solut
SSL Proxy for Deep SSL Inspection
Using SSL Proxy for Egress TLS Interception
Enabling Envoy to Intercept Egress TLS with SSL Proxy SSL Proxy provides MITM and Enables Envoy Traffic Management & Security for TLS
Envoy Extension - SSL Proxy Listener Filter SSL Proxy Listener Fiter Provides Interface to SSL Prowy
ISTIO Control Plane Integration Using EnvoyFilter CRD Configures Envoy as transparent proxy for Observability Mode Only
Open Items & Next Steps