0

I have a requirement that incoming as well as outgoing SSL traffic to a POD in a Namespace has to terminate at a proxy (the same), this proxy should look at a special part in the header of the packet and decide if the packet is allowed for out or in, if not the proxy has to send an 403.

I already took look at Istio and Envoy, but I couldn't find a solution for my problem.

Now I decided to start a separate NGINX-POD in my namespace and always route the traffic through it. So I'll be able to create a custom python module that does the Checks for me.

But I would rather work with native methods, if possible. Now I wanted to ask you, if you have an idea, what to use for this scenario.

Client -> nginx ingress (ssl pathrough) -> nginx (reverse/forward) proxy -> app app -> nginx (reverse/forward) proxy -> Client

EDIT: or should I take a look at squid or something like that? :O

0hlov3
  • 11
  • 2
  • What about solution mentioned here: https://stackoverflow.com/questions/69556313/restrict-access-to-specific-endpoint-unless-certain-header-value-given? – Jakub Siemaszko Oct 14 '21 at 14:07
  • Hmm seems, that this solution is only for Ingress Traffic. But I need a reverse and a forward proxy for every namespace, where the application is deployed. :( Thank you. :) – 0hlov3 Oct 15 '21 at 08:58

0 Answers0