K
Q

Proxy Outbound/Egress Traffic Within Kubernetes

2/1/2020

I am trying to proxy all outbound traffic coming from a Kube cluster. Presumably, the topology would look something like this:

enter image description here

Preferably, I'm looking for a lightweight solution that doesn't require the installation of additional components, sidecars or a ton of configuration but I'm not entirely sure what the solution landscape looks like.

It feels straightforward enough so I'm hoping there's a straightforward solution.

For reference, I'm using an AKS cluster.

-- Tyler Murry
kubernetes
proxy

Similar Questions

Getting a connection timeout issue with port forwarding in Kubernetes?
Distributed Caching in Kubernetes
Can I make AMQPS RabbitMQ using a Google-managed certificate on Kubernetes?
How do i blacklist a domain name from kubernetes

1 Answer

2/1/2020

I don't know if this can be done with vanilla kubernetes. But what you are requesting sounds an awful lot like Istio.io "Egress Gateway" Feature.

https://istio.io/docs/tasks/traffic-management/egress/egress-gateway/

Though theoretically, you could program your application to always contact your proxy and then block egress to other ips using a Kubernetes Network Policy resource.

Another theoretical suggestion I can think of (though I've never done it) is to set up a default gateway for your AKS VNet and route all outgoing traffic to your proxy.

-- yosefrow
Source: StackOverflow