Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-511

EgressGateway should expose HTTP CONNECT method to allow using it as forward proxy



    • False
    • False
    • Compatibility/Configuration, User Experience
    • Undefined


      1. Proposed title of this feature request
      EgressGateway should expose HTTP CONNECT method to allow using it as forward proxy

      2. What is the nature and description of the request?
      It would be nice to have a way to expose HTTP CONNECT method in envoy through EgressGateway or similar to utilize envoy as forward proxy. With the addition/capability of using Istio DNS domain allow-list, it would be possible to quickly and easily configure forward proxy in Service Mesh for specific application and even restrict the allowed domains easily.

      3. Why does the customer need this? (List the business requirements here)
      In enterprise environments it's fairly common that for ingress and egress traffic a proxy is required. To manage egress traffic through a forward proxy, it would be nice to make them part of Service Mesh and expose HTTP CONNECT in envoy for that use-case.

      That way, application can easily configure this on their own, utilize the DNS allow-list to specify which Domain they need access too. Alternative it would also allow a specific group to setup these forward proxies on application level and restrict the access to the resources really required. Hence making the usage of a company wide configured and maintained proxy obsolete.

      4. List any affected packages or components.
      OpenShift Service Mesh




            Unassigned Unassigned
            rhn-support-sreber Simon Reber
            2 Vote for this issue
            12 Start watching this issue