Skip to content

Use Envoy to reach Azure Service Endpoints from on-prem network

Notifications You must be signed in to change notification settings

danigian/envoy-azure-service-endpoints

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Use Envoy to reach Azure Service Endpoints from on-prem network (via VPN)

Virtual Network service endpoints allow you to secure some critical Azure services to only specific virtual networks. Though, there is a limitation: endpoints cannot be used for traffic from your premises to Azure services. Right now, if you want to allow traffic from on-premises, you must also allow public (typically, NAT) IP addresses from your on-premises or ExpressRoute.

In this repo you will find out how to allow your communications to securely go through your VPN by using Envoy as a proxy.

Proposed architecture

"The slide of the proposed architecture"

Repository structure

There are two folders in this repository:

  1. envoy/ contains the proxy configuration, the Dockerfile to build the proper docker image and a Kubernetes YAML to deploy it to your cluster
  2. samples/ contains two sample console applications (for accessing KeyVault and Storage Accounts)

About

Use Envoy to reach Azure Service Endpoints from on-prem network

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published