Envoy is an open-source edge and service proxy, designed for cloud-native applications.
When a request comes to the Envoy proxy, it delegates the request's metadata (name and description) and payload to an external engine (PDP) which is responsible for deciding whether to allow or deny the request reaching upstream.
The following sequence diagram describes the full authorization request flow using Envoy, as mention above:
Full request flow using Envoy
For more information on external authorization filter - click here
This tutorial requires docker-compose (tested on 1.27.4)
Create the following config.yaml file. The configuration instructs the proxy to listen on port 10000 and to behave as a reverse proxy to google.com. Envoy will also delegate all incoming requests to the sidecar PDP in order to allow / deny the access.