Powering Automatic Authorization in Envoy Through Live Traffic Inspection

Learn how to leverage live traffic inspection for automatic authorization in Envoy through this conference talk by Pixie core maintainer Dom Del Nano. Explore how zero instrumentation observability tools like CNCF Pixie and Hubble can address the challenges of implementing authentication and authorization in modern environments. Discover techniques for retrofitting existing systems with proper AuthN/Z controls by understanding service-to-service access patterns. Examine a detailed case study demonstrating how to generate OPA policies for Envoy AuthZ using real traffic data from Pixie, enabling L7-based permission scoping. Gain insights into utilizing protocol traces and span payloads for comprehensive environment visibility and implementing least privilege access in large-scale systems.