[Bruno Palermo]

Hi there

I watched Tony Allen's envoycon talk about envoy as a node-scoped agent and was playing with the concept.

The question I have is related to how to propagate the pod identity.

From the traffic flow slide in the presentation I assume nftable + OriginalDst filter is being used. And because we are binding both the listener and the upstream cluster within the pod's network namespace, we have an upstream cluster for each pod where we can define the UpstreamTlsContext and forward each pod's identity.

 Assuming my understanding is correct, and I know the presentation was focused on L4, I wonder how we could extrapolate the use case for L7 as well. From what I can see I would have to duplicate upstream clusters so I could have the appropriate UpstreamTlsContext associated depending on the source pod.

Any insights would be appreciated.

Thanks!

---

Confidentiality note: This e-mail may contain confidential information from Nu Holdings Ltd and/or its affiliates. If you have received it by mistake, please let us know by e-mail reply and delete it from your system; you may not copy this message or disclose its contents to anyone; for details about what personal information we collect and why, please refer to our privacy policy.