Service Mesh Questions

A team enables TLS passthrough for Gateway API and then notices that the backend sees Envoy or node IPs instead of the real client IP. Why?

When is Cilium Gateway API host network mode most appropriate?

What does a service mesh primarily do for distributed applications according to the Cilium docs?

A team migrates from a legacy Ingress controller to Cilium Gateway API. They need to redirect all HTTP traffic on port 80 to HTTPS on port 443. Which ...

A platform engineer enables WireGuard transparent encryption on a Cilium cluster. They then attempt to also use IPsec transparent encryption on the sa...

A security team audits a Cilium deployment and finds that pod-to-pod traffic on the same node is not encrypted even though WireGuard transparent encry...

A cluster administrator wants to configure Cilium Ingress to share a single LoadBalancer IP across multiple Ingress resources rather than provisioning...

An operator wants to deploy Cilium's Ingress controller to expose a backend service via HTTP. The cluster runs in a cloud environment that provides Lo...

A platform team deploys Cilium service mesh and wants to enforce mutual authentication (mTLS) between specific services so that both sides verify each...

Which two transparent encryption protocols does Cilium support for encrypting pod-to-pod traffic at the network layer without requiring changes to app...

A DevOps team wants to use Cilium service mesh without deploying any sidecar proxies alongside their application pods, keeping resource overhead minim...

A team wants a Gateway listener on port 443 in host network mode. What extra capability must be granted to Envoy?

Which component validates Gateway API resources and marks them as Accepted before Envoy is configured?

What happens when Cilium Gateway API host network mode is enabled?

Gateway resources are not being programmed and the operator logs say Required GatewayAPI resources are not found. What is the most likely fix?