So the story goes like this: You have container workloads running in production (nomad). You are on a bare metal environment. Multiple container networking software solutions are in use in different data-centers - contiv and flannel. The perimeter is secured for the cluster (firewalls, WAF). Service to service communication within the cluster is non-secure (the journey started before service mesh concepts was in place). Customer insists that service to service communication is over https within the cluster when it crosses machine boundaries within the perimeter too. Incremental approach for migration service by service is mandatory. Options Introduce a full-fledged service mesh A complete networking and software stack upgrade is impossible without a downtime. Replace the existing container networking with one that supports encryption Do we have one such solution which is usable in production? Solution “Introduce a light weight sidecar proxy that can do this job” Details Nginx as a side...