Was thinking to use Ambassador design pattern and filter each request through Nginx with Waf (mod_security or Naxsi) in reverse proxy and ACL, authentication and authorization to pod.
What are the best practices?
How to prevent "soft belly" of each microservice being open in the network (vlan, vpc or similar)
Thanks,