Hi guys. I have of an ideological question. 1. We live in Kubernetes. 2. We have many different microservices that are API 3. We use the subject in proxy mode. A questions, since oathkeeper is not a balancer in its purest form and not a proxy API, is it worth bringing it to the level of the central infrastructure? Maybe use it as a personal authorization proxy for each service? That is, present it as a sidecar container for each pod requiring protection (authentication, authorization, etc.). From the pros at first glance: not to have problems with a huge central config for all microservices, isolation, a smaller path of unencrypted traffic (it lives only inside the pod), etc. Of the minuses - more management, unauthorized traffic goes deeper. Or is it delusion? Your opinions and criticism are welcome. For understanding, I sketched a diagram quickly.

I see your point, in fact I'm running into the same "doubt". Yesterday I took a closer look to the documentations and I found something really interesting. You are 100% oathkeeper is not a proxy API (I think you tried to say Gateway?) for that you will need a CDR for your K8s cluster, f.e Kong API Gateway or Istio or Traeffik, ... Then instead of exposing your Ingress you should send the traffic to the main API gateway then the API Gateway can potentially bypass the request to Oathkeeper