Thank you all for the very helpful explanations and clarifications. That all makes things quite a lot more clear to me.
I have tried the Kubernetes Sidecar proxy setup as explained in the docs and unfortunately also stumbled a bit. There is a problem with newer versions of alpine that makes the concept not to work anymore as intended. I have opened a new thread on that, but for completeness, here’s what i found: Tproxy mode as sidecar container not working with alpine >=3.13.
Cheers
Christian