Skip to content
Teju Nareddy
GithubLinkedIn

About

I currently drive the architecture and implementation of Confluent's next-generation traffic gateway, managing L7 ingress for the entire company. This infrastructure, based on Envoy Proxy, powers major Confluent products including Unified Stream Manager, Connectors, Schema Registry, and Flink.

My areas of expertise span:

  • Data Plane: Scalable OAuth2 & API Key authentication in Envoy proxy, propagation of network context to Confluent applications, TLS termination for AWS Private Link traffic, and Cilium CNI integration.
  • Control Plane: Kubernetes Gateway API implementation and pipeline-based xDS translation for multi-cluster environments, supporting thousands of multi-tenant and dedicated instances.
  • Multi-Cloud Architecture: Cloud-agnostic solutions distributed globally across 30+ regions on AWS, Azure, and GCP, leveraging provider-specific networking constructs (e.g., AWS Cross-Account Elastic Network Interfaces, GCP Private Service Connect) for optimal cost.

I also own the lifecycle and stability of the Envoy data plane at Confluent. This involves driving security upgrades, debugging & resolving production incidents, optimizing end-to-end health checks for faster incident detection, and improving the observability of Envoy subsystems for organizational buy-in.

Open Source

I am a Reviewer for Envoy Gateway and an active contributor to Envoy Proxy. I recently co-presented on Adding Org-Specific Gateway API Extensions with Envoy Gateway at KubeCon North America 2025.

Visit github/nareddyt to view my contributions, areas of ownership, and side projects.

Prior Experience (2019 - 2024)

Previously, I was a Software Engineer on Google Cloud's Service Infrastructure data plane. I served as a core contributor for Cloud Endpoints and API Gateway, focusing on:

  • Cloud Native L7 API features (Admission control, declarative policy enforcement)
  • Observability: metrics, logging, tracing, profiling
  • Protocol buffers: wire serialization, reflection, and sanitization
  • gRPC-JSON transcoding
  • JWT authentication
  • Fuzz testing (check out my conference talks!)

My work at Google also supported the transition to hybrid and sovereign clouds via Anthos Service Mesh and Google Distributed Cloud.

Based out of Austin TX and work 100% remotely today. I also serve as the President of my Condo Association.