I am building a managed Kubernetes platform and needed a control plane that is architecturally unreachable — not just firewalled. Here is how Kamaji runs customer API servers as pods inside a management cluster, and how Envoy routes traffic to them without ever terminating TLS.