diff --git a/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params.go b/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params.go
index 2f9a9425f60d9..d69d7b1905225 100644
--- a/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params.go
+++ b/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params.go
@@ -59,8 +59,6 @@ func (s *Server) GetEnvoyBootstrapParams(ctx context.Context, req *pbdataplane.G
 			Tenancy: &pbresource.Tenancy{
 				Namespace: req.Namespace,
 				Partition: req.Partition,
-				//// commenting in for k8s acceptance tests
-				//PeerName: "local",
 			},
 			Type: catalog.WorkloadType,
 		}
diff --git a/agent/xds/delta.go b/agent/xds/delta.go
index 33fed8440108e..e303447ee5c81 100644
--- a/agent/xds/delta.go
+++ b/agent/xds/delta.go
@@ -434,8 +434,6 @@ func newResourceIDFromEnvoyNode(node *envoy_config_core_v3.Node) *pbresource.ID
 		Tenancy: &pbresource.Tenancy{
 			Namespace: entMeta.NamespaceOrDefault(),
 			Partition: entMeta.PartitionOrDefault(),
-			//// only for k8s acceptance test that explicitly sets tenancy everywhere
-			//PeerName: "local",
 		},
 		Type: mesh.ProxyStateTemplateType,
 	}
diff --git a/agent/xdsv2/listener_resources.go b/agent/xdsv2/listener_resources.go
index 2197185717f8a..2ea703c6994da 100644
--- a/agent/xdsv2/listener_resources.go
+++ b/agent/xdsv2/listener_resources.go
@@ -540,10 +540,6 @@ func (pr *ProxyResources) makeEnvoyTLSParameters(defaultParams *pbproxystate.TLS
 }
 
 func (pr *ProxyResources) makeEnvoyTransportSocket(ts *pbproxystate.TransportSocket) (*envoy_core_v3.TransportSocket, error) {
-	// TODO(JM): did this just make tests pass.  Figure out whether proxyState.Tls will always be available.
-	//if pr.proxyState.Tls == nil {
-	//	return nil, nil
-	//}
 	if ts == nil {
 		return nil, nil
 	}
@@ -673,10 +669,6 @@ func (pr *ProxyResources) makeEnvoyTransportSocket(ts *pbproxystate.TransportSoc
 		}
 		// For outbound mesh, we need to insert the mesh identity certificate
 		// and the validation context for the mesh depending on the provided trust bundle names.
-		if pr.proxyState.Tls == nil {
-			// if tls is nil but connection tls is provided, then the proxy state is misconfigured
-			//return nil, fmt.Errorf("proxyState.Tls is required to generate router's transport socket")
-		}
 		om := ts.GetOutboundMesh()
 		leaf, ok := pr.proxyState.LeafCertificates[om.IdentityKey]
 		if !ok {
diff --git a/internal/mesh/internal/controllers/xds/controller.go b/internal/mesh/internal/controllers/xds/controller.go
index 5996facefcd2e..604181a49e188 100644
--- a/internal/mesh/internal/controllers/xds/controller.go
+++ b/internal/mesh/internal/controllers/xds/controller.go
@@ -156,6 +156,7 @@ func (r *xdsReconciler) Reconcile(ctx context.Context, rt controller.Runtime, re
 	endpointReferencesMap := proxyStateTemplate.Template.RequiredEndpoints
 	var endpointsInProxyStateTemplate []resource.ReferenceOrID
 	for xdsClusterName, endpointRef := range endpointReferencesMap {
+
 		// Step 1: Resolve the reference by looking up the ServiceEndpoints.
 		// serviceEndpoints will not be nil unless there is an error.
 		//