@1113 Yes you will need
VirtualServices to route to your Services within the namespace. Because of the
NetworkPolicies you will be forced to go this route (unless of course you create rules to
ALLOW ingress traffic for those specific services. But I am guessing that is not the intended model.).
@wenchenglu, @Tao_Li One of the challenges we are facing currently, that I forgot to mention, is to configure the workload
Sidecars to forcefully route all namespace-external traffic through the Egress Gateway. Is this possible using some Istio resources ? The idea is to have
DENY ALL ACLs for all egress traffic other than the necessary metrics, egress GW, istio controlplane ports.