Istio ingress possibility for multiplatform

Hi folks!

I am facing a pretty tricky challenge and would like to know if someone has a solution to it.

We have applications deployed in many different infrastructures (on-prem, internal cloud, VM and external cloud). Some applications doesn’t use Kubernetes and runs on VMs. We would like to see if Istio can help us to first establish an entry to istio’s internal service. Then, we would like to know if we can have a custom sidecar as an ingress to apply extra validations. (ex: trafic shapping based on an API-key passed on an HTTP Header).

Our goal is to be able to use istio across all the infrastructures we use.

Thank you,